GitHub Integration
CodeStax integrates deeply with GitHub for repository scanning, PR reviews, and webhook automation.
Connecting GitHub
During Signup
Click Continue with GitHub on the signup page. This authorizes CodeStax with the required permissions and connects your GitHub account automatically.
After Signup
- Go to Settings on the dashboard
- Navigate to Integrations or API Keys tab
- Click Connect GitHub
- Authorize the CodeStax app on GitHub
Permissions
CodeStax requests the following GitHub scopes:
| Scope | Purpose |
|---|---|
read:user | Read your GitHub profile information |
user:email | Access your email for notifications |
repo | Read repository contents, create webhooks, post PR comments |
Features
Repository Import
Once connected, you can import any repository you have access to (personal and organization repos). CodeStax fetches your repository list and lets you select which ones to import.
Automated PR Reviews
When you open or update a pull request, GitHub sends a webhook to CodeStax, which:
- Analyzes the PR diff for security issues
- Scores the PR risk level (0-100)
- Records findings in your dashboard
Webhook Events
CodeStax listens for these GitHub webhook events:
| Event | Trigger | Action |
|---|---|---|
pull_request.opened | New PR created | Trigger PR review |
pull_request.synchronize | New commits pushed to PR | Re-trigger review |
pull_request.reopened | Closed PR reopened | Trigger PR review |
push | Code pushed to branch | Trigger auto-scan (if enabled) |
Webhook Security
All GitHub webhooks are verified using HMAC SHA-256 signatures. CodeStax checks the X-Hub-Signature-256 header to ensure the request originates from GitHub.
Authentication for Scans
When scanning GitHub repositories, CodeStax uses your stored OAuth token to:
- Clone private repositories securely
- Access repository contents without requiring SSH keys
- Refresh tokens automatically when they expire