Pull org members, teams, and team memberships from GitHub. Also discovers Action secrets and bot users via the discovery service.
Source connector — pulls identity and access data from GitHub into ComplianceScout where it is scored against your compliance frameworks and violation rules.
After a successful sync, the following data is available in your ComplianceScout dashboard for violation detection and reporting.
These fields are collected when you add the connector in the ComplianceScout dashboard. Secrets are encrypted at rest using AES-256-GCM and are never logged.
| Field | Type | Required | Notes |
|---|---|---|---|
| App ID | Text | Required | Numeric App ID from your GitHub App settings page. |
| Installation ID | Text | Required | Numeric ID from the installation URL after installing the App to your org. |
| Private key | Secret | Required | Full contents of the .pem file. Real newlines or escaped \n both work. |
| Organization name | Text | Required | GitHub org slug (the name in your org URL). |
Follow these steps to gather the credentials above and connect GitHub to ComplianceScout.
Go to your GitHub organization page → Settings → Developer settings → GitHub Apps → New GitHub App.
Name the app "ComplianceScout", set the homepage URL to https://compliancescout.ai, and disable the webhook.
Under Permissions, set: Organization members (Read), Organization administration (Read), Members (Read).
Click Create GitHub App, then generate a private key and download the .pem file.
Install the app to your organization from the app settings page. Copy the Installation ID from the installation URL.
In ComplianceScout, go to Data & Secrets → Integrations → Add Connector → GitHub and enter the App ID, Installation ID, private key contents, and org name.
Start a free trial — your tenant is provisioned instantly and you can wire up this integration from the connectors page.