(no title)
creichert | 8 years ago
GitHub Apps are per-repository "integrations" that don't perform actions on behalf of a specific user and are installed directly to a repo (with fine-grained permissions).
OAuth Apps are the classic "integrations" installed by a specific user and perform actions on behalf of that user.
I imagine they have lower requirements because they are new, more specialized, and likely to be installed a little less.
mrclark411|8 years ago
I also see that the security requirements are quite high. While its difficult to argue with source code security - here are some of the security requirements:
The standard annual risk assessment shall include, to the best of Developer's ability, the following:
(i) SOC 1 and/or SOC 2 audit report; (ii) 3rd party proof of PCI compliance (a certificate showing Developer's handling of credit card payments is compliant); (iii) Privacy Shield Attestation; (iv) ISO Certification or Cloud Security Alliance Self-Assessment; (v) Cloud Security Self Assessment; (vi) any information on subcontractor or vendor production datacenter(s), IaaS, PaaS, or private hosting providers, as required by GitHub based on data and services rendered; and (vii) Written responses and evidence of specific security requirements as outlined in this agreement
https://help.github.com/articles/github-marketplace-develope...
The GitHub Marketplace will be an exclusive place for a while with those requirements.