Connection Methods
- GitHub App (Recommended)
- OAuth
- Personal Access Token
Best for: Organizations and teams
- Fine-grained repository access
- Higher API rate limits
- Better security with organization-level installation
- Easier permission management
GitHub App Setup
1
Navigate to Integrations
Settings → Integrations → GitHub
2
Choose GitHub App
Click Connect with GitHub App
3
Select Installation Target
Choose personal account or organization
4
Select Repositories
Choose all repositories or specific repos
5
Install & Authorize
Click Install & Authorize
6
Import Repositories
Select repositories to import for scanning
GitHub App Permissions
| Permission | Access Level | Why We Need It |
|---|---|---|
| Repository contents | Read | To scan code for vulnerabilities |
| Pull requests | Read & Write | To scan PRs and post review comments |
| Checks | Write | To show pass/fail status on PRs |
| Webhooks | Read & Write | To receive push and PR notifications |
OAuth Setup
1
Start OAuth Flow
Settings → Integrations → GitHub → Connect with OAuth
2
Authorize CodeThreat
Review permissions and click Authorize CodeThreat
3
Grant Organization Access
Grant access to organizations if applicable
4
Import Repositories
Select repositories to scan
Personal Access Token Setup
1
Create Token
GitHub → Settings → Developer settings → Personal access tokens → Generate new token (classic)
2
Configure Token
Set note:
CodeThreat Security ScannerSelect scopes:- ✅
repo(Full control of private repositories) - ✅
read:org(Read org membership) - ✅
admin:repo_hook(Full control of webhooks)
3
Generate and Copy
Click Generate token and copy immediately
4
Add to CodeThreat
Settings → Integrations → GitHub → Connect with TokenPaste token and click Connect
Webhook Configuration
CodeThreat automatically creates webhooks for selected repositories:- Push events: Trigger scans on code changes
- Pull request events: Scan PRs automatically
- Workflow events: Detect CI/CD changes
https://app.codethreat.com/webhooks/github
Troubleshooting
Webhook Not Receiving Events
- Verify webhook URL is correct
- Check webhook is active in GitHub settings
- Ensure repository has webhook configured
- Check firewall allows GitHub webhooks
Rate Limit Issues
- Use GitHub App for higher rate limits (15,000/hour vs 5,000/hour)
- Reduce scan frequency for large repositories
- Contact support for enterprise rate limits
Permission Errors
- Verify token has correct scopes
- Check organization OAuth app policy
- Ensure repository access is granted