Personal and team organizations
Every account has a personal organization, created automatically — if you’ve used Pipefort before organizations existed, all your data was migrated into it and nothing changed. To collaborate, create a team organization from the organization switcher in the header (the building icon), then invite teammates. The switcher also selects which organization the whole app operates on — dashboard, repos, Attacker Mind, rule settings, all of it follows the active organization.Roles
| Role | Can |
|---|---|
| member | Everything day-to-day: connect installations, scan, monitor, triage, change rule settings, open fix PRs, view members. |
| admin | All of the above, plus: invite/remove members, change roles, revoke invites, rename the organization. |
Inviting teammates
- Open Settings with the team organization active.
- In the Organization card, enter the teammate’s email and a role, and click Invite.
- No email is sent (v1). When someone signs in to Pipefort with that email address, a banner on the Settings page shows the pending invite with an Accept button. Tell them out-of-band.
Leaving
Members can leave a team organization from the Settings page. You can never leave your personal organization — it’s where your account’s own data lives.How access works
- One organization = one tenant: each org has its own copy of a repository (its own scans, findings, triage). Two organizations that install the same GitHub App installation scan independently.
- Monitored repos: a push triggers one scan per organization monitoring the repo, and notifications go to every member of that organization who has them configured.
- Provider credentials follow whoever connected them: scans of a GitLab repo use the OAuth token of the member who linked GitLab, regardless of who clicks Scan.
- Row-level security enforces membership all the way down to the database — the browser can only ever read rows of organizations you belong to.