GitHub Integration

Overview

The GitHub integration uses a purpose-built GitHub App that you install into your organization. Unlike OAuth tokens, GitHub Apps provide fine-grained, repository-level permissions and are the recommended way to grant third-party access to organization resources. Our observation agents analyze development workflow metadata — PR lifecycle, review turnaround, merge cadence, and commit frequency — to understand how your engineering teams ship code.

Friender never reads source code, commit diffs, or file contents. We collect only structural metadata: PR open/close timestamps, review submission times, merge events, branch names, and commit counts. This is sufficient to model your development pipeline without exposing proprietary code.

Prerequisites

• GitHub organization admin access — you must be an Organization Owner to install GitHub Apps. Organization Members can request installation, but an Owner must approve it
• A Friender Assess account with an active assessment engagement
• The repositories you want to analyze must be hosted on GitHub.com (Cloud). GitHub Enterprise Server requires a custom connector — contact us for details
• If your organization enforces third-party app restrictions, ensure the Friender Assess GitHub App is on the approved list

Setup Steps

Step 1: Navigate to the Integrations Dashboard

From your Friender Assess dashboard, open the left sidebar and click Integrations. Locate the GitHub card in the Development section.

Step 2: Click "Connect GitHub"

Click the Connect GitHub button. This redirects you to GitHub's App installation flow where you'll authorize the Friender Assess GitHub App for your organization.

Step 3: Install the GitHub App

On GitHub's installation page, select the organization you want to connect. Review the permissions requested by the Friender Assess app:

• repo:read — read repository metadata (name, description, visibility, language, creation date). Does not grant access to source code or file contents
• pull_requests:read — read pull request metadata (title, timestamps, review states, merge status, branch names). Does not grant access to diff content or inline comments
• members:read — read organization member list (usernames and team memberships) for mapping PR author and reviewer patterns

Click Install (or Install & Authorize if prompted) to complete the GitHub App installation. The app is installed at the organization level and does not require individual user tokens.

Step 4: Select Repositories

After installation, you'll be redirected back to the Friender dashboard to select which repositories to include:

• All repositories — recommended for comprehensive development workflow analysis across your entire codebase
• Specific repositories — select individual repos if you want to limit the assessment scope

You can also configure repository selection during the GitHub App installation step — choosing "All repositories" or "Only select repositories" directly on GitHub. The Friender dashboard selection acts as an additional filter on top of the GitHub-level permissions.

Step 5: Confirm & Start Collection

Review your repository selections and click Confirm. The initial data import pulls PR and commit metadata from the past 90 days. For most organizations, this completes within 1-3 hours. A progress indicator is visible on the integrations dashboard.

What Data Is Collected

The GitHub integration collects development workflow metadata. Here is a complete list of data points:

• PR lifecycle events — open, review requested, review submitted, approved, changes requested, merged, and closed timestamps
• Review times — time from PR open to first review, time from review request to review submission, and total review turnaround
• Merge cadence — frequency of merges per repository, per team, and per author over time
• Commit frequency — number of commits per PR, commits per day, and commit distribution by day of week and time of day
• Branch metadata — branch names, base/head branch relationships, and branch lifetime (creation to merge/delete)
• Repository metadata — repo name, primary language, visibility, default branch name, and team ownership

The following data is never collected:

• Source code or file contents of any kind
• Commit diffs or patch data
• PR descriptions or comment text
• Issue body content
• GitHub Actions workflow definitions or logs
• Secrets, environment variables, or deployment configurations

Permissions Required

The Friender Assess GitHub App requests the following permissions at installation:

Permission           Access Level    Purpose
Repository metadata  Read-only       Repo names, languages, visibility
Pull requests        Read-only       PR lifecycle, reviews, merge events
Organization members Read-only       Team memberships and author mapping

All permissions are read-only. You can modify or revoke the GitHub App installation at any time from GitHub > Organization Settings > Installed GitHub Apps > Friender Assess. Uninstalling the app immediately stops all data collection.

Troubleshooting

Installation Blocked by Organization Policy

If your organization restricts third-party GitHub App installations, the install button will show a "Request" option instead of "Install". An Organization Owner must approve the request from Organization Settings > Third-party access > Pending requests. If your org uses a SAML SSO policy, ensure the installing user has an active SSO session.

Repositories Not Appearing

If repositories are missing from the selection list, check the GitHub App installation settings. If you chose "Only select repositories" during installation, only those repos will be available in the Friender dashboard. You can update the repository selection from GitHub > Organization Settings > Installed GitHub Apps > Friender Assess > Configure.

Rate Limiting During Import

GitHub API rate limits for GitHub Apps are generous (5,000 requests per hour per installation), but very large organizations (1,000+ repositories) may experience throttling during the initial backfill. The importer automatically handles rate limits with exponential backoff. If the import hasn't completed after 24 hours, contact hello@joinfriender.com.

GitHub Enterprise Server

The standard integration supports GitHub.com (Cloud) only. For GitHub Enterprise Server (self-hosted) installations, we offer a custom connector that uses personal access tokens or a self-hosted GitHub App. Contact hello@joinfriender.com to discuss your deployment.

Need help? Return to the Integration Setup overview or contact us at hello@joinfriender.com.