Understanding the difference between the basic and webhook enabled apps
Contents
Understanding the difference between the basic and webhook-enabled apps
The Silverfish IDP works with two GitHub app modes that provide two access level options to the user.
Basic app
This basic app only has access public information about your account, such as the contents of your public repos. This provides the maximum level of security, but the downside to choosing this app is that any changes to your repos can only be detected by polling for changes. This polling occurs around once an hour.
Webhook-enabled app
Webhook-enabled App. This app requires you grant read access to your repos and pull requests. The advantage of this app is that it can use GitHub's webhook events to be notified immediately of repo changes, allowing much faster rescans. Please note that this option automatically grants access to all repos, not just public ones. GitHub does not offer access to events for public repos only. The free version of the Silverfish IDP does not make use of the ability to access your private repos. Access to private repos will be offered in the future via a paid-for license tier.
Why have both?
Simple reason: building trust. We want our users to select the level of exposure of their data that they are comfortable with. If you are happy with the delay to detecting changes to repos, the basic app offers maximum security. If you want to have your repos scanned quickly, then you have the option to grant more access. We let you make that decision.