Integrations

AWS Integration User Guide

Humadroid Compliance Platform Overview Humadroid's AWS integration automatically collects compliance evidence from your Amazon Web Services infrastructure. Once connected, it continuously monitors your AWS environment and gathers evidence that satisfies controls for SOC 2 and ISO 27001 compliance frameworks. Key Benefits - Automated evidence collection - No more manual screenshots or exports - Compliance-focused collection - Evidence collected on schedule (weekly or monthly) - Auto-verification - Many evidence sources are automatically checked against compliance rules - Multi-framework support - Single integration satisfies controls across SOC 2 and ISO 27001 Security Model - Read-only access - Humadroid cannot modify your AWS resources - Cross-account role assumption - Secure AWS STS-based authentication - External ID protection - Prevents confused deputy attacks - Full audit trail - All API calls logged in your CloudTrail Evidence Sources The AWS integration collects 17 distinct evidence types across six categories: Identity & Access Management IAM Password Policy - Description: Verifies password complexity, length, expiration, and reuse requirements - Frequency: Monthly - Auto-Verify: Yes IAM MFA Status - Description: Verifies multi-factor authentication is enabled for all users including root - Frequency: Monthly - Auto-Verify: Yes IAM Access Keys - Description: Monitors access key rotation, usage patterns, and lifecycle - Frequency: Monthly - Auto-Verify: Yes Logging & Monitoring CloudTrail Configuration - Description: Verifies audit logging is enabled and properly configured - Frequency: Monthly - Auto-Verify: Yes CloudTrail Events - Description: Audit trail of API calls and management events - Frequency: Monthly - Auto-Verify: No CloudWatch Alarms - Description: System monitoring and alerting configuration - Frequency: Monthly - Auto-Verify: Yes VPC Flow Logs - Description: Network traffic logging configuration - Frequency: Monthly - Auto-Verify: Yes Security Services GuardDuty Status - Description: Threat detection service status and configuration - Frequency: Monthly - Auto-Verify: Yes GuardDuty Findings - Description: Security threats and anomalies detected - Frequency: Weekly - Auto-Verify: No Security Hub Status - Description: Consolidated security findings service status - Frequency: Monthly - Auto-Verify: Yes AWS Config Status - Description: Configuration change tracking service status - Frequency: Monthly - Auto-Verify: Yes Network Security Security Groups - Description: Network security rules and firewall configuration - Frequency: Monthly - Auto-Verify: Yes Network ACLs - Description: Network access control list rules - Frequency: Monthly - Auto-Verify: Yes Encryption & Data Protection S3 Bucket Encryption - Description: Verifies all S3 buckets have encryption enabled - Frequency: Monthly - Auto-Verify: Yes S3 Public Access Block - Description: Verifies S3 buckets block public access - Frequency: Monthly - Auto-Verify: Yes RDS Encryption - Description: Verifies RDS instances have encryption enabled - Frequency: Monthly - Auto-Verify: Yes EBS Volume Encryption - Description: Verifies EBS volumes are encrypted - Frequency: Monthly - Auto-Verify: Yes KMS Key Rotation - Description: Verifies KMS keys are configured for automatic rotation - Frequency: Monthly - Auto-Verify: Yes Backup & Recovery AWS Backup Jobs - Description: Backup execution and success monitoring - Frequency: Weekly - Auto-Verify: Yes RDS Snapshots - Description: Database backup snapshots - Frequency: Monthly - Auto-Verify: Yes SOC 2 Control Coverage The AWS integration provides evidence for the following SOC 2 (2017) Trust Services Criteria: CC6 - Logical and Physical Access Controls CC6.1 - Logical Access Security The entity implements logical access security software, infrastructure, and architectures to protect information assets - IAM Password Policy - Password complexity requirements are enforced - IAM MFA Status - Multi-factor authentication is enabled - IAM Access Keys - Access credentials are properly managed - S3 