← Back to changelog

Working with GitHub's 3rd-Party App Restrictions

GitHub has recently released a new feature called third-party application restrictions. While you can read all about it via GitHub’s blog, the basic idea is that organizations can now create a whitelist of approved applications, giving them tighter control around which third-parties can access their data.

Code Climate works great with this new GitHub feature. If you choose to enable third-party application restrictions, you’ll want to whitelist us so that we can continue to access your data.

Third-Party Application Restrictions

It’s important to note that enabling this feature in GitHub automatically disables all SSH keys that were created before February 2014. As a result, today we’ll be automatically replacing our older SSH keys for any GitHub-hosted repositories added to Code Climate. For each repository, we’ll remove our old key and add a new one. If this affects you, admins in your GitHub organization/account will receive emails from GitHub, letting them know that a new key was added.

In some cases, it won’t be possible for us to automatically replace the key. For example, if no members of your Code Climate organization are GitHub-linked, we won’t have sufficient permissions to swap in a new key. In this situation, Code Climate will only lose access to your repository if you added it before February 2014 and you also enable third-party application restrictions in GitHub. Not to worry though, we’ll email you if we can no longer analyze your project, with instructions on how to fix the problem.

If you have any questions about this change, or if any issues pop up, we’re always here to help.

Actionable metrics for engineering leaders. Try Velocity Free