Skip to content
VULQN VULQN
Get Started

GitHub App Integration

The GitHub integration uses the VULQN GitHub App. Install it on a GitHub organization, grant repository access, then enable the repositories you want VULQN to review.

Connect GitHub

  1. Open Onboarding or Settings -> Add provider in VULQN.
  2. Choose Install GitHub App.
  3. GitHub opens the VULQN GitHub App installation page.
  4. Select the GitHub organization.
  5. Choose All repositories or select specific repositories.
  6. Approve the installation.
  7. Return to VULQN and wait for repository sync to finish.

After setup, repositories appear in Settings. They are available to VULQN, but they are not necessarily active for review until you enable them.

Enable repositories

In Settings:

  1. Find the GitHub connection.
  2. Enable the repositories VULQN should review.
  3. Confirm the branch field. New repositories default to main,master.
  4. Use Sync repos if newly granted repositories do not appear.

GitHub App access can be changed later from GitHub. After changing app repository access, return to VULQN and sync repositories.

What VULQN needs from GitHub

The app needs enough access to:

  • Read pull request metadata and diffs.
  • Read repository file content needed for review and .vulqn.json.
  • Post inline review comments and summary comments.
  • Update pull request descriptions.
  • Set commit status checks.
  • Receive PR, review-comment, review-thread, and installation events.

VULQN uses those capabilities to keep review output inside the PR and to track when comment threads are resolved or reopened.

GitHub events VULQN responds to

VULQN reviews PRs when GitHub reports:

  • Pull request opened.
  • Pull request synchronized with new commits.
  • Pull request reopened.

VULQN updates review status when a PR is closed or merged.

VULQN also listens for PR comments, inline review comments, and review-thread events so !vulqn commands, acknowledgements, learning replies, and thread resolution stay in sync.

Admin approval pending

Some GitHub organizations require an owner to approve app installations. If GitHub shows an approval request instead of completing the install, VULQN displays a pending state.

After an organization owner approves the app, return to VULQN and check Settings. If repositories are still missing, use Sync repos.

Troubleshooting

ProblemWhat to check
Repositories do not appearThe GitHub App installation may not include those repositories. Update app access in GitHub, then sync repos in VULQN.
PRs are not reviewedConfirm the repository is active in VULQN and the PR target branch matches the branch filter.
Review failed because the app was revokedReinstall or reconnect the GitHub App from onboarding or settings.
Diff too largeGitHub can withhold very large diffs. Split the PR into smaller changes.

For PR comment commands, see !vulqn Commands.