top | item 11287963

(no title)

We totally understand your concerns and we take security very seriously. In order to manage GitHub issues, GitHub currently requires the repo scope. If there was a more restrictive scope just for GitHub Issues, Zube would use that one instead, but there isn't. Zube requires the same permissions as many other applications, the same permissions as Slack, for example.

On our side, Zube only accesses data related to your GitHub issues and never touches your code at all. All of the calls Zube makes to the GitHub API are whitelisted (on our end) to ensure that Zube only accesses the data it needs. For extra security, we also encrypt your auth token before storing it. It’s also important to note that your auth token is specific to Zube and at any time you can revoke your token on GItHub.

discuss

x0ner|10 years ago

All that makes sense, thanks for the details.

x0ner|10 years ago

[deleted]