Encryption - Data at rest is encrypted - S3 Public Access Block - Data is not publicly exposed - RDS Encryption - Databases are encrypted - EBS Volume Encryption - Storage volumes are encrypted - KMS Key Rotation - Encryption keys are properly rotated CC6.2 - User Registration and Authorization Prior to issuing system credentials and granting access, the entity registers and authorizes new users - IAM MFA Status - Complete inventory of IAM users with access details - IAM Access Keys - Access key creation and authorization records CC6.3 - Removal of Access Rights The entity removes credentials and disables system access when no longer required - CloudTrail Events - Access revocation events are logged - IAM Access Keys - Inactive or unused access keys identified CC6.6 - Logical Access Security Measures The entity implements controls to prevent or detect and act upon unauthorized logical access - Security Groups - Firewall rules restrict access appropriately - Network ACLs - Network-level access controls are in place - VPC Flow Logs - Network traffic is monitored - GuardDuty Status - Threat detection is active - GuardDuty Findings - Security threats are identified and tracked CC6.7 - Data Transmission Controls The entity restricts transmission and movement of data - S3 Encryption - Data is encrypted during storage and transfer - RDS Encryption - Database data is encrypted CC7 - System Operations CC7.1 - Security Monitoring The entity monitors system components for anomalies and security events - GuardDuty Status - Threat detection service is active - Security Hub Status - Security monitoring is consolidated - CloudWatch Alarms - Alerts are configured for security events CC7.2 - Security Event Logging The entity identifies and logs security events - CloudTrail Configuration - Audit logging is properly configured - CloudTrail Events - Security events are recorded - VPC Flow Logs - Network activity is logged CC7.3 - Security Incident Response The entity evaluates security events and responds to identified incidents - GuardDuty Findings - Threats are detected and tracked - CloudWatch Alarms - Incident alerts are configured CC8 - Change Management CC8.1 - Change Management The entity authorizes, documents, and controls infrastructure changes - CloudTrail Events - Infrastructure changes are logged - AWS Config Status - Configuration changes are tracked A1 - Availability A1.1 - System Availability The entity maintains, monitors, and evaluates current processing capacity - Backup Jobs - Data can be recovered - RDS Snapshots - Database backups are maintained - CloudWatch Alarms - Availability monitoring is active A1.2 - Recovery Procedures The entity's recovery procedures support system recovery in accordance with recovery objectives - Backup Jobs - Backup procedures are executed successfully - RDS Snapshots - Point-in-time recovery is available ISO 27001:2022 Control Coverage The AWS integration provides evidence for the following ISO 27001:2022 Annex A controls: A.5 - Organizational Controls A.5.15 - Access Control Rules to control physical and logical access to information and other associated assets shall be established and implemented - IAM Password Policy - Password policies enforce access security - IAM MFA Status - Strong authentication is required - IAM Access Keys - Access credentials are managed - Security Groups - Network access is controlled A.5.16 - Identity Management The full life cycle of identities shall be managed - IAM MFA Status - Complete inventory of identities - IAM Access Keys - Access key lifecycle management A.5.17 - Authentication Information Allocation and management of authentication information shall be controlled - IAM Password Policy - Authentication requirements are enforced - IAM MFA Status - MFA is properly configured - IAM Access Keys - Credentials are properly managed A.5.18 - Access Rights Access rights to information and other associated assets shall be provisioned, reviewed, modified and removed - IAM Access Keys - Access key usage is reviewed - CloudTrail Events - Access changes are logged A.5.23 - Cloud Services Security