DevOps & Code
Connect GitHub
Reads repositories, pull requests, GitHub Actions, security alerts, and repo artifact signals to compute Delivery Health, Technical Debt, IT Modernization, Lifecycle Risk, and Security Readiness from real data.
What it pulls
Org/user, repositories, branches & protection, commits, pull requests (open age, merged, review & cycle time), issues, releases, Actions workflows/runs (failures, duration), deployments where available, contributors, stale repos, repo file-tree signals for containers/IaC/platform artifacts, runtime version files, Dependabot/code-scanning/secret-scanning alerts.
Step-by-step setup
- 1
Open the token page
Use the “Create a fine-grained GitHub token →” link, or go to GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens.
- 2
Choose read-only permissions
Fine-grained (recommended): grant Read-only on Contents, Metadata, Pull requests, and Actions, plus Organization → read:org. If you use a classic token instead (repo, read:org, read:user), be aware the classic repo scope has no read-only tier — it grants write capability even though ShipReady only ever issues read requests, so prefer fine-grained and set a short expiration. Never grant admin.
- 3
Set repository access + expiration
Fine-grained tokens: pick which repositories ShipReady can read (or all). Set an expiration (e.g. 90 days).
- 4
Generate and copy the token
Click Generate token and copy it now — GitHub shows it once (ghp_… classic, github_pat_… fine-grained).
- 5
Paste it above and connect
Drop the token into the field and click Connect GitHub. We validate it live (confirming repo + read:org access), encrypt it at rest, and run the first sync.
Fully implemented and verified end-to-end.