Connecting Kawach & GitHub Accounts

Overview

This article explains how to integrate GitHub with Kawach to enable centralized compliance monitoring across all repositories in your GitHub organization. Once connected, Kawach can monitor repositories in read-only mode and surface relevant security and governance findings as part of your compliance and risk workflows.

This integration helps ensure that repository security signals, access controls, and development activity are consistently tracked and available for audits, reviews, and internal assessments.

Prerequisites

Before starting the integration, ensure the following:

You have an active GitHub organization.
You are an organization owner or have sufficient privileges to authorize third-party applications.
You have access to your organization’s Kawach account with permissions to manage integrations.
You know which GitHub organization you want Kawach to monitor.

What Kawach Accesses

Kawach connects to GitHub in read-only mode. It does not modify any code, repositories, or configuration in your GitHub organization.

Once connected, Kawach can:

Read usernames, public email addresses, and full names
Monitor pull requests, checks, and repository activity
Access user profile metadata
Read organization groups, projects, container registry, and package registry metadata

Steps to Integrate GitHub with Kawach

Step 1: Navigate to Integrations in Kawach

Log in to your Kawach account.
Go to Settings.
Select the Integrations tab.
Click Create.
Locate GitHub from the list of available integrations.
Click Connect.

Step 2: Authorize Kawach in GitHub

You will be redirected to the GitHub authorization page.
Sign in using your work account associated with the organization.
Select the GitHub organization you want to connect.
Review the read-only permissions requested by Kawach.
Approve the connection.

Note: You must have organization owner access to authorize third-party applications.

Step 3: Confirm Organization Connection

After authorization:

You will be redirected back to Kawach.
Confirm the GitHub organization connection.
Kawach will begin syncing data for all repositories within the organization.

After the Integration

Once the integration is complete:

GitHub repositories are continuously monitored within Kawach.
Relevant findings are surfaced as part of compliance and risk workflows.
Teams get centralized visibility into repository security and governance without switching tools.

This setup supports ongoing compliance by ensuring development and security evidence is consistently available.

Troubleshooting

Pin icon Authorization failed

⌄

Ensure you are logged into the correct GitHub organization and have organization owner access.

Pin icon Repositories not visible

⌄

Verify that the selected organization contains the repositories you expect Kawach to monitor.

Pin icon Data not syncing

⌄

Allow a few minutes after setup. If issues persist, try reconnecting the integration.