Processes for acquisition, use, management and exit from cloud services shall be established - GuardDuty Status - Cloud threat detection is active - Security Hub Status - Cloud security posture is monitored - CloudTrail Configuration - Cloud activity is logged A.8 - Technological Controls A.8.1 - User Endpoint Devices Information stored on, processed by or accessible via user endpoint devices shall be protected - EBS Volume Encryption - Storage attached to instances is encrypted A.8.3 - Information Access Restriction Access to information and other associated assets shall be restricted - S3 Public Access Block - Data is not publicly accessible - Security Groups - Network access is restricted - Network ACLs - Network-level access controls exist A.8.9 - Configuration Management Configurations, including security configurations, shall be established, documented, implemented, monitored and reviewed - AWS Config Status - Configuration changes are tracked - Security Groups - Security configurations are documented A.8.10 - Information Deletion Information stored shall be deleted when no longer required - S3 Encryption - S3 lifecycle and deletion policies A.8.11 - Data Masking Data masking shall be used in accordance with the organization's topic-specific policy - RDS Encryption - Database encryption protects sensitive data A.8.12 - Data Leakage Prevention Data leakage prevention measures shall be applied - S3 Public Access Block - Public exposure is prevented - GuardDuty Findings - Data exfiltration attempts are detected - VPC Flow Logs - Data transfers are monitored A.8.13 - Information Backup Backup copies of information, software and systems shall be maintained and regularly tested - Backup Jobs - Backups are executed regularly - RDS Snapshots - Database backups are maintained A.8.14 - Redundancy Information processing facilities shall be implemented with sufficient redundancy to meet availability requirements - RDS Encryption - Multi-AZ deployment status - Backup Jobs - Cross-region backup configuration A.8.15 - Logging Logs that record activities, exceptions, faults and other relevant events shall be produced, stored, protected and analysed - CloudTrail Configuration - API activity is logged - VPC Flow Logs - Network activity is logged - CloudWatch Alarms - Logs are monitored for anomalies A.8.16 - Monitoring Activities Networks, systems and applications shall be monitored for anomalous behaviour - GuardDuty Status - Threat monitoring is active - GuardDuty Findings - Anomalies are detected and tracked - CloudWatch Alarms - System monitoring is configured - Security Hub Status - Security posture is monitored A.8.20 - Networks Security Networks and network devices shall be secured, managed and controlled - Security Groups - Network security rules are configured - Network ACLs - Network access controls are in place - VPC Flow Logs - Network traffic is monitored A.8.24 - Use of Cryptography Rules for the effective use of cryptography, including cryptographic key management, shall be defined and implemented - S3 Encryption - Object storage is encrypted - RDS Encryption - Databases are encrypted - EBS Volume Encryption - Block storage is encrypted - KMS Key Rotation - Encryption keys are rotated Verification Rules Auto-verified evidence sources are checked against the following compliance thresholds: IAM Password Policy - Minimum password length: 14 characters - Require uppercase letters: Yes - Require lowercase letters: Yes - Require numbers: Yes - Require symbols: Yes - Maximum password age: 90 days - Password reuse prevention: 24 passwords IAM MFA Status - All users have MFA: 100% - Root account has MFA: Required IAM Access Keys - Maximum key age: 90 days - No unused keys: Required CloudTrail - CloudTrail enabled: Required - Multi-region trail: Required - Log file validation: Required - Encryption enabled: Required S3 Security - All buckets encrypted: Required - Default encryption enabled: Required - Public access blocked: Required RDS Security - All instances encrypted: Required - Automated backups enabled: Required - Retention period: 7+ days Network Security - No open SSH (0.0.0.0/0:22): Required - No open RDP (0.0.0.0/0:3389): Required - VPC Flow Logs enabled: Required Security Services - GuardDuty enabled: Required - Security Hub enabled: Recommended - AWS Config enabled: Recommended Summary: Control Coverage Matrix SOC 2 Controls by Evidence Source IAM Password Policy - CC6.1: Yes IAM MFA Status - CC6.1: Yes - CC6.2: Yes IAM Access Keys - CC6.1: Yes - CC6.2: Yes - CC6.3: Yes CloudTrail Config - CC7.2: Yes CloudTrail Events - CC6.3: Yes - CC7.2: Yes - CC8.1: Yes CloudWatch Alarms - CC7.1: Yes - CC7.3: Yes - A1.1: Yes VPC Flow Logs - CC6.6: Yes - CC7.2: Yes GuardDuty Status - CC6.6: Yes - CC7.1: Yes GuardDuty Findings - CC6.6: Yes - CC7.3: Yes Security Hub - CC7.1: Yes AWS Config - CC8.1: Yes Security Groups - CC6.6: Yes Network ACLs - CC6.6: Yes S3 Encryption - CC6.1: Yes - CC6.7: Yes S3 Public Access - CC6.1: Yes RDS Encryption - CC6.1: Yes - CC6.7: Yes EBS Encryption - CC6.1: Yes KMS Key Rotation - CC6.1: Yes Backup Jobs - A1.1: Yes - A1.2: Yes RDS Snapshots - A1.1: Yes - A1.2: Yes ISO 27001 Controls by Evidence Source IAM Password Policy - A.5.15: Yes - A.5.17: Yes IAM MFA Status - A.5.15: Yes - A.5.16: Yes - A.5.17: Yes IAM Access Keys - A.5.15: Yes - A.5.16: Yes - A.5.17: Yes - A.5.18: Yes CloudTrail Config - A.5.23: Yes - A.8.15: Yes CloudTrail Events - A.5.18: Yes CloudWatch Alarms - A.8.15: Yes - A.8.16: Yes VPC Flow Logs - A.8.12: Yes - A.8.15: Yes - A.8.20: Yes GuardDuty Status - A.5.23: Yes - A.8.16: Yes GuardDuty Findings - A.8.12: Yes - A.8.16: Yes Security Hub - A.5.23: Yes - A.8.16: Yes AWS Config - A.8.9: Yes Security Groups - A.5.15: Yes - A.8.3: Yes - A.8.9: Yes - A.8.20: Yes Network ACLs - A.8.3: Yes - A.8.20: Yes S3 Encryption - A.8.24: Yes S3 Public Access - A.8.3: Yes - A.8.12: Yes RDS Encryption - A.8.24: Yes EBS Encryption - A.8.24: Yes KMS Key Rotation - A.8.24: Yes Backup Jobs - A.8.13: Yes RDS Snapshots - A.8.13: Yes Getting Started To set up the AWS integration: 1. Navigate to Settings > Integrations > AWS 2. Click Connect AWS Account 3. Follow the setup wizard to create an IAM role in your AWS account 4. Paste the Role ARN and validate the connection 5. Enable evidence sources for your compliance controls AWS Permissions Required The integration requires read-only permissions via the AWS-managed SecurityAudit policy plus additional permissions: Core Permissions iam:GetAccountPasswordPolicy iam:ListUsers iam:ListMFADevices iam:ListAccessKeys iam:GetAccessKeyLastUsed cloudtrail:DescribeTrails cloudtrail:GetTrailStatus cloudtrail:LookupEvents cloudwatch:DescribeAlarms guardduty:ListDetectors guardduty:GetDetector guardduty:GetFindings securityhub:GetEnabledStandards securityhub:GetFindings ec2:DescribeFlowLogs ec2:DescribeVpcs ec2:DescribeSecurityGroups ec2:DescribeNetworkAcls ec2:DescribeVolumes s3:ListAllMyBuckets s3:GetBucketEncryption s3:GetBucketPublicAccessBlock rds:DescribeDBInstances rds:DescribeDBSnapshots kms:ListKeys kms:GetKeyRotationStatus backup:ListBackupJobs backup:ListBackupPlans config:DescribeConfigurationRecorders config:DescribeConfigurationRecorderStatus Support If you need help with your AWS integration: - Email: support@humadroid.com - Status: https://status.humadroid.com

GitHub Integration User Guide

Humadroid Compliance Platform Overview Humadroid's GitHub integration automatically collects compliance evidence from your GitHub organization. Once connected, it continuously monitors your organization's security settings, access controls, and code security features, gathering evidence that satisfies controls for SOC 2 and ISO 27001 compliance frameworks. Key Benefits - Automated evidence collection - No more manual screenshots or exports - Compliance-focused collection - Evidence collected on schedule (weekly or monthly) - Auto-verification - Most evidence sources are automatically checked against compliance rules - Multi-framework support - Single integration satisfies controls across SOC 2 and ISO 27001 Security Model - Read-only access - Humadroid cannot modify your GitHub organization or repositories - GitHub App authentication - Secure, fine-grained