GitHub Connection

Connect GitHub to enable white box pentesting with SAST, SCA, and secret detection.

Two connection methods

GitHub App (recommended)

The TurboPentest GitHub App provides fine-grained repository access.

Go to Dashboard > Account > GitHub
Click Install GitHub App
Select the repositories you want to grant access to
You are redirected back to TurboPentest

Benefits:

Per-repository access control
No personal token exposure
Automatic token refresh

OAuth

OAuth grants access to all repositories your GitHub account can see.

Go to Dashboard > Account > GitHub
Click Connect with GitHub
Authorize TurboPentest

When to use: If you cannot install GitHub Apps on your organization, or for quick personal repository testing.

Using GitHub with pentests

Once connected, include the repoUrl in your pentest request:

curl -X POST https://turbopentest.com/api/pentests \
  -H "X-API-Key: $TURBOPENTEST_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "targetUrl": "https://app.example.com",
    "repoUrl": "https://github.com/your-org/your-repo"
  }'

This enables Semgrep (SAST), Trivy (SCA), and Gitleaks (secret detection) in addition to all black box tools.

Managing connections

View and manage your GitHub connections in Dashboard > Account > GitHub. You can:

See which repositories are accessible
Disconnect a connection
Switch between OAuth and GitHub App

Previous

Shannon AI

Next

CI/CD Integration

On this page

Two connection methods GitHub App (recommended)OAuth Using GitHub with pentests Managing connections