Troubleshooting

GitHub Permissions

Troubleshooting GitHub permission issues with FlagShark.

4 min readLast updated: February 4, 2026

FlagShark requires specific GitHub permissions to function properly. This guide helps you diagnose and resolve permission-related issues.

Required Permissions

FlagShark requests these permissions during installation:

Permission	Level	Purpose
Repository contents	Read	Fetch PR diffs and file contents
Pull requests	Read & Write	Read PR data, post comments
Metadata	Read	Access repository information
Webhooks	Read & Write	Receive PR events

FlagShark follows the principle of least privilege - we only request permissions necessary for core functionality.

Common Permission Issues

Can't Install on Organization

Symptoms: Installation fails or shows "You don't have permission to install this app."

Causes:

You're not an organization owner or admin
Organization has restricted app installations
Third-party app access is disabled

Solutions:

Check your role: You need Owner or Admin role on the organization

Request installation: Non-admins can request the app be installed

Contact org admin: Ask them to approve or install FlagShark

For Organization Owners:

Go to Organization Settings > Third-party access

Ensure GitHub Apps can be installed

Check for pending installation requests

Approve FlagShark if it's pending

App Installed But No Repository Access

Symptoms: FlagShark is installed but can't see your repositories.

Causes:

App only has access to selected repositories
Your repository isn't in the selection
Repository is private and access wasn't granted

Solutions:

Go to GitHub > Settings > Applications (or Organization Settings > GitHub Apps)

Find FlagShark and click "Configure"

Under "Repository access", choose:

Save changes

Screenshot needed: GitHub Settings → GitHub App repository access

Repository access settings showing 'Only select repositories' option with repository list

Can't Post PR Comments

Symptoms: FlagShark detects flags but doesn't post comments on PRs.

Causes:

Missing "Pull requests: Write" permission
Organization policy blocking comments
Rate limiting

Check permissions:

Go to the repository > Settings > Integrations

Find FlagShark in the list

Verify it shows "Pull requests: Read and write"

If permission is missing:

Go to GitHub > Settings > Applications

Find FlagShark > Configure

Review permissions - they should include Pull requests (read & write)

If permissions have changed, you may need to re-approve

Webhooks Not Being Received

Symptoms: Nothing happens when you open or update PRs.

Causes:

Webhook not properly configured
Webhook delivery failing
Repository removed from app access

Check webhook status:

Go to Repository > Settings > Webhooks

Find the FlagShark webhook

Check "Recent Deliveries" for success/failure

Look at response codes and messages

Common webhook errors:

Error	Meaning	Solution
No webhook listed	App not installed properly	Reinstall FlagShark
401 Unauthorized	Authentication issue	Reinstall the app
403 Forbidden	Permission denied	Check app permissions
404 Not Found	Endpoint issue	Contact FlagShark support
No recent deliveries	Webhooks not triggering	Check app is still installed

Can't Read Repository Contents

Symptoms: FlagShark can't analyze PRs, shows "access denied" errors.

Causes:

Missing "Contents: Read" permission
Repository is private and not accessible
Branch protection blocking access

Solutions:

Verify FlagShark has Contents read permission
Ensure the repository is included in app access
Check if branch protection rules affect API access

Organization Policies

SAML SSO

If your organization uses SAML SSO:

Go to your personal GitHub settings > Applications

Find FlagShark

Click "Enable SSO" for your organization

Complete the SSO authentication

You may need to re-enable SSO after each GitHub session, depending on your organization's SSO settings.

Third-Party Access Restrictions

Some organizations restrict third-party app access:

Go to Organization > Settings > Third-party access

Check if third-party apps are restricted

If restricted, an admin must approve FlagShark

Look for FlagShark in pending requests

IP Allow Lists

If your organization uses IP allow lists:

FlagShark needs to be able to reach GitHub's API
Contact FlagShark support for our IP ranges if needed

Reinstalling FlagShark

If permissions are corrupted, a clean reinstall often helps:

Wait a moment: Give GitHub time to clean up

Reinstall:

Go to FlagShark dashboard
Click "Add Repository" or "Install GitHub App"
Follow the installation flow
Select repositories to grant access

Verify: Create a test PR with a flag to confirm detection works

Troubleshooting

GitHub Permissions

Troubleshooting GitHub permission issues with FlagShark.

