GitHub Integration

Overview

The GitHub integration connects your repositories to Standardise for automated evidence collection. Once installed, Standardise periodically checks your repositories for branch protection settings, Dependabot alerts, and other security posture indicators — then records the results as evidence in the Evidence module.

This removes the manual effort of screenshotting or exporting GitHub security configurations for your ISO 27001 audits. Evidence is timestamped and linked to the relevant Annex A controls automatically.

Plan requirement: The GitHub integration is available on the Pro plan and above.

Setup Steps

1. Navigate to Settings > Integrations and click Add Integration.
2. Select GitHub as the provider. You will be redirected to GitHub to install the Standardise GitHub App.
3. Choose whether to install the app on all repositories or selected repositories. For most organisations, selecting specific repositories containing production code is recommended.
4. Approve the permissions requested by the GitHub App. Standardise requires read access to repository metadata, branch protection rules, Dependabot alerts, and code scanning alerts.
5. After installation, you will be redirected back to Standardise. Confirm the connected repositories are listed, then save the integration.

Evidence Collection

Standardise collects the following evidence from your connected repositories:

• Branch protection status — whether the default branch requires pull request reviews, status checks, signed commits, and prevents force pushes. Maps to Annex A control A.8.25 (Secure development lifecycle).
• Dependabot alerts — a summary of open vulnerability alerts including severity breakdown (critical, high, medium, low). Maps to Annex A control A.8.8 (Management of technical vulnerabilities).
• Repository security overview — general security settings such as secret scanning and push protection status. Supports controls related to A.8.4 (Access to source code).

Each evidence item is created automatically in the Evidence module with the collection date, source repository, and relevant control mapping. Evidence is refreshed periodically and can also be triggered manually from the integration settings.

How Evidence Flows into Your ISMS

Collected evidence appears in the Evidence module alongside manually uploaded evidence. Each item includes:

• A title describing the check (e.g. “Branch protection — main — my-repo”).
• The source marked as GitHub so you can filter automated evidence from manual uploads.
• A timestamp of when the evidence was collected, providing a clear audit trail.
• Linked Annex A controls, making it easy to demonstrate compliance during internal and external audits.

Troubleshooting

• No repositories listed after install — You may have installed the app with no repositories selected. Go to GitHub > Settings > Applications > Standardise and add the repositories you want to monitor.
• Evidence not updating — Evidence collection runs periodically. You can trigger a manual refresh from the integration settings page. If errors persist, check that the GitHub App still has the required permissions.
• App installation was removed — If someone uninstalls the GitHub App from the organisation or repository, the integration will show a connection error. Re- install the app from Settings > Integrations to restore access.