Allow users to add bots to an allowlist to avoid being blocked as an unregistered user | Feature Requests

Allow users to add bots to an allowlist to avoid being blocked as an unregistered user

planned

Eric Larson

This feature request is to create an allowlist for users to add automated code updating tools and bot users (such as dependabot) to work while utilizing the

Prevent unregistered user spend

toggle.

Created by Ervin Grapp

December 22, 2023

Nathan Fish

marked this post as

planned

This is being actively worked on. The plan is to allow you to identify unregistered users in a list and then either invite them to your organization or convert them to a machine user with a specific role. If anyone has thoughts or feedback on this approach, please let me know.

Milind Joshi

Please get this done, thank you.

Fernando Pierce

Having an allowlist for trusted bots like dependabot would definitely help avoid unnecessary interruptions while still keeping the system secure. It’s always tricky balancing automation and security, so this seems like a smart way to manage it. Just like how in mr flip, you want the controls to respond smoothly without unnecessary blocks or delays

rizescueusebiu@gmail.com

Hello CircleCI! I think this ticket has become more important with the latest CircleCI changes of billing any "unregistered" usage. Thanks!

Aimes Dani

That would be a useful addition. An allowlist for trusted automation tools like Dependabot would let teams keep security restrictions active without blocking legitimate CI updates. Has this been proposed for the API access rules yet? @fnf game