PSA: If you are an owner of a GitHub organization, please review the GitHub Apps installed on your organization (and remove any that are no longer needed)

If you are the owner of a GitHub organization, please review the list of GitHub Apps that are installed on your organization, and remove any Apps that are no longer needed.

You can access the list of GitHub Apps by going to the following URL: https://github.com/organizations/$ORGANIZATION_NAME/settings/installations

For example, the list of GitHub Apps installed on the JuliaLang organization is accessible at the https://github.com/organizations/JuliaLang/settings/installations URL.

For example, if you spot any of the following GitHub Apps on your organization, I would recommend that you uninstall them:

Name Explanation
Julia FemtoCleaner FemtoCleaner is deprecated.
Julia TagBot The TagBot GitHub App is no longer supported. Please transition to the TagBot GitHub Action.
AppVeyor CI We recommend transitioning to GitHub Actions CI.
Travis CI No longer offers CI for open-source repos. We recommend transitioning to GitHub Actions CI.

Asking for a GitHub App to be Reinstalled

On a related note, Viral and I have been performing this review for some of the GitHub organizations in the Julia community. If you notice that a GitHub App has been uninstalled, but you actually do need to keep using that GitHub App, please post in the #community channel on the Julia Slack.

Motivation

Having unnecessary GitHub Apps installed on your organization increases the attack surface area on your organization. If there is a compromise in one of those Apps, this can lead to an attack on your organization. Just as an example:

15 Likes