> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# GH_ManageWebhooks

> [Repository] Repo role can manage repository webhooks

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Edge Schema

* Source: [GH\_RepoRole](/opengraph/extensions/github/nodes/gh_reporole)
* Destination: [GH\_Repository](/opengraph/extensions/github/nodes/gh_repository)
* Traversable: ❌

## General Information

The non-traversable GH\_ManageWebhooks edge represents a role's ability to create, modify, and delete repository-level webhooks. This permission is available to Admin roles and custom roles that have been granted this specific permission. Webhooks can exfiltrate repository events and code changes to external endpoints, making this a security-sensitive permission. An attacker with this permission could configure a webhook to receive push event payloads containing commit diffs, effectively creating a covert channel for data exfiltration.

```mermaid theme={null}
graph LR
    user1("GH_User carol")
    adminRole("GH_RepoRole GitHound\admin")
    customRole("GH_RepoRole GitHound\integrations_manager")
    repo("GH_Repository GitHound")
    user1 -- GH_HasRole --> adminRole
    adminRole -- GH_ManageWebhooks --> repo
    customRole -- GH_ManageWebhooks --> repo
```