OtterWise is designed to be as private as possible, while still offering the same functionality as competing products. This is why we do not ask for permission to read code by default. Our coverage uploader script is open source so you can see exactly what we send to our servers from your CI workflow.
Despite this, your organization might have reasons to want even stricter control, which is completely understandable, in fact we encourage it. Here are some of the steps that you can take with minimal effort.
Fork Coverage Uploader
Our coverage uploader is open source, and can be forked and used in place of the one found in our repository, so that you can lock it to a specific version, and review changes we make to it over time.
To do this, you can navigate to https://github.com/getOtterWise/bash-uploader and fork the repository, then in your CI workflow file replace our script with yours. The new CI step might look something like this:
- name: Upload Coverage run: bash <(curl -s https://raw.githubusercontent.com/your-org/your-otterwise-bash-uploader-fork/main/uploader.sh)
Originally suggested at https://github.com/getOtterWise/bash-uploader/issues/1.
If you decide to do this, any updates or bug fixes we make won't automatically propagate to your uploader, so you will have to keep an eye out on updates. You can take advantage of the GitHub Watch functionality. We will ensure to write descriptive commit messages.