permissions per repository - Installation tokens - Short-lived tokens (1 hour) instead of persistent OAuth tokens - External ID protection - Unique installation ID prevents unauthorized access - Full audit trail - All API calls can be tracked in GitHub's audit log (Enterprise) Evidence Sources The GitHub integration collects 12 distinct evidence types across four categories: Organization & Access Management Organization 2FA Status - Description: Verifies 2FA is required and enabled for all organization members - Frequency: Monthly - Auto-Verify: Yes Organization Members - Description: Lists all organization members with roles and activity - Frequency: Monthly - Auto-Verify: No Team Permissions - Description: Documents team membership and repository access - Frequency: Monthly - Auto-Verify: No Outside Collaborators - Description: Lists external users with repository access - Frequency: Monthly - Auto-Verify: Yes Repository Security Branch Protection Rules - Description: Collects branch protection settings for all repositories - Frequency: Monthly - Auto-Verify: Yes Repository Visibility - Description: Inventories repository visibility (public/private/internal) - Frequency: Monthly - Auto-Verify: Yes Required Reviews - Description: Collects pull request review requirements by repository - Frequency: Monthly - Auto-Verify: Yes Deploy Keys - Description: Audits SSH deploy keys across repositories - Frequency: Monthly - Auto-Verify: Yes Security Scanning Secret Scanning - Description: Verifies secret scanning is enabled and checks for alerts - Frequency: Monthly - Auto-Verify: Yes Dependabot Alerts - Description: Collects Dependabot configuration and vulnerability alerts - Frequency: Monthly - Auto-Verify: Yes Code Scanning - Description: Verifies CodeQL/code scanning is enabled and checks findings - Frequency: Monthly - Auto-Verify: Yes Audit & Logging Audit Log - Description: Collects organization audit log events (Enterprise only) - Frequency: Monthly - Auto-Verify: No SOC 2 Control Coverage The GitHub integration provides evidence for the following SOC 2 (2017) Trust Services Criteria: CC6 - Logical and Physical Access Controls CC6.1 - Logical Access Security The entity implements logical access security software, infrastructure, and architectures to protect information assets - Organization 2FA Status - Multi-factor authentication is required for all members - Organization Members - Complete inventory of users with access - Team Permissions - Access is organized through teams with defined permissions CC6.2 - User Registration and Authorization Prior to issuing system credentials and granting access, the entity registers and authorizes new users - Organization Members - Complete inventory of all registered users - Outside Collaborators - External users are tracked and authorized CC6.3 - Removal of Access Rights The entity removes credentials and disables system access when no longer required - Audit Log - Access changes are logged (Enterprise) - Organization Members - Current membership can be compared over time CC6.6 - Logical Access Security Measures The entity implements controls to prevent or detect and act upon unauthorized logical access - Branch Protection Rules - Code access is controlled through branch protection - Repository Visibility - Repositories are properly classified (public/private) - Deploy Keys - SSH keys for automated access are tracked CC7 - System Operations CC7.1 - Security Monitoring The entity monitors system components for anomalies and security events - Secret Scanning - Leaked secrets are detected automatically - Dependabot Alerts - Vulnerable dependencies are identified - Code Scanning - Security vulnerabilities in code are detected CC7.2 - Security Event Logging The entity identifies and logs security events - Audit Log - Security-relevant events are logged (Enterprise) CC7.3 - Security Incident Response The entity evaluates security events and responds to identified incidents - Secret Scanning - Leaked secrets are identified for remediation - Dependabot Alerts - Vulnerabilities are tracked for response - Code