Permissions
Understand the two-role permission model in DryRun Security and how SCM platform roles map to Admin and Developer access.
Overview
DryRun Security uses your SCM platform (GitHub or GitLab) for authentication. Because DryRun already knows your SCM role at login, it maps that role directly to a DryRun permission level with no additional setup required.
DryRun uses a two-role model: Admin and Developer. To give a user more access, you can either elevate their permissions in the SCM, or request an Admin Override (see the Admin Override section below).
Permissions Matrix
Note: Developers can only view findings, repositories, and pull requests for repositories they have membership access to in GitHub or GitLab. All other access listed below applies to the full platform.
| Feature | Admin | Developer | Details |
|---|---|---|---|
| Install | ✓ | ✗ | Install DryRun Security on GitHub or GitLab organizations and repositories. |
| Risk Register | ✓ | ✓ | Central view of security findings across repositories, organized by severity and status. Developers see findings only for repos they have membership access to. |
| Repositories | ✓ | ✓ | View repositories connected to DryRun Security and their scan status. Developers see only repos they have membership access to. |
| Pull Requests | ✓ | ✓ | View pull requests and their associated security findings. Developers see only PRs for repos they have membership access to. |
| Dismiss Findings | ✓ | ✓ | Dismiss a finding from the DryRun dashboard or directly from the SCM PR comment. |
| DeepScan: View | ✓ | ✓ | View DeepScan runs, reports, and findings for repositories. |
| DeepScan: Trigger | ✓ | ✗ | Initiate a new DeepScan run on a repository on demand. |
| Code Policies: View | ✓ | ✓ | View existing custom code policies configured for the account. |
| Code Policies: Configure | ✓ | ✗ | Create, edit, and manage custom code policies used during scanning. |
| Insights & AI Assistant | ✓ | ✗ | AI-powered security insights and a chat assistant for querying findings and trends. |
| Daily Digest | ✓ | ✗ | Automated daily summary of new findings, trends, and security posture changes. |
| Configurations: View | ✓ | ✓ | View PR scanner behavior, blocking rules, and policy enforcement settings. |
| Configurations: Edit | ✓ | ✗ | Edit PR scanner behavior, blocking rules, and policy enforcement settings. |
| Integrations: View | ✓ | ✓ | View connected integrations including Slack, webhooks, and AI coding integrations (MCP/IDE). |
| Integrations: Configure | ✓ | ✗ | Set up and manage Slack, webhook, and AI coding integrations (MCP/IDE). |
| Access Keys | ✓ | ✗ | Generate and manage API access keys for programmatic access to DryRun Security. |
| Install / Uninstall Repos | ✓ | ✗ | Add or remove repositories from DryRun Security scanning. |
SCM Role Mapping
DryRun Security automatically maps SCM roles to DryRun roles at login. No manual configuration is required.
| SCM Platform | SCM Role | DryRun Role |
|---|---|---|
| GitHub | Admin | Admin |
| GitHub | Member | Developer |
| GitLab | Owner | Admin |
| GitLab | Maintainer | Admin |
| GitLab | Developer | Developer |
Admin Override
An account administrator can request that a developer be promoted to Admin within the platform. This setting is not self-serve and is managed by our team. The override applies only within DryRun Security and does not change the user's role in GitHub or GitLab. To request an override, contact us at hi@dryrun.security.