Introducing GitHub Apps for improved user access control

We are very excited to announce our recent migration to GitHub Apps to improve the experience of GitHub Cloud users. Now, you have better control over the level of access granted to Codacy to your GitHub organizations and repositories. The migration also provides a set-up to add additional functionalities, available exclusively to GitHub Apps users, to Codacy in the future.

GitHub Apps Vs. OAuth Apps integration

GitHub officially recognizes GitHub Apps as the preferred way of building products that work with its repositories. It offers many advantages over pure OAuth-based sign-in, previously used by Codacy. 

OAuth-Based integration

With OAuth-based integration, you must grant Codacy access to everything in your GitHub account. It lacks the ability to exclude Codacy from repositories or organizations that you do not want to use (or would not use) with Codacy’s static analysis tool. 

GitHub Apps integration

However, with GitHub Apps’ targeted permissions, you may allow access to only what is needed, rather than everything your account has access to. Unlike OAuth Apps, you can choose to grant access to specific accounts, organizations and repositories. Also, you can always grant additional access to Codacy later —  it does not need to be upon initial signup. 

This new feature is particularly exciting for those who want to only grant Codacy access to specific GitHub organizations or repositories.

What does the migration mean for Codacy users?

As mentioned, users can now effectively manage Codacy’s access to organizations and repositories on their GitHub account. Upon initial use, be prepared for the following steps related to account permissions:

Initial Sign In

GitHub Cloud users are prompted to use GitHub Apps when they first authenticate with Codacy. 

Upon accessing Codacy, users undertake steps to reflect the change in permissions. These include:

1. Sign out then sign back in to Codacy 
2. Select the desired account to install Codacy
3. Adjust repositories
4. Accept permissions 

This permissions process applies to both app installation for individual Codacy accounts and admin installations for organizations.

For additional information on permissions, including details related to repositories, users, organizations and email addresses, please see our support documentation. 

Also, please note, existing integrations will continue to work for users.

Future

The Apps migration also unlocks our ability to access new APIs available almost exclusively to GitHub Apps users.

For Codacy, this includes GitHub Checks, which we are very excited to integrate. For more information on our planned implementation of Checks, please check out the feature on our product roadmap.  

References and documentation 

In addition to the support documentation above, we offer additional reference material regarding the Apps migration. This includes the announcement and troubleshooting articles from the Codacy team:

• Why can’t I see my organization: https://support.codacy.com/hc/en-us/articles/360010264500-Why-can-t-I-see-my-organization-
• Why aren’t my GitHub repositories showing? https://support.codacy.com/hc/en-us/articles/360012141819-Why-aren-t-my-GitHub-repositories-showing-

If you haven’t yet given it a try yet, sign in to Codacy and start using GitHub Cloud with new Apps integration.