Scanning - Code security issues are tracked for resolution CC8 - Change Management CC8.1 - Change Management The entity authorizes, documents, and controls infrastructure changes - Branch Protection Rules - Code changes require specific workflows - Required Reviews - Changes require peer review before merge - Code Scanning - Automated security validation of changes ISO 27001:2022 Control Coverage The GitHub integration provides evidence for the following ISO 27001:2022 Annex A controls: A.5 - Organizational Controls A.5.15 - Access Control Rules to control physical and logical access to information and other associated assets shall be established and implemented - Organization 2FA Status - Strong authentication is enforced - Organization Members - Access is granted to authorized users - Team Permissions - Access is organized through teams A.5.16 - Identity Management The full life cycle of identities shall be managed - Organization Members - Complete inventory of identities A.5.17 - Authentication Information Allocation and management of authentication information shall be controlled - Organization 2FA Status - 2FA is properly configured A.5.18 - Access Rights Access rights to information and other associated assets shall be provisioned, reviewed, modified and removed - Audit Log - Access changes are logged (Enterprise) - Outside Collaborators - External access is tracked - Team Permissions - Team-based access is documented A.8 - Technological Controls A.8.3 - Information Access Restriction Access to information and other associated assets shall be restricted - Branch Protection Rules - Code access is restricted - Repository Visibility - Data exposure is controlled A.8.9 - Configuration Management Configurations shall be established, documented, implemented, monitored and reviewed - Branch Protection Rules - Security configurations are documented A.8.12 - Data Leakage Prevention Data leakage prevention measures shall be applied - Secret Scanning - Secrets in code are detected - Repository Visibility - Public exposure is monitored - Dependabot Alerts - Vulnerable code is identified A.8.15 - Logging Logs that record activities shall be produced, stored, protected and analysed - Audit Log - Organization activity is logged (Enterprise) A.8.16 - Monitoring Activities Networks, systems and applications shall be monitored for anomalous behaviour - Secret Scanning - Secret leakage is monitored - Dependabot Alerts - Vulnerability alerts are monitored - Code Scanning - Code security is continuously monitored A.8.25 - Secure Development Life Cycle Rules for the secure development of software and systems shall be established and applied - Branch Protection Rules - Development workflows are enforced - Required Reviews - Code review is required - Code Scanning - Security testing is automated A.8.28 - Secure Coding Secure coding principles shall be applied to software development - Code Scanning - Security vulnerabilities are detected - Dependabot Alerts - Insecure dependencies are identified - Secret Scanning - Hardcoded secrets are detected A.8.31 - Separation of Development, Test and Production Environments Development, testing and production environments shall be separated and secured - Branch Protection Rules - Branch policies enforce environment separation - Repository Visibility - Repository access is properly segmented Verification Rules Auto-verified evidence sources are checked against the following compliance thresholds: Organization 2FA Status - 2FA required for organization: Required - Member 2FA coverage: 100% - Maximum organization owners: 5 (configurable) Branch Protection - Default branch protected: 100% (for applicable repos) - Require pull requests: Required - Required approving reviews: 1+ - Dismiss stale reviews: Recommended - Enforce on administrators: Recommended - Require status checks: Recommended Repository Visibility - Allow public repositories: No (configurable) - Maximum public repositories: 0 (configurable) Required Reviews - Reviews required coverage: 100% - Minimum reviewers: 1 Secret Scanning - Secret scanning enabled: 100% - Push