.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Documentation Index
Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
GitHub is the world’s most widely used code hosting and collaboration platform. DSALTA integrates with GitHub to monitor repository security, code review compliance, vulnerability alerts, secret scanning, and change management via GitHub Issues.Read-only access. DSALTA never modifies, creates, or deletes resources in your GitHub environment. All API access is strictly read-only.
Integration Details
| Property | Value |
|---|---|
| Category | Code Repository & Security |
| Data Library Modules | Access, Code Changes, Vulnerabilities, Changes |
| Authentication | GitHub App installation with read-only repository access |
| Sync Frequency | Every 24 hours (manual sync available) |
| Permissions | Read-only |
What Data DSALTA Collects
When you connect GitHub, DSALTA automatically collects the following data on every sync cycle:- Repository configurations and visibility
- Branch protection rules and enforcement
- Pull request reviews and CI/CD check results
- Dependabot vulnerability alerts
- Code scanning and secret scanning alerts
- GitHub Issues for change management tracking
- User access and team permissions
Key Use Cases
- Enforce branch protection rules on all repositories
- Monitor Dependabot alert resolution within SLA
- Detect exposed secrets via secret scanning
- Track code review compliance (author ≠ reviewer)
- Manage change requests via GitHub Issues
How to Connect
Navigate to Integrations
Go to Settings → Integrations in your DSALTA dashboard and find GitHub in the catalog.
Authenticate
Follow the on-screen instructions to authenticate with your GitHub account. Admin-level access is required for the initial setup.
Configure Scope
Select which accounts, projects, or resources DSALTA should monitor. You can adjust this later from the integration settings.
Automated Compliance Tests
When you connect GitHub, DSALTA automatically generates the following compliance tests. Each test runs every 24 hours and produces pass/fail evidence for your auditor.| Test | Description |
|---|---|
| Branch protection should be enabled on repositories | Checks that branch protection rules are enabled on GitHub repositories. |
| Dependabot alerts should be resolved | Checks that Dependabot vulnerability alerts are resolved. |
| User access to critical systems should be valid | Checks that users with access to critical systems are authorized in GitHub. |
| Code scanning alerts should be resolved | Checks that code scanning alerts are identified and resolved. |
| Secret scanning alerts should be resolved | Checks that secret scanning alerts are identified and resolved. |
| Dependabot alerts should be resolved within SLA | Checks that Dependabot vulnerability alerts are resolved within the defined SLA. |
| Branch protection should be enabled | Checks that branch protection is enabled on all GitHub repositories. |
| Change request tickets should be resolved within 30 days | Checks that change request tickets are resolved within 30 days. |
| All change tickets should have an assignee | Checks that all change management tickets have an assignee. |
| Ticketing system for change management should be configured | Checks that a ticketing system for change management is set up. |
| At least one change management system should be connected | Checks that at least one change management system is connected. |
Tests run automatically every 24 hours. Failed tests generate alerts and appear in your compliance dashboard with remediation guidance. All test results are stored as audit evidence with timestamps.
Compliance Frameworks
This integration provides evidence for the following compliance frameworks:SOC 2
Access controls, monitoring, and change management evidence.
ISO 27001
Asset management, access control, and operations security evidence.
GDPR
Access records and data processing evidence.
Troubleshooting
Integration shows Disconnected
Integration shows Disconnected
Re-authenticate by going to Settings → Integrations → GitHub and clicking Reconnect. This usually happens when API tokens expire or permissions change.
Data is not syncing
Data is not syncing
Verify that the connected account still has the required admin permissions. Try a manual sync from the integration settings page. If the issue persists, check your GitHub API rate limits.
Tests are not generating
Tests are not generating
Tests generate after the first successful data sync. If sync completed but tests are missing, ensure the relevant features are configured in GitHub (e.g., GuardDuty must be enabled in AWS for GuardDuty tests to appear).
Some users are missing from the sync
Some users are missing from the sync
DSALTA syncs all users visible to the connected admin account. If users are missing, verify they are within the scope you configured during setup. Suspended or deleted accounts may not appear.