Contributor trust (/app/protection/contributor-trust) helps you understand who is contributing to your repositories and whether their activity warrants additional scrutiny. It is powered by the Superagent Security GitHub App.

What it shows

• Contributor identity and association with repositories
• Trust or risk signals derived from contribution patterns
• Identity, origin, PR spray, suspicious activity, and related contribution-risk indicators
• Context useful when triaging pull requests from unfamiliar authors

Prerequisites

• GitHub connected in the dashboard
• Superagent Security installed on the repositories where you want contributor trust signals

How to use it

1. Open Protection → Contributor trust from the sidebar.
2. Locate the contributor tied to a PR or advisory you are investigating.
3. Combine trust signals with Pull request scan results before approving merge.

When it matters most

• Open-source repos with external contributors
• Organizations onboarding many new contractors or bots
• Incidents where compromised or impersonated accounts are a concern

Next steps

• Install GitHub Apps
• Scan pull requests
• GitHub advisories