Once a GitHub repo crosses a few hundred stars and dozens of contributors, it’s hard to know each contributor and what kind of access they need to the project.
The larger the community, the bigger the problems:
For external and one-time contributors, they can open pull requests from their own branch and use the Contributor License Agreement Assistant to take care of any legal requirements.
What about contributors working on this full-time? Should they have Write or Admin permissions on the repo so they can make fixes without getting blocked? What about branch protection rules?
Admin permission, they can:
From a security best practices standpoint, contributors should only get permissions for the period of time they actively need them.
When access is handled in this least-privilege model, it protects the project from being compromised by malicious actors and also from unintentional updates. Project leads are busy though. They don’t have time to manually update contributor permissions all the time.
Today we’re excited to announce Indent’s native GitHub integration for managing on-demand codebase permissions using GitHub Teams.
Using Indent for GitHub, you can:
This allows every project to increase their security by:
Indent’s free tier makes it easy for open-source projects and teams to secure their codebase. Here's what an access request looks like:
Engie Engineer is a (hypothetical) member of the Next.js team and needs to approve a PR that’s currently blocked by a branch protection rule tripping over a known-to-be flaky test.
They open Slack and enter
/access and request membership of the
@vercel/nextjs-bypass team, citing the PR they are going to review as the reason and requesting access for the next hour.
Engie’s request gets routed according to the project’s policies to Tim, the project lead. Tim is on a train with a spotty connection when they receive the Slack notification from Indent.
Thankfully, Tim can approve and grant access directly from the notification in Slack from his phone. Engie is notified and able to bypass the branch protection rule for the next hour.
At the one hour mark, Indent automatically removes Engie from the GitHub team. All the access and approval events get logged in a queryable way for security and compliance to review later.
Ready to start granting access like the Next.js project? Here’s what you’ll need to do to get on-demand access set-up.
Indent can also help manage access to your production infrastructure like AWS, GCP, or Azure. Many teams also choose to set up on-call auto approvals with our PagerDuty, Opsgenie, and Incident.io integrations.
Want to see a demo first or have a guided onboarding? Our team is happy to help and you can sign up for a demo.
How long does this take to set up?
Less than 10 minutes.
Who can set this up and what are the prerequisites?
You must have admin level permissions for both your organization’s GitHub and Slack accounts.
What if we don't use GitHub Teams for access today? Is there another way to use Indent?
While we generally recommend using role-based access control (like GitHub Teams), Indent for GitHub will soon let you request and grant access to specific repositories. Sign up to be notified when that’s released, by filling out this form.
Starting Granting On-Demand GitHub Access
Indent allows you to grant temporary, right sized contributor access using GitHub teams, without slowing your project down.
It’s free and fast to get started!
Want to learn more? Check out the Indent docs →
Need additional help? Talk to our team →