protection enabled: Recommended - Maximum open alerts: 0 Dependabot - Dependabot enabled: 100% - Maximum critical alerts: 0 - Maximum high alerts: 0 (configurable) - Auto security updates: Recommended Code Scanning - Code scanning enabled: 80% (configurable) - Maximum critical alerts: 0 - Maximum high alerts: 0 (configurable) Deploy Keys - Maximum key age: 90 days (configurable) - Read-only keys preferred: Recommended Outside Collaborators - Maximum collaborators with admin: 0 - All collaborators documented: Required Summary: Control Coverage Matrix SOC 2 Controls by Evidence Source Organization 2FA Status - CC6.1: Yes Organization Members - CC6.1: Yes - CC6.2: Yes - CC6.3: Yes Team Permissions - CC6.1: Yes Outside Collaborators - CC6.2: Yes Branch Protection - CC6.6: Yes - CC8.1: Yes Repository Visibility - CC6.6: Yes Required Reviews - CC8.1: Yes Deploy Keys - CC6.6: Yes Secret Scanning - CC7.1: Yes - CC7.3: Yes Dependabot Alerts - CC7.1: Yes - CC7.3: Yes Code Scanning - CC7.1: Yes - CC7.3: Yes - CC8.1: Yes Audit Log - CC6.3: Yes - CC7.2: Yes ISO 27001 Controls by Evidence Source Organization 2FA Status - A.5.15: Yes - A.5.17: Yes Organization Members - A.5.15: Yes - A.5.16: Yes Team Permissions - A.5.15: Yes - A.5.18: Yes Outside Collaborators - A.5.18: Yes Branch Protection - A.8.3: Yes - A.8.9: Yes - A.8.25: Yes - A.8.31: Yes Repository Visibility - A.8.3: Yes - A.8.12: Yes - A.8.31: Yes Required Reviews - A.8.25: Yes Deploy Keys - (No specific ISO 27001 controls mapped) Secret Scanning - A.8.12: Yes - A.8.16: Yes - A.8.28: Yes Dependabot Alerts - A.8.12: Yes - A.8.16: Yes - A.8.28: Yes Code Scanning - A.8.16: Yes - A.8.25: Yes - A.8.28: Yes Audit Log - A.5.18: Yes - A.8.15: Yes Getting Started To set up the GitHub integration: 1. Navigate to Settings > Integrations > GitHub 2. Click Install GitHub App 3. Select your GitHub organization 4. Choose repository access (all repositories recommended) 5. Approve the permissions 6. Enable evidence sources for your compliance controls For detailed setup instructions, see the GitHub App Setup Guide. GitHub Permissions Required The integration uses a GitHub App with the following permissions: Repository Permissions (Read-only) Administration - Description: Branch protection, settings - Used For: Branch protection rules, repo configuration Metadata - Description: Basic repository information - Used For: Repository listing (auto-granted) Secret scanning alerts - Description: View secret scanning alerts - Used For: Secret scanning status and alerts Dependabot alerts - Description: View Dependabot alerts - Used For: Vulnerability monitoring Code scanning alerts - Description: View code scanning alerts - Used For: CodeQL and security findings Organization Permissions (Read-only) Members - Description: Organization membership - Used For: Member listing, 2FA status Administration - Description: Organization settings - Used For: 2FA requirement, org configuration GitHub Plan Feature Matrix Free Plan - Organization 2FA enforcement: Yes - Branch protection: Yes - Required reviews: Yes - Secret scanning (public repos): Yes - Secret scanning (private repos): No - Push protection: No - Dependabot alerts: Yes - Code scanning: Yes - Audit log (web UI): No - Audit log (API): No - IP allow lists: No - SAML SSO: No Team Plan - Organization 2FA enforcement: Yes - Branch protection: Yes - Required reviews: Yes - Secret scanning (public repos): Yes - Secret scanning (private repos): Yes* - Push protection: Yes* - Dependabot alerts: Yes - Code scanning: Yes - Audit log (web UI): Yes - Audit log (API): No - IP allow lists: No - SAML SSO: No *Requires GitHub Advanced Security add-on Enterprise Plan - Organization 2FA enforcement: Yes - Branch protection: Yes - Required reviews: Yes - Secret scanning (public repos): Yes - Secret scanning (private repos): Yes - Push protection: Yes - Dependabot alerts: Yes - Code scanning: Yes - Audit log (web UI): Yes - Audit log (API): Yes - IP allow lists: Yes - SAML SSO: Yes Support If you need help with your GitHub integration: - Email: support@humadroid.com - Status: https://status.humadroid.com