Qlty uses a GitHub App to integrate with GitHub.

Authentication

GitHub OAuth is the only supported authentication method for Qlty. As part of the User authentication flow, the following permissions are granted:

Account Permissions

PermissionAccessReason
Email addressesRead-onlySending product and account-related notifications
WatchingRead-onlyIdentifying repositories that are important to you

Permissions

When installed, the GitHub App requires the following permissions:

Repository Permissions

PermissionAccessReason
ActionsRead and writeWhen prompted, generate and validate code quality fixes
ChecksRead and writePost code quality information on pull requests
Code scanning alertsRead and writeGenerate unified code quality reports including security issues
Commit statusesRead and writePost code quality information on pull requests
ContentsRead and writeWhen prompted, push branches to open pull requests
Custom propertiesRead-onlySimplify administration by leveraging custom repository metadata
DeploymentsRead and writeTrack the quality of and optionally gate deploys
EnvironmentsRead-onlyTrack the quality of and optionally gate deploys
IssuesRead and writeWhen prompted, create issues for code quality issues
MetadataRead-onlyMandatory by GitHub
Pull RequestsRead and writeWhen prompted, open PRs to update config or improve code quality

Organization Permissions

PermissionAccessReason
MembersRead-onlyChecking permissions for authorization

Repository Access

Access can be granted either to all repositories in a workspace, or individual repositories.

By default, after authorization importing repositories as Qlty projects must be done manually. (In the future, we may provide an opt-in feature to automatically import repositories for convenience.)

Webhooks

In order to analyze new commits and keep data syncronized, Qlty subscribed to GitHub webhooks.

More information