Which permissions does Codacy need from my account?

Codacy cloud uses OAuth to handle logins. We support the following providers:

  • GitHub cloud
  • BitBucket cloud
  • Google

Depending on the provider (GitHub, Bitbucket, Google), we may request different permissions due to different OAuth implementations. We strive to request only the necessary permissions.



If you log in with GitHub, Codacy requires the following permissions/scopes:

  • 'user' permissions to access GitHub user info.
  • 'public_repo' permissions to set PR status on public repositories.
  • 'repo' access to access private repositories.
  • 'write: public_key' to add ssh keys to the repositories, so that Codacy can have access to the repository.
  • 'write:repo_hook' access to add post-commit hooks.
  • 'read:org': Read-only access to organization membership, organization repositories, and team membership.
  • 'admin:org_hook' to access organization hooks.


Bitbucket login

If you log in with Bitbucket, Codacy requires the following permissions/scopes

  • Read and modify your account information 
  • Read and modify your repositories' issues
  • Read your team's repository settings and read repositories contained within your team's repositories
  • Read and modify your repositories and their pull requests
  • Administer your repositories
  • Read your team membership information
  • Read and modify your repositories webhooks


Google login

If you log in with Google, Codacy requires the following permissions/scopes

  • Email permission


Have more questions? Submit a request


Article is closed for comments.