> ## Documentation Index
> Fetch the complete documentation index at: https://docs.corridor.dev/llms.txt
> Use this file to discover all available pages before exploring further.
# GitHub
> Connect GitHub repositories for automated PR reviews and security status checks.
# GitHub Integration
Corridor integrates with GitHub to provide automated PR reviews on every pull request. Connect your repositories to get security analysis before code merges.
## What you get
* **Automated PR reviews**: Every pull request analyzed for security vulnerabilities
* **Inline comments**: Findings posted directly on the affected code lines
* **Corridor Review check**: A non-blocking GitHub check that mirrors scan progress on the PR head commit
* **Status checks**: Optionally block merges until security review passes
* **Finding tracking**: Issues persist and track through remediation
## Connecting GitHub
### Install the GitHub App
In the Corridor dashboard, go to your project and click **Settings → GitHub**.
Click **Install GitHub App** and select your GitHub organization.
Choose which repositories to grant Corridor access to.
Toggle on **Automated PR Reviews** for the connected repository.
### Required permissions
The Corridor GitHub App requests:
| Permission | Access | Purpose |
| ------------- | ---------- | ----------------------------- |
| Code | Read | Analyze code in pull requests |
| Metadata | Read | Repository information |
| Pull requests | Read/Write | Post review comments |
| Checks | Read/Write | Update status checks |
Corridor only reads code during PR review. We analyze the diff, not your entire codebase, and don't store source code beyond what's needed for review.
## How PR reviews work
When a pull request is opened or updated:
1. GitHub sends a webhook to Corridor
2. Corridor fetches and analyzes the changed files
3. Security review is generated with findings
4. Review is posted to the PR
5. The **Corridor Review** check on the pull request moves from Queued to In progress to Success as the review runs, with a **Details** link back to Corridor
6. Status check is updated
```
PR opened → Webhook → Analysis → Review posted → Status check
↓
Findings created
```
### Review timing
Reviews typically complete within 1-2 minutes. Large PRs or high-volume periods may take longer.
## Corridor Review check
Corridor publishes a **Corridor Review** check on every reviewed pull request. The check does not block merging on its own—it surfaces review progress and a link back to Corridor.
| State | Meaning |
| --------------- | --------------------------------- |
| **Queued** | The review is waiting to start |
| **In progress** | Corridor is analyzing the changes |
| **Success** | The review is finished |
Click **Details** to open this review in Corridor, where you can see findings, status, and history.
## Status checks
Block merges until Corridor approves:
### Enable status checks
1. Go to **Project Settings → GitHub**
2. Toggle on **Status Checks**
3. In GitHub, go to **Settings → Branches → Branch protection rules**
4. Edit (or create) a rule for your main branch
5. Enable "Require status checks to pass"
6. Select "Corridor Security Review"
### Check states
| State | Meaning |
| ----------- | --------------------------------- |
| **Pending** | Review in progress |
| **Success** | No blocking issues found |
| **Failure** | Security issues require attention |
### Configuring severity threshold
By default, status checks fail on High or Critical findings. You can adjust this in project settings:
* **Strict**: Fail on Medium and above
* **Standard**: Fail on High and above (default)
* **Relaxed**: Fail only on Critical
## Review settings
Configure PR review behavior:
| Setting | Description |
| ------------------ | ------------------------------------------- |
| **Review all PRs** | Review every pull request |
| **Skip draft PRs** | Don't review until PR is ready for review |
| **Branch filter** | Only review PRs targeting specific branches |
## OAuth authentication
Users can sign in to Corridor with their GitHub account:
1. Click **Sign in with GitHub**
2. Authorize Corridor to access your GitHub identity
3. Your Corridor account links to your GitHub profile
This is separate from the GitHub App, which grants repository access.
## Troubleshooting
### Reviews not appearing
1. Verify the GitHub App is installed on the repository
2. Check that PR reviews are enabled in project settings
3. Look at webhook deliveries in GitHub for errors:
* Go to your GitHub organization settings
* Click **Developer settings → GitHub Apps**
* Find Corridor and click **Configure**
* Check **Recent deliveries** for failures
### Status checks stuck pending
1. Check webhook delivery succeeded
2. Verify your team has available PR review credits
3. Large PRs take longer—wait a few minutes
4. Check the Corridor dashboard for processing status
### Permission errors
1. Re-install the GitHub App with correct repository access
2. Ensure the repository is selected in GitHub App configuration
3. Verify your GitHub user has write access to the repo
### Webhook delivery failures
1. Go to GitHub App settings
2. Check **Recent deliveries**
3. Look for HTTP errors (4xx, 5xx)
4. If persistent, contact [support@corridor.dev](mailto:support@corridor.dev)
## Next steps
Learn more about automated reviews
Manage your projects