Configuration & Best Practices

Set up GitHub Activity monitoring and follow security best practices to protect your repositories.

Configuration

Connecting Repositories

  1. Navigate to MonitoringGitHub Activity

  2. Click Connect GitHub

  3. Authorize Sentry GitHub App

  4. Select repositories to monitor

  5. Configure webhook events and notification preferences

Webhook Events

Sentry listens for GitHub events:

  • Push events (commits)

  • Pull request events

  • Repository events (settings changes)

  • Security events (Dependabot, secret scanning)

  • Team and collaborator changes

Alert Configuration

Customize alerting thresholds:

  • Alert severity levels

  • Notification channels (email, Slack, webhooks)

  • Quiet hours (reduce noise during off-hours)

  • Auto-resolution settings

Best Practices

Enable Commit Signing: Require GPG or SSH commit signing to cryptographically verify commit authors.

Branch Protection Rules: Enforce on all default branches:

  • Require pull request reviews (2+ approvers for critical repos)

  • Require status checks to pass

  • Restrict force pushes

  • Require signed commits

Dependabot Configuration: Enable Dependabot with automatic PR creation for security updates.

Secret Scanning: Enable GitHub's secret scanning on all repositories (free for public repos, GHAS for private).

Access Reviews: Quarterly review of repository access, remove unused permissions.

Pre-Commit Hooks: Use git-secrets or similar tools to prevent secret commits locally.

Incident Response Plan: Document procedures for responding to malicious commit detection.

PreviousGithub activityNextAlert Types & Response

Last updated