GitHub

What is GitHub?

GitHub is the most widely used platform for storing, reviewing, and managing code. If your team uses GitHub, this integration gives Imara visibility into your repository access controls, branch protection rules, and code review practices — all key controls for development security frameworks.

What Imara collects from GitHub

• Organization members and their roles
• Two-factor authentication (2FA) status for all members
• Repository access controls and permission levels
• Branch protection rules — e.g., required code reviews before merging
• Outside collaborator and team configurations
  
  

Required GitHub permissions

Imara connects using a GitHub App installation with the following read-only permissions:

• Members (read) — read organization membership and 2FA status
• Administration (read) — read repository settings and branch protection rules
  
  

Imara does not commit code, create pull requests, or modify any repository or organization setting.

How to connect

1. In Imara, go to Integrations and select GitHub.
2. Click Connect. You will be redirected to GitHub to authorize the Imara application.
3. Choose the organization to connect and approve the requested permissions.
4. You will be redirected back to Imara and the initial sync will begin automatically.
   
   

Frameworks supported

SOC 2, ISO 27001, NIST CSF, PCI DSS.

What to expect

Imara surfaces findings like members without 2FA, repositories lacking branch protection, or overly permissive access. Each finding is linked to the relevant control in your active framework so your team knows exactly what to address.