Link service provider unsafe

earonesty · January 6, 2020, 4:30pm

Unclear what “Link service provider” is for, but certain it is unsafe

See here:

https://docs.codecov.io/docs/link-service-provider

I did get that the correct settings for gitlab.com are:

+gitlab:

client_id: xxxx
client_secret: xxx

However, it’s also clear that this is unsafe. Why would codecov require uploading app sercrets to repositories (private or otherwise). I’d be happy to paste these in at codecov.io somewhere instead!

drazisil · January 6, 2020, 4:53pm

Hi @earonesty

These settings for for Codecov Enterprise, in which case the config is only visible to you and not Codecov. If you are using that version and have concerns, please open a ticket. Otherwise, if you are trying to use these settings to sovle a problem, please let me know so we can assist.

Topic		Replies	Views
There was a problem getting repo contents from your provider (gitlab integration broken) Support	1	163	August 16, 2023
Team Bot is missing (Gitlab) Support	2	112	November 16, 2022
Cannot use codecov with private repositories - both github action and "setup repo" fails Support golang , github	5	185	March 28, 2023
GitLab private repo images 401 Bug Fixes	1	303	October 14, 2020
GitHub API: Forbidden for public repo Bug Fixes github	4	411	October 26, 2020

Link service provider unsafe

Unclear what “Link service provider” is for, but certain it is unsafe

Related Topics