GitHub And CI Integration Reference
Required access, supported events, status behavior, and operational constraints for CI integration.
Required Capabilities
- Read repository contents and pull request metadata.
- Post status/check results on commits and pull requests.
- Read workflow context to correlate findings with pipelines.
- Optional: write remediation PRs where enabled by policy.
Event Triggers
Pull Request Opened/Updated
Primary trigger for merge-gate checks.
Push To Protected Branch
Optional verification and baseline checks.
Scheduled Workflow
Backlog and drift detection scans.
Manual Re-Run
Developer-triggered reassessment after remediation.
Status Semantics
- Pass: no policy-violating findings.
- Fail: one or more findings exceed threshold.
- Indeterminate: integration or service issue prevented final decision.
- Bypassed: approved exemption path used; decision retained in evidence log.
Failure Handling
- Transient API errors should retry with backoff.
- Webhook delay should not silently pass; status should remain pending/indeterminate.
- Permission regression should raise operational alert and mark checks indeterminate.
- Duplicate events should be idempotently de-duplicated by event and commit identifiers.