Skip to main content

GitHub

The AISafe GitHub integration connects your GitHub organizations and personal accounts to AISafe. It provides source access for code audits, automated PR security review, and finding-to-issue export.

How it works

AISafe uses a single GitHub App (published in the GitHub Marketplace) that you install onto your GitHub organization or personal account. Each installation creates a connection in your AISafe organization with its own set of authorized repositories and permissions. You do not need to register your own GitHub App. Install the AISafe App.

Organization vs personal connections

  • Organization connections live on a GitHub organization. AISafe org owners and admins manage them. All bound team members can access the repositories.
  • Personal connections live on your personal GitHub account. All members can access them subject to your organization's policy (which may require admin approval or disable personal connections).

Both types of connections appear in the same Available repositories list when creating a new assessment.

Connecting GitHub

  1. Navigate to Integrations in the AISafe dashboard.
  2. Under Organization Integrations (owners/admins only) or Personal Integrations, click Connect GitHub.
  3. GitHub redirects you to authorize the AISafe App. Choose which repositories to grant access to.
  4. After authorization, your repositories appear in the Available repositories table.

Source access for code audits

For a code audit assessment against a connected repository, AISafe mints a short-lived (1-hour) installation access token scoped to that single repository. AISafe uses this token to clone the code and does not persist it. The token lives for the duration of the scan job, then expires.

For public repositories, provide the URL. You do not need a GitHub App installation.

PR review

Enabling PR review on a project bound to a GitHub repository lets AISafe receive pull request webhooks and post security review comments on the PR. See PR Review and Guide: Set up PR review for details.

AISafe delivers PR review results as GitHub pull request reviews and inline review comments. This workflow creates no separate GitHub status channel or security-alert upload.

Issue export

You can export findings as GitHub issues from the assessment findings page. The "Create issue" button appears when your assessment has a connected GitHub source repository. AISafe creates the issue in the source repo using the installation token.

When separate scans rediscover a finding with the same non-empty root-cause fingerprint, AISafe reuses the existing GitHub issue for that repository instead of creating another issue. Findings without a fingerprint keep per-finding issue export behavior.