GitHub Integration
Connect your GitHub repositories to Rorix for automatic vulnerability scanning, continuous monitoring, and automated remediation pull requests.
Connecting Repositories
- Go to Integrations in your Rorix dashboard
- Click Connect GitHub
- Authorize the Rorix GitHub App
- Select the repositories you want to monitor
Once connected, Rorix installs a webhook that triggers scans on push events to your default branch.
Automatic Scanning
When you push changes that modify dependency files (.csproj, Directory.Packages.props, packages.config, etc.), Rorix automatically:
- Detects the changed project files
- Runs a vulnerability scan against the updated dependencies
- Posts a status check on the commit
- Comments on pull requests with a summary of findings
Scheduled Monitoring
Configure recurring scans to detect newly disclosed vulnerabilities in your existing dependencies.
| Schedule | Description | | --- | --- | | Daily | Scans run at 06:00 UTC every day | | Weekly | Scans run at 06:00 UTC every Monday |
To configure, navigate to your project settings in the dashboard and select a monitoring schedule.
Remediation Pull Requests
When Rorix detects fixable vulnerabilities, it can automatically create pull requests to update affected packages.
How It Works
- Rorix identifies vulnerabilities with known fixes in newer package versions
- A pull request is created updating the
PackageReferenceversion in your.csprojfile - The PR includes a detailed description of the vulnerabilities being fixed
- Your existing CI pipeline runs against the PR as usual
Configuration
Enable remediation PRs in your project settings:
- Auto-create PRs — automatically create PRs when fixable vulnerabilities are found
- Assign reviewers — add default reviewers to remediation PRs
- Label PRs — apply custom labels (default:
security,dependencies)
Remediation PRs only update direct dependencies. Transitive dependency updates require changes to the direct dependency that pulls them in.