# GitHub Integration

GitHub is a code hosting and collaboration platform that supports native webhook delivery for repository events. When something happens in your repository — a push, a failed workflow, a new vulnerability alert — GitHub can send a real-time HTTP POST request to any endpoint you configure.

This integration connects GitHub to ITOC360 so that repository events automatically create or resolve incidents in your on-call workflow. No middleware or third-party service required; the webhook goes directly from GitHub to ITOC360.

### How It Works

GitHub sends a webhook payload to itoc360 every time a subscribed event occurs in your repository. The `X-GitHub-Event` header in each request identifies the event type — ITOC360 uses this to determine whether to open or resolve an incident. For events like workflow failures or vulnerability alerts, a new incident is created. When the same workflow succeeds on a subsequent run, or the vulnerability is dismissed, ITOC360 automatically resolves it.

### Prerequisites

* A GitHub repository where you have admin access
* Your ITOC360 webhook URL, generated when you create the integration

### In ITOC360

Go to **Integrations**, click **Add Integration**, and select **GitHub** from the list. Copy the webhook URL that appears — you'll paste it into GitHub in the next step.

### In GitHub

#### Step 1 — Open Webhooks Settings

Navigate to your repository on GitHub. Click **Settings** in the top navigation bar, then find **Webhooks** in the left sidebar under **Code and automation**.<br>

<figure><img src="https://4108595529-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FimJRSa33y5Ej6rwXrBeA%2Fuploads%2F1Wgi5OiXjw9Yeq8bNhOn%2Fimage.png?alt=media&#x26;token=4786be00-c17b-4fc6-b0df-808d96db37aa" alt=""><figcaption></figcaption></figure>

Click **Add webhook** in the top right corner.

***

#### Step 2 — Configure the Webhook

Fill in the form as follows:

* **Payload URL** — paste your ITOC360 webhook URL here
* **Content type** — select `application/json`
* **Secret** — leave this empty
* **SSL verification** — leave **Enable SSL verification** selected
* **Which events would you like to trigger this webhook?** — select **Send me everything**
* Make sure **Active** is checked at the bottom

\
Click **Add webhook** to save. GitHub will immediately send a ping request to confirm the connection is working.

<figure><img src="https://4108595529-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FimJRSa33y5Ej6rwXrBeA%2Fuploads%2FEobmnYjBYQJJgw5nvFpb%2FEkran%20Resmi%202026-03-27%2013.22.51.png?alt=media&#x26;token=7c8fa1d8-2aeb-471e-bb68-47b0d453de6c" alt=""><figcaption></figcaption></figure>

### Supported Events

ITOC360 processes the following GitHub event types:

| Event                            | Trigger                        | Resolve                          |
| -------------------------------- | ------------------------------ | -------------------------------- |
| `workflow_run`                   | Workflow fails or times out    | Workflow succeeds                |
| `deployment_status`              | Deployment errors or fails     | Deployment succeeds              |
| `check_run`                      | Check fails or requires action | Check passes                     |
| `pull_request`                   | PR opened or updated           | PR closed                        |
| `issues`                         | Issue opened                   | Issue closed                     |
| `repository_vulnerability_alert` | Vulnerability detected         | Vulnerability dismissed or fixed |
| `push`                           | Commit pushed to any branch    | —                                |
| `release`                        | Release published              | —                                |

All other event types are accepted and logged as alerts with a default priority.

### Notes

* GitHub identifies event types via the `X-GitHub-Event` request header, not the payload body. ITOC360 reads this header automatically — no additional configuration needed.
* If you want to limit noise, you can go back to the webhook settings and switch from **Send me everything** to **Let me select individual events**, then choose only the events relevant to your workflow.
* The webhook secret field is optional. If you set one in GitHub, ITOC360 will ignore it (signature verification is not enforced at the receiver).