Catana requires a few permissions on your GitHub organization and repository for its core features to work.
Granting access to a new GitHub application comes with rightful concerns.

To be fully transparent, you’ll find below a comprehensive list of permissions Catana requests and why they are needed.

Repository#Content


Read Access

This permission is likely the most sensible, therefore has a detailed blog post explaining how Catana handles your data and why this permission is needed.

TL;DR: Catana never stores any of your source code on its server. Catana retrieves its data from parsing git diffs on the fly. This permission is required for Catana to fetch those diffs.


Write Access

Catana has the ability to remove a TODO from your code if a user requests it.

This permission allows Catana to create a commit (and later on open a Pull Request using another permission). Catana will never push changes directly on your main branch.

Repository#Administration


Read Access

This permission allows Catana to check if a user is a collaborator of your repository on GitHub and reflect the authorization to access the Catana dashboard.

Repository#CI Checks


Write Access

When a user opens a Pull Request with TODOs, Catana will create a GitHub Check to provide visual feedback (successful if TODOs pass validations , failure otherwise).

Repository#Issue


Read Access

Catana can expire your TODO when a GitHub issue is closed. This permission grants us access to receive a GitHub webhook when Issues in your repository get closed.


Write Access

GitHub issues are the main medium for notifying users when their TODOs become addressable. Catana uses this permission to create a GitHub Issue or write a comment on an already opened Issue.

Repository#Pull Requests


Read Access

Similar to the Repository Issue#read permission. Catana can expire your TODO when a GitHub PR is closed. This permission grants us access to receive a GitHub webhook when a PR in your repository gets closed.


Write Access

This permission is used altogether with the Content#write one. Catana uses this permission to open a Pull Request when a user requests to remove a TODO from the repository.

Organization#Members


Read Access

This permission is requested when you install Catana on a GitHub organization account. It allows Catana to check if a user is a member of the organization on GitHub and reflect the authorization to access the Catana dashboard.