Matproof × GitHub
GitHub — code review, branch protection, secret scanning, Dependabot evidence.
Matproof's GitHub integration pulls organization-level evidence: branch protection rules, required code reviews, merge-ownership enforcement, Dependabot alerts and auto-updates, secret-scanning alerts, CodeQL findings, audit log events, member and team access. Installation via GitHub App (organization-scope).
Evidence Matproof collects from GitHub
- Branch protection rules per repository
- Required reviewers and code review history
- Dependabot alerts (critical/high/medium/low + auto-update status)
- Secret scanning findings and remediation
- CodeQL / code-scanning alerts
- Organization audit log events
- Team and repository access permissions
- Commit signing verification status
- Enterprise SSO enforcement
Frameworks supported
SOC 2ISO 27001NIS2DORAPCI DSS
Typical use cases
- SOC 2 CC8 change management evidence from every PR merge
- ISO 27001 A.8.28 secure coding + A.8.25 secure SDLC evidence
- DORA Art. 8 + 9 ICT change management in development
- Continuous evidence of 4-eyes review enforcement
- Automated Dependabot-based vulnerability management evidence
Setup
- 1Install the Matproof GitHub App at your organization
- 2Grant read-only access to repositories (Metadata, Contents, Actions, Code scanning, Secret scanning, Audit log)
- 3Approve installation
- 4Evidence begins flowing within minutes; historical audit-log backfill over first 24 hours
Questions on the setup? Contact us — our team can pair with yours on the connection.
Related integrations
See Matproof × GitHub in action.
30-minute demo — we connect a sandbox to show evidence flowing for your actual GitHub setup.