GitHub App
Install the OLYDI GitHub App and review the scopes it requests.
GitHub App
The OLYDI GitHub App is what opens remediation pull requests and writes check results. The CLI and Action cover scanning; the App covers the fix half of the loop.
Scopes
The App requests the minimum scopes needed to scan, report, and propose fixes:
checks:write— report scan status as a check run on commits and pull requests.security_events:write— mirror findings into the repository Security tab as SARIF.contents:write— create branches and commits for remediation pull requests. Used only when autonomous fix is enabled for the repository.pull_requests:write— open and update remediation pull requests.metadata:read— required baseline read scope.
Install
Install the App on the organisation or specific repositories you want OLYDI to watch. Scanning begins on the next push; autonomous fix stays off until you request private-beta access and enable it per repository.
Boundary
The App never pushes to a protected branch directly. Every change lands as a pull request carrying its verification evidence, so a human reviews the diff and its signed evidence chain before merge.
