![Adoptech-logo-GreyWithoutStrapline-1.png]](https://knowledge.adoptech.co.uk/hs-fs/hubfs/Adoptech-logo-GreyWithoutStrapline-1.png?height=39&name=Adoptech-logo-GreyWithoutStrapline-1.png){kind=logo}
The GitHub integration enables Adoptech to collect data about your repositories, branch protection rules, code review activity and user account security settings. This information is used to generate evidence for secure development practices, access control and multi-factor authentication controls across frameworks such as ISO 27001, SOC 2 and Cyber Essentials.
This integration helps organisations:
-
Demonstrate that source code is stored in a managed version control platform
-
Verify that code reviews are required before merging into production branches
-
Confirm that developer accounts have multi-factor authentication enabled
-
Conduct and evidence user access reviews for GitHub accounts
-
Support ISO 27001, SOC 2 and Cyber Essentials compliance activities
Prerequisites
Before configuring the integration, ensure you have:
-
A GitHub organisation account
-
Admin access to the GitHub organisation (required to install the GitHub App)
-
Permission to authorise third-party app installations on your organisation
What Data We Collect
Once connected, Adoptech retrieves read-only information from GitHub, including:
- Repository names and visibility settings
- Branch protection rule configurations
- Code review activity on pull requests
- User account details
- MFA enrolment status for each user
- Installation metadata
Adoptech does not modify your GitHub repositories, branch settings or user accounts.
What We Use the Data For
The imported data is used to:
-
Verify that code reviews are required before merging into production branches
-
Confirm that source code is held in a managed SCM platform
-
Check that all GitHub users have MFA enabled
-
Support periodic user access reviews
What do I need to get started?
You will need access to the account that is the 'Owner of your Organisation' in GitHub.
What do I need to configure in GitHub?
- A custom property to identify the production branch
- In GitHub Organisation settings go to Repository → Custom property
- The property name must be "production_branch_name". The default value can be anything. Note: you can override this on a per-repository basis.
- In GitHub Organisation settings go to Repository → Custom property
- Review each repository and set the correct value. This should be the name of the branch from which the code is coming into production. For example “main” or “production” (ask your DevOps or Dev Team if unsure).
-
Ensure Production branches have protection in place, with a mandatory code review requirement before merging.
What do I need to configure on the Adoptech side?
All GitHub users with access to the company's repositories (including outside collaborators) should be set up in the People table on Adoptech.
A GitHub user's public email does not always match the corporate email used in Adoptech and so the user's GitHub identifier (login name) is required.
You can find the ID in the URL of the user's GitHub page, or by clicking on the user's avatar. 
Then go to the People page and click on the user. Scroll all the way down to enter their GitHub ID under Integrations.
Need Help? Contact support@adoptech.co.uk or open a chat