Overview
Backline’s GitHub integration enables secure, automated pull requests directly in your repositories, streamlining vulnerability remediation through our GitHub App.What You Can Do
With the GitHub integration, Backline can:- Access your repositories across multiple organizations
- Analyze code dependencies and packages
- Create pull requests with automated security fixes
- Track remediation status across your GitHub projects
Prerequisites
Before connecting GitHub, ensure you have:- A GitHub account with appropriate permissions
- Admin access to the repositories you want to connect
- Organization owner rights to install the Backline app (if you don’t have them, see Requesting Installation below)
Connecting GitHub
Choose Organization
On GitHub, select the target organization where you want to install the Backline app.
Select Repositories
Choose All repositories or select specific repositories you want to link to Backline.
Requesting Installation
If you don’t have organization owner rights, you can submit an installation request. A GitHub organization owner will need to approve it — once they do, Backline automatically completes the integration without any further action from you.Request Installation
Click Connect. On the GitHub page, select the organization and click Request instead of Install.
Authorize Backline
You’ll be redirected back to Backline and then prompted to authorize Backline to identify your GitHub account.
Pending State
The integration will appear as Pending in the Integration Hub. No further action is needed from you.
The GitHub organization owner does not need a Backline account to approve the request — they approve it directly in GitHub.
After Connection
Once connected, Backline will:- Index your repositories
- Generate remediation plans for vulnerabilities from those repositories
- Create pull requests for automated fixes
Configuration
The GitHub integration includes additional configuration options accessible from the Configuration tab in the integration modal.Dependabot Scan
Backline can ingest vulnerability alerts from GitHub Dependabot, allowing you to centralize SCA (Software Composition Analysis) vulnerabilities alongside findings from other security scanners.Open GitHub Configuration
In the Integration Hub, click Configure on the GitHub integration card and navigate to the Configuration tab.
Enable Dependabot Scan
Check the Enable Dependabot Scan checkbox to activate Dependabot alert ingestion.
- Scan all repositories configured for the Backline GitHub App that have Dependabot Alerts activated
- Import SCA vulnerabilities detected by Dependabot into Backline
- Track and deduplicate vulnerabilities across your repositories
- Enable remediation workflows for imported Dependabot findings
Dependabot Alerts must be enabled in your GitHub repository settings for Backline to ingest them. See the Dependabot integration page for more details.
Managing the Integration
Adding Multiple Organizations
You can connect multiple GitHub organizations to Backline:Open Integration Details
Go to the GitHub integration card in the Integration Hub and click Configure to open the integration details.
Testing Connections
To verify that a connection is still valid:- Open the integration details by clicking Configure on the GitHub integration card
- Find the organization card you want to test
- Click the three dots menu on the organization card
- Select Test Connection to check if the connection is valid
Disconnecting
To disconnect a GitHub organization:Open Integration Menu
In the Integration Hub, click the three dots menu on the GitHub integration card.