DevOps & Code

Connect GitHub

Reads repositories, pull requests, GitHub Actions, security alerts, and repo artifact signals to compute Delivery Health, Technical Debt, IT Modernization, Lifecycle Risk, and Security Readiness from real data.

What you'll need

A GitHub personal access token. Fine-grained (recommended — the only PAT type with a genuinely narrow repository grant): Read-only on Contents, Metadata, Pull requests, and Actions, plus Organization read. Classic tokens work too (repo, read:org, read:user), but note the classic repo scope has no narrow tier — it carries write capability. Never grant admin permissions.

Credential

Personal access token (fine-grained, read-only)

Requested scopes

Contents (read), Metadata (read), Pull requests (read), Actions (read), Organization (read)

Powers

Delivery Health, Technical Debt, IT Modernization, Lifecycle Risk, Security Readiness

What it pulls

Org/user, repositories, branches & protection, commits, pull requests (open age, merged, review & cycle time), issues, releases, Actions workflows/runs (failures, duration), deployments where available, contributors, stale repos, repo file-tree signals for containers/IaC/platform artifacts, runtime version files, Dependabot/code-scanning/secret-scanning alerts.

Step-by-step setup

  1. 1

    Open the token page

    Use the “Create a fine-grained GitHub token →” link, or go to GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens.

  2. 2

    Choose read-only permissions

    Fine-grained (recommended): grant Read-only on Contents, Metadata, Pull requests, and Actions, plus Organization → read:org. If you use a classic token instead (repo, read:org, read:user), be aware the classic repo scope has no read-only tier — it grants write capability even though ShipReady only ever issues read requests, so prefer fine-grained and set a short expiration. Never grant admin.

  3. 3

    Set repository access + expiration

    Fine-grained tokens: pick which repositories ShipReady can read (or all). Set an expiration (e.g. 90 days).

  4. 4

    Generate and copy the token

    Click Generate token and copy it now — GitHub shows it once (ghp_… classic, github_pat_… fine-grained).

  5. 5

    Paste it above and connect

    Drop the token into the field and click Connect GitHub. We validate it live (confirming repo + read:org access), encrypt it at rest, and run the first sync.

Create a fine-grained GitHub token → Connect in the app

Fully implemented and verified end-to-end.