GitHub Permissions

Exactly what Cygent's GitHub App can and cannot do in your repositories.

Cygent uses a GitHub App installation to access your repositories. Here's exactly what it can and cannot do.

What Cygent can do

• Read repository contents — Clone and read code from any repo you've granted access to.
• Open pull requests — Create PRs from new branches with code changes. PRs are always opened for your review — Cygent never merges on its own.
• Post PR review comments — Add inline security findings as review comments on pull requests.
• Create and close issues — Open issues for findings and close them when resolved.
• Push to feature branches — Commit code changes to dedicated branches created for each task.

What Cygent cannot do

• Push directly to protected branches — Cygent will never push to main, master, dev, or any branch with protection rules. All changes go through PRs.
• Merge pull requests — Merging is always a manual action by your team. Cygent only opens the PR.
• Modify repository settings — Cygent has no access to branch protection rules, webhooks, secrets, or repo configuration.
• Access repos you haven't granted — Only repositories explicitly selected during setup are accessible.
• Delete branches or tags — Cygent only creates branches, never removes them.