Skip to main content

GitHub Integration

Corridor integrates with GitHub to provide automated PR reviews on every pull request. Connect your repositories to get security analysis before code merges.

What you get

  • Automated PR reviews: Every pull request analyzed for security vulnerabilities
  • Inline comments: Findings posted directly on the affected code lines
  • Status checks: Optionally block merges until security review passes
  • Finding tracking: Issues persist and track through remediation

Connecting GitHub

Install the GitHub App

1

Navigate to project settings

In the Corridor dashboard, go to your project and click Settings → GitHub.
2

Install the GitHub App

Click Install GitHub App and select your GitHub organization.
3

Select repositories

Choose which repositories to grant Corridor access to.
4

Enable PR reviews

Toggle on Automated PR Reviews for the connected repository.

Required permissions

The Corridor GitHub App requests:
PermissionAccessPurpose
CodeReadAnalyze code in pull requests
MetadataReadRepository information
Pull requestsRead/WritePost review comments
ChecksRead/WriteUpdate status checks
Corridor only reads code during PR review. We analyze the diff, not your entire codebase, and don’t store source code beyond what’s needed for review.

How PR reviews work

When a pull request is opened or updated:
  1. GitHub sends a webhook to Corridor
  2. Corridor fetches and analyzes the changed files
  3. Security review is generated with findings
  4. Review is posted to the PR
  5. Status check is updated
PR opened → Webhook → Analysis → Review posted → Status check

                   Findings created

Review timing

Reviews typically complete within 1-2 minutes. Large PRs or high-volume periods may take longer.

Status checks

Block merges until Corridor approves:

Enable status checks

  1. Go to Project Settings → GitHub
  2. Toggle on Status Checks
  3. In GitHub, go to Settings → Branches → Branch protection rules
  4. Edit (or create) a rule for your main branch
  5. Enable “Require status checks to pass”
  6. Select “Corridor Security Review”

Check states

StateMeaning
PendingReview in progress
SuccessNo blocking issues found
FailureSecurity issues require attention

Configuring severity threshold

By default, status checks fail on High or Critical findings. You can adjust this in project settings:
  • Strict: Fail on Medium and above
  • Standard: Fail on High and above (default)
  • Relaxed: Fail only on Critical

Review settings

Configure PR review behavior:
SettingDescription
Review all PRsReview every pull request
Skip draft PRsDon’t review until PR is ready for review
Branch filterOnly review PRs targeting specific branches

OAuth authentication

Users can sign in to Corridor with their GitHub account:
  1. Click Sign in with GitHub
  2. Authorize Corridor to access your GitHub identity
  3. Your Corridor account links to your GitHub profile
This is separate from the GitHub App, which grants repository access.

Troubleshooting

Reviews not appearing

  1. Verify the GitHub App is installed on the repository
  2. Check that PR reviews are enabled in project settings
  3. Look at webhook deliveries in GitHub for errors:
    • Go to your GitHub organization settings
    • Click Developer settings → GitHub Apps
    • Find Corridor and click Configure
    • Check Recent deliveries for failures

Status checks stuck pending

  1. Check webhook delivery succeeded
  2. Verify your team has available PR review credits
  3. Large PRs take longer—wait a few minutes
  4. Check the Corridor dashboard for processing status

Permission errors

  1. Re-install the GitHub App with correct repository access
  2. Ensure the repository is selected in GitHub App configuration
  3. Verify your GitHub user has write access to the repo

Webhook delivery failures

  1. Go to GitHub App settings
  2. Check Recent deliveries
  3. Look for HTTP errors (4xx, 5xx)
  4. If persistent, contact support@corridor.dev

Next steps

PR Reviews

Learn more about automated reviews

Projects

Manage your projects