GitHub code ownership¶
GitHub supplies repository, team, and ownership metadata so Venturi can connect AI-assisted engineering activity to the teams responsible for the codebase.
Release state
This is a Phase-1 connector setup guide for read-only GitHub organization metadata. It does not grant Venturi write access to repositories, issues, pull requests, packages, deployments, or Actions.
Required access¶
Use a GitHub App installation or fine-grained token with read-only access:
| Permission | Purpose |
|---|---|
| Organization members: read | Map users and teams to the customer tenant. |
| Metadata: read | Enumerate repositories and basic repository metadata. |
| Contents: read | Read ownership metadata such as CODEOWNERS where you choose to expose it. |
| Pull requests: read | Optional; supports review and ownership context when enabled. |
Avoid broad classic tokens where a GitHub App can express the required read-only scope. Do not grant write permissions.
Setup¶
- Create or install the Venturi GitHub App in the target organization.
- Restrict repository access to the organizations or repositories you want Venturi to analyze.
- Confirm the app permissions are read-only.
- In Venturi, open Administration -> Connectors -> GitHub.
- Select the installation and run Test connection.
- Confirm the first sync shows organization, repository, and team counts.
Verification¶
After setup, verify:
- the connector inventory marks GitHub as read-only;
- repository counts match the installation scope you selected;
- teams and ownership records appear in the attribution graph;
- the Attribution detail page can show GitHub ownership evidence for engineering usage where such evidence exists.
Rotation and offboarding¶
For GitHub App installations, rotate credentials through the app's installation flow. For fine-grained tokens, rotate them through your normal privileged-access process and update the token reference in Venturi. Removing the connector stops new ownership syncs but does not delete historical attribution evidence.