GitHub
Code hosting, pull requests, and project management
GitHub integration connects your agents to GitHub's code hosting, pull requests, and project management platform.
Server URL: https://api.githubcopilot.com/mcp
Setup
- Navigate to Resources and click Add Resource
- Select GitHub from the catalog
- Choose a credential mode (see below)
- Click Add
The resource is added with all tools and scopes pre-configured. Each user connects their own GitHub account via OAuth when they first use a GitHub tool. Navigate to Connections to manage linked accounts.
Credential modes
GitHub supports two modes:
- Use SecureAuth's app — install instantly with SecureAuth's pre-registered GitHub OAuth app. No setup on your side. Recommended for most installs.
- Bring your own app — use a GitHub OAuth app owned by your organization. Recommended when you need GitHub-side audit attribution, dedicated rate limits, or your own branding on the consent screen.
See Credential modes for the full comparison.
Use SecureAuth's app
No setup on your side — unless your GitHub org restricts third-party OAuth apps. With restrictions on, members can't grant a third-party app access to org data on their own: until an org owner approves SecureAuth AI Gateway, the app can read only the org's public resources, not private org repos.
When a member first connects, GitHub prompts them to request approval (Request access → Request approval from owners), which surfaces the app for an org owner to approve once:
- Profile picture (top-right) → Your organizations → select the org → Settings
- Left sidebar, under Third-party Access → OAuth app policy
- Next to SecureAuth AI Gateway → Review → Grant access
Members can then connect and reach private org repos.
Bring your own app
A GitHub org admin registers a GitHub OAuth App pointed at the gateway, then returns to SecureAuth with the Client ID and Client Secret.
In your AI Security workspace, go to Resources → Add Resource → GitHub → Bring your own app and copy the redirect URI shown in the dialog.
In GitHub, create a new OAuth App at your org's developer settings:
https://github.com/organizations/<your-org>/settings/applications/newConfigure:
- Application name — your company's name (for example,
<your-company> AI Gateway) - Homepage URL — your company's homepage
- Authorization callback URL — the redirect URI you just copied from AI Security
After GitHub creates the app, copy the Client ID and generate a new Client Secret from the app's settings page. Paste both back into the GitHub resource dialog in your AI Security workspace, then click Add.
The scopes the gateway requests at runtime (repo, read:org, read:user) are listed under Required scopes below.
Available tools
| Tool | Description |
|---|---|
get_me | Get details of the authenticated GitHub user |
get_file_contents | Get the contents of a file or directory from a repository |
create_or_update_file | Create or update a single file in a repository |
push_files | Push multiple files in a single commit |
search_code | Search for code across GitHub repositories |
search_repositories | Search for GitHub repositories |
create_repository | Create a new GitHub repository |
create_branch | Create a new branch in a repository |
list_branches | List branches in a repository |
list_commits | List commits of a branch in a repository |
list_issues | List issues in a repository |
search_issues | Search for issues across repositories |
create_issue | Create a new issue in a repository |
update_issue | Update an existing issue |
add_issue_comment | Add a comment to an issue |
list_pull_requests | List pull requests in a repository |
search_pull_requests | Search for pull requests across repositories |
create_pull_request | Create a new pull request |
update_pull_request | Update an existing pull request |
merge_pull_request | Merge a pull request |
pull_request_read | Get details, diff, status, or reviews of a pull request |
pull_request_review_write | Create or manage pull request reviews |
Required scopes
repo— full access to repositories including code, issues, and pull requestsread:org— read organization membership and teamsread:user— read user profile information
Policy examples
- Allow read-only access: tool patterns
get_*,list_*,search_*,pull_request_read - Block repository creation and file writes: add deny rules for
create_repository,create_or_update_file,push_files - Allow full PR workflow but block merges: allow
*pull_request*tools, then denymerge_pull_request