Aguardic logoAguardic/Docs

Search documentation

Search all documentation pages

Get Started

GitHub Integration

Enforce policies on pull requests, branches, and commits with GitHub integration.

Overview

The GitHub integration connects Aguardic to your GitHub repositories via a GitHub App. When pull requests are opened or updated, Aguardic evaluates the changes against your policies and reports results as check runs.

Setup

1

Install the GitHub App

Go to Integrations > GitHub in the Aguardic dashboard and click Connect. You'll be redirected to GitHub to install the Aguardic GitHub App. Select the repositories you want to govern and authorize the installation.

2

Bind policies

After connecting, go to Policy Bindings and map your policies to the GitHub integration. You can bind policies to:

All repositoriesEvery repository connected through the integration
Specific repositoriesIndividual repositories selected by name
Specific branchesTarget branches like main or production
3

Configure enforcement

Choose how Aguardic enforces policy results on GitHub:

BLOCKFails the check run (conclusion: failure), preventing merge with branch protection
APPROVAL_REQUIREDSets check to "action required" (conclusion: action_required), requiring manual approval before merge
WARNPasses the check run (conclusion: neutral) but includes violation details in the check summary
MONITOR_ONLYNo visible action on GitHub, violations logged in Aguardic only

How It Works

1

PR opened or updated

A developer opens or updates a pull request
2

Webhook received

GitHub sends a webhook to Aguardic
3

Fetch PR data

Aguardic fetches the PR diff and metadata
4

Policy evaluation

The governance engine evaluates against bound policies
5

Report results

Results are posted as a check run named "Aguardic Policy Check" on the PR, with a markdown summary of any violation details

What Gets Evaluated

PR title and descriptionCheck naming conventions, required sections
File changesScan diffs for sensitive data, banned patterns, or required approvals
Commit messagesEnforce commit message format
Branch namesValidate branch naming conventions

Branch Protection

For full enforcement, enable branch protection rules on GitHub:

  1. Go to Repository Settings > Branches > Branch protection rules
  2. Enable "Require status checks to pass before merging"
  3. Select the Aguardic check from the list

With branch protection enabled and enforcement set to BLOCK, developers cannot merge PRs that violate your policies.

Example Policies

Require PR Description

Ensure all PRs have a meaningful description:

  • Field: description
  • Operator: MATCHES
  • Value: .{20,} (at least 20 characters)
  • Severity: MEDIUM

Block Secret Commits

Prevent credentials from being committed:

  • Field: content
  • Operator: MATCHES
  • Value: (AKIA[A-Z0-9]{16}|sk-[a-zA-Z0-9]{48}|ghp_[a-zA-Z0-9]{36})
  • Severity: CRITICAL

Next Steps

GeminiGitLab