versioneye / versioneye / issues / #366 - Promiscuous permissions asked when connecting to Bitbucket — Bitbucket

Issue #366 new

Per Wiklander created an issue 2017-03-20

As a new user I have a hard time believing you need all these permissions to ALL my repositories and teams. Is it Bitbucket that does not support fine grained permission grants or is it Versioneye that requests more than is needed? See the attached image for my experience.

Screenshot 2017-03-20 12.58.31.png

Comments (2)

Robert Reiz
Hi @perwiklander. Might be that Bitbucket offers more scopes now then 3 years ago :) However VersionEye is completely open source. You find the code here: https://github.com/versioneye and can verify that we don't do anything shady. We do not even fork or copy your code. VersionEye is just looking for supported files which it can parse and monitor. Files like Gemfile, package.json and so on.
- 2017-03-20T13:56:18+00:00
Per Wiklander reporter
Thanks for the reply. I do believe you are not up to anything evil. But if possible it would be good to trim the scope down. I can think of more than one organisation where VersionEye would be a non starter because of these permissions.

The minimum permissions should be something like listing repos and then get read access to the repos I choose to add to a VersionEye project. Plus access to pull requests if you report CI status on those.
- 2017-03-20T14:02:04+00:00
Log in to comment

Assignee: –

Type: proposal

Priority: major

Status: new

Component: VersionEye-WWW

Milestone: –

Votes: 1

Watchers: 3

Jira: the preferred issue tracker for Bitbucket. Join the team!