# Github activity

GitHub Activity monitoring protects your source code and development pipeline from supply chain attacks, malicious commits, and repository security issues.

<figure><img src="/files/MwkYtx7ET24XGuVUdTru" alt=""><figcaption></figcaption></figure>

## Why GitHub Monitoring Matters

### Supply Chain Attacks

Attackers increasingly target development infrastructure:

* Compromised developer accounts pushing malicious code
* Dependency confusion attacks
* Malicious packages in package repositories
* Stolen credentials used to access private repositories

### Direct Financial Impact

In Web3, compromised code leads to:

* Backdoored smart contracts stealing user funds
* Modified deployment scripts redirecting transactions
* Injected wallet draining code in frontends
* Stolen private keys from compromised CI/CD

## Monitoring Capabilities

### Repository Connection

Connect GitHub repositories to Sentry:

**Organization-Level**: Link your entire GitHub organization to monitor all repositories automatically.

**Selective Monitoring**: Choose specific critical repositories (smart contracts, deployment tools, infrastructure code).

**Webhook Integration**: Sentry registers webhooks to receive real-time events from GitHub.

### Commit Monitoring

**Author Verification**: Detect commits with mismatched author information:

* Display name doesn't match known team member
* Email address doesn't match verified organizational emails
* Suspicious commit author patterns (unusual names, temporary emails)

**Commit Overwrite Detection**: Alert when git history is rewritten:

* Force pushes to protected branches
* Commit amending on shared branches
* History tampering attempts
* Deleted commits that may contain evidence

**Suspicious Patterns**:

* Large commits outside normal business hours
* Commits from unusual geographic locations
* Rapid succession of commits (potential automated attack)
* Commits to sensitive files (deployment scripts, config files)

### Security Scanning Integration

**Dependabot Alerts**: Automatically ingest and display Dependabot security alerts:

* Vulnerable dependencies in package.json, requirements.txt, go.mod, etc.
* Severity levels (critical, high, medium, low)
* Available patches and upgrade paths
* CVSS scores and CVE identifiers

**Secret Scanning**: GitHub's secret scanning results forwarded to Sentry:

* Exposed API keys, tokens, passwords in code
* Accidentally committed credentials
* Private keys and certificates
* Database connection strings

**Code Scanning (GitHub Advanced Security)**: For organizations with GHAS:

* CodeQL analysis results
* SAST (Static Application Security Testing) findings
* Custom code scanning alerts
* Compliance rule violations

### Repository Health

**Branch Protection**: Monitor branch protection settings:

* Required reviews before merging
* Required status checks
* Administrator bypass permissions
* Force push restrictions

**Access Control Auditing**:

* Who has write/admin access to critical repositories
* Recently added collaborators
* Teams with repository access
* Outside collaborators

**Repository Configuration**:

* Private vs public status
* Security features enabled (Dependabot, secret scanning)
* Default branch settings
* Webhooks and integrations

## Next Steps

* [Alert Types & Response](/monitoring/github-activity/alert-types-and-response.md) - Alert severities and response procedures
* [Configuration & Best Practices](/monitoring/github-activity/configuration-and-best-practices.md) - Setup and security best practices


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sentry.auditware.io/monitoring/github-activity.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.