# Github App Integration

The GitHub App integration enables Sprinto to continuously monitor your GitHub organisation for repository activity, access controls, and security configurations.

Sprinto uses this integration to automate compliance checks such as:

* Multi-factor authentication (MFA) enforcement
* Repository access reviews
* Branch protection and peer review enforcement
* Dependabot vulnerability monitoring

The integration supports two connection methods:

* **Sprinto GitHub App (recommended)** — Quick setup using Sprinto’s pre-configured app
* **Bring Your Own GitHub App** — Custom setup for enterprise or restricted environments

***

### How it Works

The integration uses GitHub Apps with read-only permissions to securely fetch compliance data.

1. You initiate the connection from Sprinto.
2. You choose a connection method.
3. GitHub permissions are granted at the organisation level.
4. Sprinto generates installation access tokens.
5. Data is retrieved using GitHub REST and GraphQL APIs.
6. Controls and checks are continuously evaluated.

{% hint style="info" %}

#### Note

The integration relies on read-only GitHub App permissions aligned with Sprinto’s production configuration to ensure secure and non-intrusive access.
{% endhint %}

#### Sprinto checks for GitHub <a href="#sprinto-checks-for-github" id="sprinto-checks-for-github"></a>

The below procedure below has a dedicated section for configuring GitHub as a change management and ticketing system. You can follow the section that applies to your GitHub Usage:

<table><thead><tr><th width="187.48828125">Sprinto check</th><th width="378.29296875">Check description</th><th>Reference procedure</th></tr></thead><tbody><tr><td>GitHub org level MFA should be enforced</td><td>Multi-factor authentication (MFA) should be enforced at the organization level.</td><td><a href="../../monitors/authentication-and-access-monitors/enabling-mfa-on-github">How to fix</a></td></tr><tr><td>GitHub user should have MFA enabled</td><td>Multi-factor authentication (MFA) should be enabled on all users' accounts</td><td><a href="../../monitors/authentication-and-access-monitors/enabling-mfa-on-github">How to fix</a></td></tr><tr><td>Github access should be removed for offboarded user</td><td>Revoke access from the organization’s GitHub account for every offboarded staff member.</td><td><a href="../../monitors/authentication-and-access-monitors/resolve-sprinto-check-for-removing-access-for-offboarded-users">How to fix</a></td></tr><tr><td>Dependabot vulnerability scan should be enabled</td><td>Enable the Dependabot vulnerability scan on your GitHub repositories.</td><td><a href="../../monitors/code-and-repository-monitors/how-to-resolve-sprinto-check-for-enabling-dependabot-vulnerability-scan">How to fix</a></td></tr><tr><td>Peer review should be enforced for code changes</td><td>Peer review should be enforced on every change merging request on the main branch.</td><td><a href="../../monitors/code-and-repository-monitors/how-to-resolve-sprinto-check-for-enabling-branch-protection-rules">How to fix</a></td></tr><tr><td>Merging of code changes should require passing status-checks</td><td>Every code change must pass the status check.</td><td><a href="../../monitors/code-and-repository-monitors/how-to-resolve-sprinto-check-for-enabling-branch-protection-rules">How to fix</a></td></tr><tr><td>Branch Protection rules should be enforced for admins</td><td>The branch protection ruleset should be configured on the GitHub account.</td><td><a href="../../monitors/code-and-repository-monitors/how-to-resolve-sprinto-check-for-enabling-branch-protection-rules">How to fix</a></td></tr><tr><td>Code changes should be reviewed by peers before merging</td><td>Every code change should be reviewed by a peer reviewer. </td><td><a href="../../monitors/code-and-repository-monitors/how-to-resolve-sprinto-check-for-enabling-branch-protection-rules">How to fix</a></td></tr></tbody></table>

### Supported GitHub Environments

Sprinto supports integration with:

* GitHub Cloud (github.com)
* GitHub Enterprise Cloud (\*.ghe.com)
* GitHub Enterprise Server (self-hosted)

Use **Bring Your Own GitHub App** for enterprise or data residency requirements.

***

### Required Permissions

To align with Sprinto’s production GitHub App configuration, grant the following **read-only permissions**:

#### Repository Permissions

* Metadata — Read-only
* Administration — Read-only
* Checks — Read-only
* Dependabot alerts — Read-only
* Pull requests — Read-only

#### Organisation Permissions

* Administration — Read-only
* Members — Read-only

These permissions allow Sprinto to monitor repository activity, access configurations, and security posture without making any changes.

***

### What Data Sprinto Accesses

Sprinto retrieves the following data:

* Installation ID
* Organisation details
* Repositories and branches
* Commits and pull requests
* Organisation members and collaborators
* MFA status
* Dependabot vulnerability alerts

***

### APIs Used by Sprinto

Sprinto uses GitHub APIs to retrieve compliance data securely.

