GitHub Cloud API endpoints
Overview
Glean uses GitHub's standard REST API to crawl your GitHub Cloud organization, plus the git protocol to clone repository contents. All GitHub App permissions are fixed and read-only: organization admins cannot change them.
GitHub App permissions
The Glean GitHub App requests the following read-only permissions. They are set when the App is installed and cannot be scoped down or expanded per organization. Permissions are grouped by the level they apply to.
- Repository
- Organization
- User
| Permission | Access | What it covers |
|---|---|---|
| Administration | Read-only | Repository settings and metadata |
| Contents | Read-only | Code, files, commits, and READMEs |
| Commit statuses | Read-only | Commit status checks |
| Issues | Read-only | Issues and issue comments |
| Metadata | Read-only | Basic repository information (always required) |
| Pull requests | Read-only | Pull requests, reviews, comments, and diffs |
| Pages | Read-only | GitHub Pages content for legacy gh-pages sites |
| Permission | Access | What it covers |
|---|---|---|
| Members | Read-only | Organization members and teams, for permission resolution |
| Permission | Access | What it covers |
|---|---|---|
| Email addresses | Read-only | The user's GitHub email, granted through per-user OAuth so identity can be matched |
API endpoints
Git protocol endpoints
In addition to the REST API, the connector uses the git protocol to read repository contents. These endpoints are prefixed by the configured git domain:
GET /<repository-name>.git/info/refs?service=git-upload-pack
POST /<repository-name>.git/git-upload-pack