1. Create a separate organization

Our strong recommendation is to create a separate GitHub organization that you connect to Reviewly.

If your organization is “Acme”, you could create a new organization like “Acme HR” or “Acme Hiring” and connect it to Reviewly instead.

There are a few reasons behind this:

• We’re going to create many repositories: one for each candidate and one for reviewers, having a separate organization won’t clutter your working organization with too many repositories
• Each candidate will be invited to their own repository as external collaborators. If you’re currently on a paid plan on GitHub, you’ll be charged for those candidates for the time they take to submit their work. By creating a separate organization, you can keep it on the free plan and not getting charged for them
• By setting a separate organization, you can set a different and stricter access to repositories. This will allow you to disable access to repositories unless invited and reduce the reviewer’s ability to check out who is the real candidate before they submit their reviews

2. Reduce bias during reviews

We do our best to hide who the candidate is to the reviewer until they have submitted their review.

To avoid them accessing the original candidate repository, consider setting stricter organization permissions to access the repositories on GitHub (i.e. “No permissions”). Consider having a separate organization for Reviewly, like suggested above.

3. Permissions that we require

We have security at the top of our mind: we encrypt all personal data, require only permissions that we need, and use expiring tokens to access your organization.

Sometimes, company policies won’t allow admin access to external apps (we need it to invite candidates and reviewers as external collaborators to repositories), so having a separate organization might make it easier to start using Reviewly.

These are the permissions we need and why:

• Administration: We need this to create repositories and invite candidates and reviewers to them
• Contents: We replicate your take-home project to a brand new repository for candidates and reviewers, and we need to create commits in them
• Issues: We not only replicate the code, but we also replicate any issue the repositories contain
• Pull requests: Similar to issues, we also replicate pull requests
• Workflows: GitHub requires this permission in case the repository contains any workflow file

Questions?

Reach out to us at [email protected], we’re always happy to help and answer any questions you might have.