What data do we access?
GitHub integration
The GitHub integration is implemented as a Marketplace App. You can configure which repositories it has access to.
In the selected repositories, the app can access:
-
checks (read-only)
-
Git contents (read-only)
-
deployments (read-only)
-
issues (read-only)
-
repository metadata (read-only)
-
projects (read-only)
-
commit statuses (read-only)
-
pull requests (read-write) – currently to be able to comment pull requests
In the organizational level the app has read-only access to organization members, teams, and blocked users.
From each authenticated user, the app gets read-only access to their email.
We subscribe to webhooks related to most of these same events.
We request a permission to access source code, but we never store it. For each commit, we store the size of the change per file. This allows us to estimate the complexity of the change, and also to ignore changes to automatically generated files (such as package-lock.json or Gemfile.lock). The source code is processed in an isolated codebase.
Jira integration
The Jira integration is implemented as an Atlassian Connect application. The scope of the integration is:
-
Read (issues, comments and projects)
-
Write (but not delete) – used for creating webhooks
-
Read user names and emails
Linear integration
For the Linear integration we request the following data access scope:
-
User emails and names
-
Teams
-
Projects
-
Issues
-
Comments
Slack integration
The Slack integration is implemented as a Slack marketplace application. The scope we request is:
-
channels:join – join public channels
-
channels:read – view basic information about public channels
-
chat:write – send messages as @swarmia
-
groups:read – view basic information about private channels that @swarmia has been added to
-
incoming-webhook – post messages to specific channels on Slack
-
users:read – view people in a workspace
-
users:read.email – view email addresses of people in a workspace
On behalf of individual users who connect Slack notifications, we request an identity.basic permission.