Reference
Integrations
Connect GitHub and other services from the dashboard Integrations page.
Manage integrations from Integrations (/app/integrations) in the top navigation.
GitHub
Primary integration for:
- Protection (pull requests, contributor trust, advisories)
- Red Teaming (agents and repositories)
- CLA (checks, templates, contributors)
After connecting GitHub, install the product-specific GitHub Apps:
| App | Used for |
|---|---|
| Superagent Security | PR security scanning, contributor trust, and red-team repository reports |
| Open CLA | CLA checks, contributor signing, and repository CLA enforcement |
See Connect GitHub and Install GitHub Apps for setup steps.
Dropbox Sign
Use Dropbox Sign when your CLA workflow requires hosted e-signature instead of the default in-app Markdown signing flow.
Dropbox Sign is used for:
- Signing personal and corporate CLAs through Dropbox Sign
- Importing Dropbox Sign templates as CLA template versions
- Sending signing links to contributors or organization signers by email
- Receiving signature completion events through the Dropbox Sign callback URL
Configure Dropbox Sign from Integrations (/app/integrations) by connecting your Dropbox Sign API key. Repository CLA settings can then use Dropbox Sign templates as the signing mode for repositories that require it.
Other integrations
Additional connectors may appear on the Integrations page as your deployment enables them. Configure each card from the same view.
Permissions
Ensure each GitHub App has the scopes required for its features. Superagent Security needs repository and pull request access for scanning and contributor trust. Open CLA needs check publishing and organization membership access for corporate CLA coverage.
For Dropbox Sign, use an API key from the Dropbox Sign console and configure the callback URL shown in the repository CLA settings when Dropbox Sign signing is enabled.