# Configuration & Best Practices

Set up GitHub Activity monitoring and follow security best practices to protect your repositories.

<figure><img src="/files/6RuXXaxUhm2h5XGrxKKJ" alt=""><figcaption></figcaption></figure>

## Configuration

### Connecting Repositories

1. Navigate to **Monitoring** → **GitHub Activity**
2. Click **Connect GitHub**
3. Authorize Sentry GitHub App
4. Select repositories to monitor
5. Configure webhook events and notification preferences

### Webhook Events

Sentry listens for GitHub events:

* Push events (commits)
* Pull request events
* Repository events (settings changes)
* Security events (Dependabot, secret scanning)
* Team and collaborator changes

### Alert Configuration

Customize alerting thresholds:

* Alert severity levels
* Notification channels (email, Slack, webhooks)
* Quiet hours (reduce noise during off-hours)
* Auto-resolution settings

## Best Practices

**Enable Commit Signing**: Require GPG or SSH commit signing to cryptographically verify commit authors.

**Branch Protection Rules**: Enforce on all default branches:

* Require pull request reviews (2+ approvers for critical repos)
* Require status checks to pass
* Restrict force pushes
* Require signed commits

**Dependabot Configuration**: Enable Dependabot with automatic PR creation for security updates.

**Secret Scanning**: Enable GitHub's secret scanning on all repositories (free for public repos, GHAS for private).

**Access Reviews**: Quarterly review of repository access, remove unused permissions.

**Pre-Commit Hooks**: Use git-secrets or similar tools to prevent secret commits locally.

**Incident Response Plan**: Document procedures for responding to malicious commit detection.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sentry.auditware.io/monitoring/github-activity/configuration-and-best-practices.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.