Reddit startup idea
Repo Permission Firewall
A SaaS that continuously inventories GitHub OAuth tokens and GitHub App installations, flags over-privileged or “zombie” integrations, and enforces time-bound access. It provides policy-based controls (e.g., no third-party app may retain write access after billing cancellation, or outside business hours) and creates an auditable trail for security reviews.
- Subreddit: webdev
- Industry: Web & Frontend Development
- Target date: 2026-03-30
- Upvotes: 194
- Comments: 54
Suggested product
Repo Permission Firewall
A SaaS that continuously inventories GitHub OAuth tokens and GitHub App installations, flags over-privileged or “zombie” integrations, and enforces time-bound access. It provides policy-based controls (e.g., no third-party app may retain write access after billing cancellation, or outside business hours) and creates an auditable trail for security reviews.
Target customer
Engineering managers, security leads, and DevOps owners at SMB–midmarket software companies using GitHub with multiple third-party developer tools installed (CI/CD, codegen, IDE agents, analytics).
Problem-solution fit
The post shows a business-critical failure mode: canceled vendors still retain push access and can change private repos without immediate detection, risking broken production deploys. A permission firewall with continuous monitoring + automated revocation closes the gap between billing/tool offboarding and GitHub authorization state, reducing incident likelihood and blast radius.
Keywords
- GitHub App permissions
- least-privilege
- repo security
- access governance
- DevSecOps