#### REST API Endpoints

<table><thead><tr><th width="439.96484375">Endpoint</th><th width="234.8671875">Purpose</th></tr></thead><tbody><tr><td>GET /app</td><td>Validate app credentials</td></tr><tr><td>GET /app/installations/{installationId}</td><td>Retrieve installation details</td></tr><tr><td>POST /app/installations/{installationId}/access_tokens</td><td>Generate access tokens</td></tr><tr><td>GET /orgs/{org}</td><td>Fetch organisation details</td></tr><tr><td>GET /orgs/{org}/members</td><td>List organisation members</td></tr><tr><td>GET /orgs/{org}/outside_collaborators</td><td>List external collaborators</td></tr><tr><td>GET /orgs/{org}/repos</td><td>List repositories</td></tr><tr><td>GET /users/{username}</td><td>Fetch user details</td></tr><tr><td>GET /repos/{owner}/{repo}/pulls</td><td>Retrieve pull requests</td></tr></tbody></table>

#### GraphQL API

Sprinto also uses GitHub’s GraphQL API (`https://api.github.com/graphql`) to:

* Query organisation members with roles
* Retrieve SSO/SAML identity information
* Fetch commit history and pull request data
* Access vulnerability and security alerts

{% hint style="warning" %}

### Important Considerations

* Selecting specific repositories limits monitoring scope.
* Missing repositories are usually due to restricted selection.
* Reinstallation is required to update repository access.
  {% endhint %}

***

### Before you begin

Ensure the following prerequisites are met:

* You have **Admin access** to the GitHub organisation where the app will be installed.
* You are logged in to the **Sprinto Admin Portal**.
* Your GitHub organisation allows third-party GitHub Apps to be installed.

***

### How it works

The integration works in three stages:

1. You initiate the connection from Sprinto.
2. You install the Sprinto Audit GitHub App in your GitHub organisation.
3. Sprinto syncs repository and organisation-level data to automate compliance checks.

The connection type used is **OAuth**.

***

### Dashboard Actions

#### Connect GitHub App

1. Log in to the Sprinto dashboard.
2. Navigate to **Settings → Integrations.**
3. In the **All** tab, search for **GitHub App.**
4. Click **Connect.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FN50OkRTPkRM2VZEWrZtX%2FGitapp1.png?alt=media&#x26;token=c0b79de0-be3d-4dc9-961e-9e0e1566cc69" alt="" width="563"><figcaption></figcaption></figure>

5. Review:
   * Controls automated
   * Checks covered
   * Permissions required
   * Data accessed by Sprinto
6. Click **Next.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FPIia7q2PqEYh58J5bkcS%2FScreenshot%202026-04-16%20at%2011.59.30.png?alt=media&#x26;token=2f7a2109-7f16-4fab-be53-505edb59fd4a" alt="" width="375"><figcaption></figcaption></figure>

***

### Choose Authentication Method

#### Option 1: Use Sprinto’s GitHub App (Recommended)

Use Sprinto’s pre-configured GitHub App for a quick setup.

1. Select **Use Sprinto’s GitHub App.**
2. Click **Connect with Sprinto.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2F0NFXkC0QReEYNfLPBHrE%2FScreenshot%202026-04-16%20at%2012.26.02.png?alt=media&#x26;token=d26c8d42-884c-40c0-9a60-836ac600b757" alt="" width="375"><figcaption></figcaption></figure>

3. You will be redirected to GitHub.
4. Sign in and authorise the Sprinto Audit app.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2Fkda4UHfAlZC3J2elPjKI%2Fgitapp3.png?alt=media&#x26;token=a5dd1279-cebe-40b4-83b3-f2cb278eb2a6" alt="" width="563"><figcaption></figcaption></figure>

5. Select:
   * Organisation
   * Repository access (All or Selected)
6. Click **Install.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FE2Mn9bZP9YoDmXRPL6Dh%2Fgitapp4.png?alt=media&#x26;token=942c6cc3-2db7-4f79-9dee-7f751b41fa8d" alt="" width="563"><figcaption></figcaption></figure>

After installation:

* You are redirected back to Sprinto
* Initial sync begins automatically
* Integration status updates to **Active**

***

#### Option 2: Bring Your Own GitHub App

Use this method for GitHub Enterprise or custom configurations.

#### Step 1: Create a GitHub App

1. Select **Bring Your Own GitHub App.**
2. Click **Continue.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2F1eIlY3braGmMikgXHgGF%2FScreenshot%202026-04-16%20at%2012.57.04.png?alt=media&#x26;token=8b7ce7e6-0d4f-4c07-ac31-56e1458203fb" alt="" width="375"><figcaption></figcaption></figure>

3. In your Github account, go to **Settings → Developer settings → GitHub Apps.**
4. Click **New GitHub App.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FSoQv5bGNlTtnQCP05okj%2FScreenshot%202026-04-16%20at%2011.05.29%E2%80%AFAM.png?alt=media&#x26;token=4617a885-9431-4884-89ec-93755cf591c6" alt="" width="563"><figcaption></figcaption></figure>

