[yefim]

Please include a checkbox to exclude private repos. I have a lot of private work that I just can't let anyone see. Thank you!

[biggestlou]

Important note: these reports are accessible only by you, the user. They are not publicly available.

[nothrabannosir]

> these reports are accessible only by you

And by you, githubreportcard, and by all of your devs, etc, etc. I'm no lawyer, but I have a feeling this is what some of those NDAs were talking about.

[Spivak]

Sure, but GitHub and all their devs have access to your private repos too. If that doesn't violate the NDA I'm not sure why GHRC would violate it either unless they've been grated special exception.

[eridius]

The company put the code on GitHub, and the company has the rights to do so. The developer who signed the NDA doesn't have the rights to do that. And if the code was actually stored elsewhere and the developer decided to create their own private repo and upload the code there, that would be a violation of the NDA.

[treve]

Putting NDA'd code on github without permission would certainly violate it.

[minimaxir]

"Any third-party access" is often an NDA-violating action.

[throwanem]

But I still have to trust you with access to my private repos - read-write access, yet. I'm sure you're an entirely upstanding human being who would never abuse such access, but I don't know you from Adam's off ox, too.

[biggestlou]

Unfortunately, GitHub does not provide read-only access to repos, be they public or private: https://developer.github.com/v3/oauth/#scopes.

If you've used Apiary, TravisCI, or a plethora of other third-party GitHub apps that access repos, then you have granted read/write access. We would love to see a read-only option but were bound by this limitation.

[jkrems]

Read access to public repos just doesn't have to be granted - period. That's why there's no scope for it. The tool could just have excluded private repos.