> ## Documentation Index
> Fetch the complete documentation index at: https://docs.qlty.sh/llms.txt
> Use this file to discover all available pages before exploring further.

# GitHub App

Qlty uses a [GitHub App](https://github.com/apps/qltysh) to integrate with GitHub.

## Authentication

GitHub OAuth is the only supported authentication method for Qlty. As part of the User authentication flow, the following permissions are granted:

### Account Permissions

| Permission      | Access    | Reason                                             |
| --------------- | --------- | -------------------------------------------------- |
| Email addresses | Read-only | Sending product and account-related notifications  |
| Watching        | Read-only | Identifying repositories that are important to you |

## Permissions

When installed, the GitHub App requires the following permissions:

### Repository Permissions

| Permission           | Access         | Reason                                                           |
| -------------------- | -------------- | ---------------------------------------------------------------- |
| Actions              | Read and write | When prompted, generate and validate code quality fixes          |
| Checks               | Read and write | Post code quality information on pull requests                   |
| Code scanning alerts | Read and write | Generate unified code quality reports including security issues  |
| Commit statuses      | Read and write | Post code quality information on pull requests                   |
| Contents             | Read and write | When prompted, push branches to open pull requests               |
| Custom properties    | Read-only      | Simplify administration by leveraging custom repository metadata |
| Deployments          | Read and write | Track the quality of and optionally gate deploys                 |
| Environments         | Read-only      | Track the quality of and optionally gate deploys                 |
| Issues               | Read and write | When prompted, create issues for code quality issues             |
| Metadata             | Read-only      | Mandatory by GitHub                                              |
| Packages             | Read-only      | When needed, install private packages to run static analysis     |
| Pull Requests        | Read and write | When prompted, open PRs to update config or improve code quality |

### Organization Permissions

| Permission | Access    | Reason                                 |
| ---------- | --------- | -------------------------------------- |
| Members    | Read-only | Checking permissions for authorization |

## Repository Access

Access can be granted either to all repositories in a workspace, or individual repositories.

By default, after authorization importing repositories as Qlty projects must be done manually. (In the future, we may provide an opt-in feature to automatically import repositories for convenience.)

## Webhooks

In order to analyze new commits and keep data syncronized, Qlty subscribed to GitHub webhooks.

## More information

* [Security](/cloud/security)