Get Started
Install GitHub Apps
Install Superagent Security and Open CLA on selected repositories for scans, trust signals, reports, and CLA checks.
Install the GitHub Apps that match the workflows you want. During installation, choose Only select repositories unless you intentionally want Superagent to access every repository in the GitHub account.
Apps
| App | Install URL | Enables |
|---|---|---|
| Superagent Security | github.com/apps/superagent-security | PR security scanning, contributor trust, repository reports, GitHub advisories |
| Open CLA | github.com/apps/open-cla | CLA checks, contributor signing, repository CLA enforcement |
Superagent Security
Install Superagent Security when you need:
- Security scan checks on pull requests
- Contributor trust checks (identity, origin, PR spray, suspicious activity, and related signals)
- Repository red-team reports on private connected repos
- GitHub repository security advisories surfaced as findings
The app needs repository access for checks, pull request events, and—when you use advisory triage—repository_advisory webhook events.
Open CLA
Install Open CLA when you need:
- Contributor License Agreement checks on pull requests
- Contributor signing (in-app or via Dropbox Sign)
- Per-repository CLA template assignment
Recommended install order
- Install Superagent Security on repos you want to scan and test.
- Install Open CLA on repos that require contributor agreements.
- Open Integrations in Superagent and confirm each app shows as connected.
- Open Repository and verify repos list the expected capabilities (security, CLA, or both).
You can change repository access later by reconfiguring the app in GitHub or from Integrations.