GitHub App

Install the OLYDI GitHub App and review the scopes it requests.

GitHub App

The OLYDI GitHub App is what opens remediation pull requests and writes check results. The CLI and Action cover scanning; the App covers the fix half of the loop.

Scopes

The App requests the minimum scopes needed to scan, report, and propose fixes:

  • checks:write — report scan status as a check run on commits and pull requests.
  • security_events:write — mirror findings into the repository Security tab as SARIF.
  • contents:write — create branches and commits for remediation pull requests. Used only when autonomous fix is enabled for the repository.
  • pull_requests:write — open and update remediation pull requests.
  • metadata:read — required baseline read scope.

Install

Install the App on the organisation or specific repositories you want OLYDI to watch. Scanning begins on the next push; autonomous fix stays off until you request private-beta access and enable it per repository.

Boundary

The App never pushes to a protected branch directly. Every change lands as a pull request carrying its verification evidence, so a human reviews the diff and its signed evidence chain before merge.