Docs

GitHub Permissions

SecOpsium should only scan repositories the user owns or is explicitly authorized to assess. The GitHub workflow is designed around scoped repository access instead of shared personal tokens.

Authorization model

SecOpsium connects to GitHub through an authorized GitHub workflow. Users choose the repository scope they want SecOpsium to access.

For private repositories, access depends on the permissions granted through that GitHub authorization. SecOpsium should not be used to scan anything outside that authorized scope.

Why scoped access matters

Scoped access reduces unnecessary exposure. The product does not need a user's personal access token pasted into the dashboard to run normal GitHub-backed scans.

This also gives teams a familiar revocation path through GitHub if they want to remove access.

  • Authorize only the repositories that should be scanned.
  • Disconnect or revoke access when it is no longer needed.
  • Keep repository ownership and assessment authorization clear.

CLI transparency

The open-source CLI gives technical users a way to inspect local scanning behavior separately from the SaaS.

The CLI is useful, but the SaaS is still valuable because it adds hosted execution, team visibility, reports, and scan history.

Frequently Asked Questions

Does SecOpsium ask for a GitHub personal access token?

SecOpsium is designed around an authorized GitHub workflow rather than asking users to paste a personal access token into the product.

Can users control which repositories are connected?

Yes. Repository visibility depends on the scope authorized through GitHub. Teams should grant access only to repositories they want SecOpsium to assess.

Can GitHub access be revoked?

Yes. Users can revoke or disconnect the GitHub authorization when they no longer want SecOpsium to access the selected repositories.

Related Documentation