GitHub App
Connect GitHub to Seenty for automatic repository scanning on every push.
GitHub App Integration
The Seenty GitHub App connects your GitHub repositories for automatic security scanning. Every time code is pushed to a connected repository, Seenty scans for leaked secrets, vulnerable dependencies, infrastructure-as-code issues, and Dockerfile problems. GitHub App integration is available on Starter plans and above.
What it scans
When the GitHub App is connected, Seenty automatically runs the following scans on every push:
| Scan type | What it detects |
|---|---|
| Secrets | Leaked credentials -- API keys, tokens, passwords, private keys in git history |
| Dependencies | Vulnerable packages in dependency manifests (package.json, requirements.txt, go.mod, etc.) |
| Infrastructure | IaC issues in Terraform, CloudFormation, and Kubernetes manifests |
| Dockerfile | Best-practice violations and security issues in Dockerfiles |
All findings appear in Security Posture with the source labeled as Repository.
Installation
Navigate to GitHub integration
Go to Integrations > Service Integrations > GitHub in your Seenty dashboard.
Connect your GitHub account
Click Connect GitHub. A popup window will open, redirecting you to GitHub for authorization.
- Review the permissions requested by the Seenty GitHub App.
- Click Authorize to grant Seenty access.
Seenty requests read-only access to your repositories. It does not modify code, create branches, or push commits.
Select the installation target
Choose where to install the GitHub App:
- Personal account -- Install on your personal GitHub repositories.
- Organization -- Install on a GitHub organization's repositories. You need to be an organization admin or the organization must allow member installations.
You can install the app on multiple accounts and organizations.
Choose repositories
Select which repositories to enable for scanning:
- All repositories -- Automatically scan every repository (including future ones).
- Select repositories -- Choose specific repositories to scan.
You can change this selection at any time from the GitHub integration page in Seenty.
Automatic scanning begins
Once installed, scanning begins automatically on the next push to any enabled repository. You do not need to trigger the first scan manually -- the next git push will start it.
Managing repositories
After installation, you can manage which repositories are scanned from the Seenty dashboard:
- Toggle repositories -- Enable or disable scanning for individual repositories from Integrations > Service Integrations > GitHub.
- Sync repository list -- If you have created new repositories since installation, click Sync to refresh the list.
- Remove integration -- Disconnect a GitHub account entirely from the GitHub integration page.
Webhook triggers
The GitHub App responds to the following webhook events:
| Event | What happens |
|---|---|
| Push | A scan is triggered for the repository that received the push. The scan covers the full repository, not just the changed files. |
| Installation | Seenty records when the app is installed or uninstalled on an account or organization. |
Multiple accounts
You can connect multiple GitHub accounts (personal and organizational) to a single Seenty organization. This is useful when:
- Your team uses both personal and organizational repositories.
- You manage multiple GitHub organizations.
- You need to scan repositories across different GitHub accounts.
Each connected account appears separately in the GitHub integration page, and you can manage repositories independently for each account.
Scan results
After a scan completes, findings are available in Security Posture with the source set to Repository. Each finding includes:
- The repository name and branch.
- The specific file and line number where the issue was found.
- The scan type that detected it (secrets, vulnerabilities, IaC, or Dockerfile).
- Severity, description, and remediation guidance.
Findings from repository scans follow the same finding lifecycle as all other Seenty findings -- they can be acknowledged, resolved, or marked as false positives.
Repository findings that are not detected in subsequent scans are automatically resolved after 7 days.
Troubleshooting
Scans not triggering after push?
- Verify the repository is enabled for scanning in the Seenty GitHub integration page.
- Check that the GitHub App is still installed on the account or organization (it may have been uninstalled by an admin).
- Ensure the repository is not empty -- the first push to a new repository should trigger a scan.
Missing repositories in the list?
- Click Sync to refresh the repository list from GitHub.
- If the repository belongs to a different GitHub organization, you need to install the Seenty app on that organization separately.
Want to scan without GitHub?
- Contact support if you need to scan repositories hosted outside of GitHub.