repod Trust Pack
A concise summary for buyers reviewing repod before a pilot.
What repod Does
repod helps teams review and manage GitHub repository access using organization metadata, repository metadata, teams, members, and repo-team permission state.
What repod Does Not Do In Normal Operation
- Does not clone repositories.
- Does not process source code contents.
- Does not require write permissions for the public access health check or audit/read mode.
GitHub Permission Modes
repod supports two connection models: fine-grained GitHub PAT auth and GitHub App beta. For PAT auth, submitted tokens must begin with github_pat_. GitHub App beta uses encrypted app credentials and short-lived installation tokens.
- Audit/read mode: read-oriented access for org settings, repository metadata, members, teams, and repo-team permission state.
- Write mode: additional permissions only when repod applies repo-team permission changes, repository metadata changes, repository renames, or team-management actions.
Security Controls
- Fine-grained GitHub PATs only for PAT-auth submitted tokens.
- PATs and GitHub App private keys encrypted at rest and never logged in plaintext.
- GitHub App beta mints short-lived installation tokens when calling GitHub APIs.
- Account-scoped data model and role-based access controls.
- Audit logs for org lifecycle, token rotation, sync, account, and access-change events.
Vendor Review Links
Compliance Status
repod does not currently hold SOC 2, ISO 27001, or Cyber Essentials accreditation. Formal external attestation is deferred until buyer demand justifies the cost.