GitHub Integration
The GitHub integration connects your repositories to the platform through a GitHub App. It handles authentication, repository discovery, and webhook delivery so the platform can clone code, run scans, and deliver remediation pull requests on your behalf.
One-click setup
The GitHub integration is automatically added when you first sign in with GitHub. No manual configuration is required — the platform installs the GitHub App on your account or organisation and starts syncing repository metadata immediately.
If you need to connect additional GitHub organisations or reinstall the integration later, you can do so from the Integrations page in the dashboard with a single click.
Permissions
The GitHub App requests the minimum permissions needed to operate. All access is read-only — the platform never modifies your code outside of remediation pull requests that you explicitly approve.
Repository permissions
Contents
Repository contents, commits, branches, downloads, releases, and merges.
Metadata
Search repositories, list collaborators, and access repository metadata.
Account permissions
Email addresses
Manage a user's email addresses for identity and notification purposes.
Events
The integration subscribes to repository events so the platform stays in sync with your GitHub organisation. When a repository is created, deleted, archived, unarchived, publicised, privatised, renamed, or transferred, the platform updates its internal inventory automatically.
This means new repositories appear in the dashboard without any manual action, and removed or renamed repositories are reflected immediately.