Chainloop GitHub App
The Chainloop GitHub App is the integration installed from Integrations → Connect in the Chainloop Web UI. One installation covers every Chainloop feature that needs to talk to GitHub on your behalf — repository enrollment, AI session PR correlation, vulnerability auto-remediation, sandbox-backed agent runs, and the SCM Configuration Check. What Chainloop persists vs. what it accesses transiently. Chainloop only persists repository metadata (ID and name). Some features — auto-remediation, the Vulnerabilities Agent, and other sandbox-backed scans (SAST, secrets, vulnerability scanning) — do clone your repository, but always into an isolated sandbox using a short-lived, repo-scoped token (1 h TTL), and the source is discarded when the run ends. See Scoped vs broad installation tokens below.Cumulative permission set
Requested by the App manifest at install time. The “Where it’s used” column points to the per-feature breakdown below for detail.The write grants are used only to post Chainloop’s own comments, check runs, and auto-remediation PRs. Chainloop does not push to your default branch, modify code outside of remediation branches, or alter PR state authored by your team.
Subscribed webhook events
PR processing is further filtered to actions
opened, synchronize, closed, labeled, and unlabeled.
Per-feature breakdown
Scoped vs broad installation tokens
Two features — sandbox source clone and SCM Configuration Check — handle credentials destined for untrusted or short-lived environments. For these, Chainloop mints a scoped installation token narrowed to a single repository, with only the permissions strictly needed for that call, and a 1-hour TTL. The broad installation token is used only for control-plane PR processing and auto-remediation PR creation, where the controlplane itself is the consumer. After the sandbox clones the repo, it rewrites theorigin remote to the bare HTTPS URL so the short-lived credential never persists on disk.
GitHub Enterprise Server (GHES)
Every code path supports GitHub Enterprise Server. The App’sBaseURL and UploadURL switch to <ghes-host>/api/v3 and <ghes-host>/api/uploads, and the clone URL is built from the installation’s host field. The set of requested permissions is identical to github.com.
GitHub Actions workflow permissions
These are thepermissions: blocks you add to your own workflow YAML when running Chainloop CLI steps. They are GitHub-native scopes on the workflow’s GITHUB_TOKEN — Chainloop never sees this token directly, it just relies on the OIDC token GitHub mints when id-token: write is set.
Keyless attestations
The minimum block for a workflow that runschainloop attestation init / push against a keyless-enrolled repository:
PR-policies control gate
When attesting pull request metadata for the PR-policies control gate, add read access to repo contents and the PR API:SLSA provenance workflows
The SLSA guide workflows use the sameid-token: write plus whatever scopes your build steps need (typically contents: read, and packages: write if you’re pushing artifacts). Chainloop itself only requires id-token: write — the other scopes belong to your build, not to Chainloop.
Runner Context (GitHub App or PAT)
Runner Context is a separate, customer-operated integration: you create a GitHub App (or PAT) in your own GitHub account so the Chainloop EE CLI can read repository security configuration during a CI run. This is a different identity from the Chainloop GitHub App above — Chainloop’s servers never see this token; it stays inside your runner.Runner Context is a Chainloop EE feature. The token is yours, lives in your CI secrets, and is consumed by
chainloop gather-runner-context inside the workflow run.Recommended: Custom GitHub App
Permissions to configure when registering the app:
Additional setup: uncheck Expire user authorization tokens and Webhook active when creating the app. Full step-by-step is in the Runner Context reference.
Alternative: Personal Access Token
If you can’t use a custom app, a fine-grained PAT works for non-enterprise accounts:
Enterprise GitHub accounts must use a Classic PAT with the additional
read:enterprise scope — fine-grained tokens do not support enterprise-level API endpoints.
Quick summary by product feature
If you’re trying to figure out which permissions a specific Chainloop feature pulls in:Related Resources
- Chainloop Trace guide — full setup walkthrough and PR correlation behavior
- Keyless attestations in GitHub — OIDC-based authentication from GitHub Actions
- PR-policies control gate — enforce PR quality with Chainloop policies
- CI/CD Runner Context — repository security configuration gathering
