We use GitHub to calculate the metrics of the Technical Axis, from the backend of Axify. We calculate these metrics from the metadata on the Pull Requests, their history and their comments. This calculation is done synchronously with each request that requires the Technical Axis.
Structure and data exchange
Once you link your Axify project to one or more GitHub repositories, we start the synchronization process. In this synchronization, we will retrieve all the metadata of the Pull Requests (dates and ID). The only qualitative data retrieved is the name of the Pull Request and the name and avatar of the participants.
What access rights are required for GitHub integration?
Access rights are controlled by the requester (you). The required permission is "read access to issues, metadata, and pull requests". As for the files during code reviews, we can see the number of files modified, their metadata, but we do not have access to their content. This data is then used to feed your Axify account (Process Axis graphs and Daily Digest data).
Do you have access to our code on GitHub?
No, we don't. Our analysis and calculations use only the metadata of Pull Requests. You have complete control over the permission you grant us at all times, respecting the minimum permission required for GitHub apps.
What authentication data is maintained as a result of the various integrations?
We use GitHub App, which is authenticated by a private key generated from GitHub. This key is stored and encrypted in the production AWS account and accessible only from the app. After giving access to our application, we use this key to generate temporary credentials allowing us to access your GitHub repository or organization (depending on the given scope). Permissions are managed directly from GitHub and can be revoked at any time.