4 min readLast updated: February 4, 2026

FlagShark requires specific GitHub permissions to function properly. This guide helps you diagnose and resolve permission-related issues.

Required Permissions

FlagShark requests these permissions during installation:

Permission	Level	Purpose
Repository contents	Read	Fetch PR diffs and file contents
Pull requests	Read & Write	Read PR data, post comments
Metadata	Read	Access repository information
Webhooks	Read & Write	Receive PR events

FlagShark follows the principle of least privilege - we only request permissions necessary for core functionality.

Common Permission Issues

Can't Install on Organization

Symptoms: Installation fails or shows "You don't have permission to install this app."

Causes:

You're not an organization owner or admin
Organization has restricted app installations
Third-party app access is disabled

Solutions:

Check your role: You need Owner or Admin role on the organization

Request installation: Non-admins can request the app be installed

Contact org admin: Ask them to approve or install FlagShark

For Organization Owners:

Go to Organization Settings > Third-party access

Ensure GitHub Apps can be installed

Check for pending installation requests

Approve FlagShark if it's pending

App Installed But No Repository Access

Symptoms: FlagShark is installed but can't see your repositories.

Causes:

App only has access to selected repositories
Your repository isn't in the selection
Repository is private and access wasn't granted

Solutions:

Go to GitHub > Settings > Applications (or Organization Settings > GitHub Apps)

Find FlagShark and click "Configure"

Under "Repository access", choose:

Save changes

Screenshot needed: GitHub Settings → GitHub App repository access

Repository access settings showing 'Only select repositories' option with repository list

Can't Post PR Comments

Symptoms: FlagShark detects flags but doesn't post comments on PRs.

Causes:

Missing "Pull requests: Write" permission
Organization policy blocking comments
Rate limiting

Check permissions:

Go to the repository > Settings > Integrations

Find FlagShark in the list

Verify it shows "Pull requests: Read and write"

If permission is missing:

Go to GitHub > Settings > Applications

Find FlagShark > Configure

Review permissions - they should include Pull requests (read & write)

If permissions have changed, you may need to re-approve

Webhooks Not Being Received

Symptoms: Nothing happens when you open or update PRs.

Causes:

Webhook not properly configured
Webhook delivery failing
Repository removed from app access

Check webhook status:

Go to Repository > Settings > Webhooks

Find the FlagShark webhook

Check "Recent Deliveries" for success/failure

Look at response codes and messages

Common webhook errors:

Error	Meaning	Solution
No webhook listed	App not installed properly	Reinstall FlagShark
401 Unauthorized	Authentication issue	Reinstall the app
403 Forbidden	Permission denied	Check app permissions
404 Not Found	Endpoint issue	Contact FlagShark support
No recent deliveries	Webhooks not triggering	Check app is still installed

Can't Read Repository Contents

Symptoms: FlagShark can't analyze PRs, shows "access denied" errors.

Causes:

Missing "Contents: Read" permission
Repository is private and not accessible
Branch protection blocking access

Solutions:

Verify FlagShark has Contents read permission
Ensure the repository is included in app access
Check if branch protection rules affect API access

Organization Policies

SAML SSO

If your organization uses SAML SSO:

Go to your personal GitHub settings > Applications

Find FlagShark

Click "Enable SSO" for your organization

Complete the SSO authentication

You may need to re-enable SSO after each GitHub session, depending on your organization's SSO settings.

Third-Party Access Restrictions

Some organizations restrict third-party app access:

Go to Organization > Settings > Third-party access

Check if third-party apps are restricted

If restricted, an admin must approve FlagShark

Look for FlagShark in pending requests

IP Allow Lists

If your organization uses IP allow lists:

FlagShark needs to be able to reach GitHub's API
Contact FlagShark support for our IP ranges if needed

Reinstalling FlagShark

If permissions are corrupted, a clean reinstall often helps:

Wait a moment: Give GitHub time to clean up

Reinstall:

Go to FlagShark dashboard
Click "Add Repository" or "Install GitHub App"
Follow the installation flow
Select repositories to grant access

Verify: Create a test PR with a flag to confirm detection works