> ## Documentation Index
> Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
> Use this file to discover all available pages before exploring further.
# GitHub
> How DSALTA integrates with GitHub — data collected, setup guide, and automated compliance checks.
## Overview
DSALTA connects to GitHub using read-only API access to collect compliance evidence automatically. Data syncs every 24 hours and feeds into your Data Library modules.
**Read-only access.** DSALTA never modifies, creates, or deletes resources in your GitHub environment.
## How to Connect
1. Go to **Integrations** in the DSALTA sidebar.
2. Find **GitHub** and click **Connect**.
3. Authenticate with admin-level access.
4. Select the scope (accounts, projects, or resources to monitor).
5. DSALTA performs an initial sync (5-15 minutes). Checks activate after sync completes.
## Automated Compliance Checks
Each check below runs automatically every 24 hours. Click any check for step-by-step remediation guidance.
| Check | Description |
| ----------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------- |
| [Branch protection should be enabled on repositories](/integrations/github/branch-protection-should-be-enabled-on-repositories) | Checks that branch protection rules are enabled on GitHub repositories. |
| [Dependabot alerts should be resolved](/integrations/github/dependabot-alerts-should-be-resolved) | Checks that Dependabot vulnerability alerts are resolved. |
| [User access to critical systems should be valid](/integrations/github/user-access-to-critical-systems-should-be-valid) | Checks that users with access to critical systems are authorized in GitHub. |
| [Code scanning alerts should be resolved](/integrations/github/code-scanning-alerts-should-be-resolved) | Checks that code scanning alerts are identified and resolved. |
| [Secret scanning alerts should be resolved](/integrations/github/secret-scanning-alerts-should-be-resolved) | Checks that secret scanning alerts are identified and resolved. |
| [Dependabot alerts should be resolved within SLA](/integrations/github/dependabot-alerts-should-be-resolved-within-sla) | Checks that Dependabot vulnerability alerts are resolved within the defined SLA. |
| [Branch protection should be enabled](/integrations/github/branch-protection-should-be-enabled) | Checks that branch protection is enabled on all GitHub repositories. |
| [Change request tickets should be resolved within 30 days](/integrations/github/change-request-tickets-should-be-resolved-within-30-days) | Checks that change request tickets are resolved within 30 days. |
| [All change tickets should have an assignee](/integrations/github/all-change-tickets-should-have-an-assignee) | Checks that all change management tickets have an assignee. |
| [Ticketing system for change management should be configured](/integrations/github/ticketing-system-for-change-management-should-be-configured) | Checks that a ticketing system for change management is set up. |
| [At least one change management system should be connected](/integrations/github/at-least-one-change-management-system-should-be-connected) | Checks that at least one change management system is connected. |
## Troubleshooting
Re-authenticate from **Integrations → GitHub → Reconnect**. This usually happens when API tokens expire.
Verify the connected account has admin permissions. Try a manual sync from the integration settings.