5. Enter:
   * **App name:** sprinto-audit-app
   * **Homepage URL:**\
     Use your Sprinto region:
     * India: <http://in.sprinto.com/>
     * EU: <http://eu.sprinto.com/>
     * US: <http://app.sprinto.com/>
     * AU: <https://au.sprinto.com/>
   * **Callback URL:**\
     Use your Sprinto region:
     * India: <http://in.sprinto.com/githubapp/githubAppCallback>
     * EU: <http://eu.sprinto.com/githubapp/githubAppCallback>
     * US: <http://app.sprinto.com/githubapp/githubAppCallback>
     * AU: <https://au.sprinto.com/githubapp/githubAppCallback>

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FpPzO2JaDJMeOZiC6HGl1%2FScreenshot%202026-04-16%20at%2011.07.12%E2%80%AFAM.png?alt=media&#x26;token=4d9c7809-49a9-4600-93ee-a8cf0e90983f" alt="" width="563"><figcaption></figcaption></figure>

6. Configure the [required permissions](#required-permissions).
7. Click **Create GitHub App.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FfSwpipjuuDxXYg4kVTLM%2FScreenshot%202026-04-16%20at%2011.07.36%E2%80%AFAM.png?alt=media&#x26;token=3d01e433-740d-459a-95e1-b8fa8304189b" alt="" width="563"><figcaption></figcaption></figure>

6. After creation:
   1. Note the **App ID**
   2. Copy the **Public Link**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FnJIafb9i81bqhM8dFxQX%2FScreenshot%202026-04-16%20at%2011.15.19%E2%80%AFAM.png?alt=media&#x26;token=90bccacb-07f3-4af9-a371-53f91eb1101f" alt="" width="563"><figcaption></figcaption></figure>

6. Scroll down to the Private Keys section.
7. Click Generate a private key.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FajsIXY5fbreSYNjv8fPl%2FScreenshot%202026-04-16%20at%2011.15.29%E2%80%AFAM.png?alt=media&#x26;token=6ac13f00-8625-4291-9186-1fe224a0e7ee" alt="" width="563"><figcaption></figcaption></figure>

#### Configure IP Allowlist (Required)

After creating your GitHub App, you must allow Sprinto’s public IP addresses if your organisation enforces IP restrictions.

Add the following IP addresses to your allowlist based on your Sprinto region:

<table><thead><tr><th width="109.40625">Region</th><th width="179.3671875">Domain</th><th width="167.8671875">Public IP</th></tr></thead><tbody><tr><td>US</td><td>app.sprinto.com</td><td>54.193.221.51</td></tr><tr><td>India</td><td>in.sprinto.com</td><td>3.108.123.60</td></tr><tr><td>EU</td><td>eu.sprinto.com</td><td>18.184.125.204</td></tr><tr><td>AU</td><td>au.sprinto.com</td><td>54.252.98.100</td></tr></tbody></table>

{% hint style="warning" %}

#### Important

Ensure these IP addresses are added to your organisation’s IP allowlist to enable successful communication between Sprinto and GitHub.
{% endhint %}

***

#### Step 2: Add Credentials in Sprinto

1. Enter:
   * App Public Link
   * App ID
   * Private Key
2. Click **Test Connection.**
3. Once validated, click **Connect.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FHpampBq0GQ5YVMZGSZ4d%2Fgitapp5.png?alt=media&#x26;token=c6cb43e2-b9df-4f79-bc74-76e2a96e5b20" alt="" width="375"><figcaption></figcaption></figure>

4. You will be redirected to GitHub, select the user to authorise your GitHub app.
5. Click **Continue.**

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FV6TgY7yUVtoiWtBBL0nI%2FScreenshot%202026-04-16%20at%2011.18.47%E2%80%AFAM.png?alt=media&#x26;token=f710367e-2310-4969-a6eb-0a02062aca67" alt="" width="563"><figcaption></figcaption></figure>

6. Click **Install** to install your app.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2Fq6B5Qd2996q3aSixulTI%2FScreenshot%202026-04-16%20at%2011.19.17%E2%80%AFAM.png?alt=media&#x26;token=363f0ebd-4b34-4e19-99fb-6208a843167d" alt="" width="563"><figcaption></figcaption></figure>

Sprinto will establish the connection and begin syncing data.

***

#### Complete integration

After installation:

* You will be redirected back to Sprinto.
* Sprinto will initiate the initial sync.
* The GitHub App status will update to **Active** once connected.

The integration is now complete.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FKsH3cH0KY6n1PovLTFTe%2FScreenshot%202026-02-10%20at%204.13.48%E2%80%AFPM.png?alt=media&#x26;token=69b9ac0b-45b1-492b-8cf8-b4a812f2a735" alt="" width="563"><figcaption></figcaption></figure>

***

### Troubleshooting

1. **Unable to install the app**
   * Ensure you have **organisation admin access** in GitHub.
   * Check whether your organisation restricts third-party app installations.
2. **Integration shows inactive**
   * Confirm the app is installed in the correct organisation.
   * Verify repository access selection.
   * Try reconnecting from **Settings → Integrations**.
3. **Missing repositories in Sprinto**
   * If “Only select repositories” was chosen, ensure the required repositories were selected.
   * Reinstall the app and modify repository access if needed.

***

### Support

Contact [Sprinto support](mailto:www.support@sprinto.com) if you have any queries regarding the integration or need any assistance.