Skip to Content
IntegrationsGitHub App

GitHub Integration

The Vouch GitHub App is the primary way to automate security scanning. Once installed, every push and pull request triggers a scan automatically.

Installation

  1. In your Vouch dashboard, go to Integrations → GitHub and click Install.
  2. GitHub redirects you to authorize the app. Select the repositories you want Vouch to monitor — you can scope it to specific repos or your entire account.

Trigger Events

Once installed, Vouch scans on:

  • push — any direct push to your default branch.
  • pull_request — any time a PR is opened or updated.

Status Checks in Pull Requests

Vouch posts a GitHub status check on every PR:

  • Score ≥ 50 → check passes (green).
  • Score < 50 (Critical) → check fails (red).

You can configure Branch Protection Rules in GitHub to block merges when the Vouch check fails — keeping insecure code out of production automatically.

Vouch also posts inline review comments directly on the vulnerable lines in your diff.

GitHub PR Bot Integration

Available on Micro and Pro plans.

The PR Bot adds a detailed security summary comment to each pull request, including the new Vouch Score, a severity breakdown, and links to Auto-Fix suggestions for any new findings.

Permissions

The GitHub App requests read-only access to your selected repositories. Write access is only requested if you enable the feature that allows Vouch to open Auto-Fix pull requests on your behalf.

See Security & Privacy for details on how code is handled after scanning.

Last updated on
Integrations OverviewSlack