Skip to main content
Chainloop interacts with GitHub in three different places, and each one has its own permission surface. This page is the consolidated reference.

Chainloop GitHub App

The Chainloop GitHub App is the integration installed from Integrations → Connect in the Chainloop Web UI. One installation covers every Chainloop feature that needs to talk to GitHub on your behalf — repository enrollment, AI session PR correlation, vulnerability auto-remediation, sandbox-backed agent runs, and the SCM Configuration Check. What Chainloop persists vs. what it accesses transiently. Chainloop only persists repository metadata (ID and name). Some features — auto-remediation, the Vulnerabilities Agent, and other sandbox-backed scans (SAST, secrets, vulnerability scanning) — do clone your repository, but always into an isolated sandbox using a short-lived, repo-scoped token (1 h TTL), and the source is discarded when the run ends. See Scoped vs broad installation tokens below.

Cumulative permission set

Requested by the App manifest at install time. The “Where it’s used” column points to the per-feature breakdown below for detail.
The write grants are used only to post Chainloop’s own comments, check runs, and auto-remediation PRs. Chainloop does not push to your default branch, modify code outside of remediation branches, or alter PR state authored by your team.

Subscribed webhook events

PR processing is further filtered to actions opened, synchronize, closed, labeled, and unlabeled.

Per-feature breakdown

Scoped vs broad installation tokens

Two features — sandbox source clone and SCM Configuration Check — handle credentials destined for untrusted or short-lived environments. For these, Chainloop mints a scoped installation token narrowed to a single repository, with only the permissions strictly needed for that call, and a 1-hour TTL. The broad installation token is used only for control-plane PR processing and auto-remediation PR creation, where the controlplane itself is the consumer. After the sandbox clones the repo, it rewrites the origin remote to the bare HTTPS URL so the short-lived credential never persists on disk.

GitHub Enterprise Server (GHES)

Every code path supports GitHub Enterprise Server. The App’s BaseURL and UploadURL switch to <ghes-host>/api/v3 and <ghes-host>/api/uploads, and the clone URL is built from the installation’s host field. The set of requested permissions is identical to github.com.

GitHub Actions workflow permissions

These are the permissions: blocks you add to your own workflow YAML when running Chainloop CLI steps. They are GitHub-native scopes on the workflow’s GITHUB_TOKEN — Chainloop never sees this token directly, it just relies on the OIDC token GitHub mints when id-token: write is set.

Keyless attestations

The minimum block for a workflow that runs chainloop attestation init / push against a keyless-enrolled repository:

PR-policies control gate

When attesting pull request metadata for the PR-policies control gate, add read access to repo contents and the PR API:

SLSA provenance workflows

The SLSA guide workflows use the same id-token: write plus whatever scopes your build steps need (typically contents: read, and packages: write if you’re pushing artifacts). Chainloop itself only requires id-token: write — the other scopes belong to your build, not to Chainloop.

Runner Context (GitHub App or PAT)

Runner Context is a separate, customer-operated integration: you create a GitHub App (or PAT) in your own GitHub account so the Chainloop EE CLI can read repository security configuration during a CI run. This is a different identity from the Chainloop GitHub App above — Chainloop’s servers never see this token; it stays inside your runner.
Runner Context is a Chainloop EE feature. The token is yours, lives in your CI secrets, and is consumed by chainloop gather-runner-context inside the workflow run.
Permissions to configure when registering the app: Additional setup: uncheck Expire user authorization tokens and Webhook active when creating the app. Full step-by-step is in the Runner Context reference.

Alternative: Personal Access Token

If you can’t use a custom app, a fine-grained PAT works for non-enterprise accounts: Enterprise GitHub accounts must use a Classic PAT with the additional read:enterprise scope — fine-grained tokens do not support enterprise-level API endpoints.

Quick summary by product feature

If you’re trying to figure out which permissions a specific Chainloop feature pulls in: