AWS Security ChangesHomeSearch

AWS devopsagent documentation change

Service: devopsagent · 2026-04-25 · Documentation low

File: devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-github.md

Summary

Added section about GitHub App permission updates and updated GitHub app permission description

Security assessment

Added documentation about GitHub App permission update process, which helps users understand security implications of permission changes. Updated description from 'read-only access' to more nuanced permission review process. This improves security transparency but doesn't address a specific vulnerability.

Diff

diff --git a/devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-github.md b/devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-github.md
index 14ed394ab..6048976b1 100644
--- a//devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-github.md
+++ b//devopsagent/latest/userguide/connecting-to-cicd-pipelines-connecting-github.md
@@ -7 +7 @@
-PrerequisitesRegistering GitHub (account-level)Connecting repositories to an Agent SpaceUnderstanding the GitHub appManaging GitHub connections
+PrerequisitesRegistering GitHub (account-level)Connecting repositories to an Agent SpaceUnderstanding the GitHub appGitHub App permission updatesManaging GitHub connections
@@ -149 +149 @@ The AWS DevOps Agent GitHub app:
-  * Requests read-only access to your repositories
+  * Requests access to your repositories — you can review the specific permissions during GitHub App installation
@@ -161,0 +162,19 @@ For GitHub Enterprise Server, the GitHub App is automatically created on your in
+## GitHub App permission updates
+
+AWS DevOps Agent may request permission updates after you install the GitHub App to support new features. When this happens:
+
+  1. You will receive a notification from GitHub regarding the permission update request.
+
+  2. Review the update details to understand what new permissions are being requested.
+
+  3. Accept the request to grant the updated permissions.
+
+
+
+
+No changes are required in your service or application. Once you accept the updated permissions, the next installation access token that AWS DevOps Agent requests from GitHub will automatically include the new permissions.
+
+###### Note
+
+ __Until you accept a permission update, AWS DevOps Agent continues to operate with the previously granted permissions. New capabilities that depend on the updated permissions will not be available until you approve the request.
+