"Unauthorized" and "GitHub API: Forbidden " for a public (open source) GitHub project


Non-logged in users cannot view codecov results for an open source project hosted on GitHub. E.g. this file report shows “GitHub API: Forbidden”. And this PR report shows “Unauthorized”.

Here are two screenshots made using the two example URLs. For the first one, it is extra confusing because there is no hint that logging in might help.

Commit SHAs

The issue is not specific to a SHA or PR, it affects basically everything other than the front page of our



CI/CD or Build URL

GitHub Actions


We use the bash uploader.

Codecov Output

Doesn’t seem relevant, let me know if you need it anyway.

Expected Results

The report should be shown. If that’s not possible, a clearer hint that one needs to login.

Actual Results

I get an error message about the data not existing / not being accessible. See screenshots.

Additional Information

None at this time.