Core Security Platforms
GitHub (Org Audit Log and Security Alerts) Connector
Use GitHub (Org Audit Log and Security Alerts) As a Review-Ready Evidence Source
Pull evidence from GitHub (Org Audit Log and Security Alerts), preserve source and collection history, and map the output directly to the controls reviewers ask about. Aurora automates recurring collection where the connector supports it and keeps export-based handoffs clean where it does not.
Common coverage includes Code review and branch protection, Code Security Scanning Controls, and Compliance Monitoring.
Supports recurring audits, buyer reviews, and renewal requests. We'll show what can run automatically and where export-based collection still makes sense.
Connector Summary
Best for
Continuous checks and evidence capture
Authentication
Github App Or Fine Grained Pat
Cadence
Every 1 hour
Setup time
10 to 20 minutes
Framework coverage
Adobe Common Controls Framework (Adobe CCF) and 45 more
Imported execution-stage guidance
Frameworks
53
Preferred requirement mappings
1,623
Candidate requirement mappings
333
Artifacts reviewers recognize. Preview the structure before you share anything.
Scroll for artifact previews
Setup
01
Connect GitHub (Org Audit Log and Security Alerts)
Sign-in method: Github App Or Fine Grained Pat. Read-only, least-privilege access.
02
Confirm Evidence Sources and Cadence
Confirm evidence sources and set cadence (every 1 hour).
03
Validate Capture (Read-Only Where Possible)
Validate evidence capture in read-only mode (where possible) before expanding workflows.
04
Map Evidence to Controls
Map captured artifacts to controls (7 mapped controls listed).
05
Bundle evidence when needed
Export an evidence bundle (ZIP) when you need an offline attachment. Aurora keeps the underlying source and timestamps so the work stays reusable.
What This Integration Captures
What Aurora monitors
10 continuous checks
GitHub (Org Audit Log + Security Alerts) branch protection required check • GitHub (Org Audit Log + Security Alerts) code scanning reviewed check
Evidence Aurora can collect
6 evidence types
Repositories • Repo Protection
How it stays current
Incremental updates every 1 hour. Full refresh daily.
Checks update as new data is synced.
Checks
Automated checks Aurora can run
Checks map directly to common buyer requirements. Reviewers see the result as exportable evidence, not a screenshot.
GitHub (Org Audit Log + Security Alerts) branch protection required check
GitHub (Org Audit Log + Security Alerts) code scanning reviewed check
GitHub (Org Audit Log + Security Alerts) default branch protected check
GitHub (Org Audit Log + Security Alerts) dependabot reviewed check
GitHub data is being collected
GitHub (Org Audit Log + Security Alerts) privileged access reviewed check
GitHub (Org Audit Log + Security Alerts) repo visibility reviewed check
GitHub (Org Audit Log + Security Alerts) secret scanning enabled check
GitHub (Org Audit Log + Security Alerts) security alerts reviewed check
GitHub (Org Audit Log + Security Alerts) audit log reviewed check
Evidence
Evidence types collected
These evidence objects can be mapped to controls and exported as an evidence bundle or audit workbook snapshot.
Produces
- Evidence objects with source details
- Freshness and cadence status
- Evidence bundle exports (plan-based)
Security Note
Read-only API, scoped credentials, and an audit trail for every sync.
Cadence Controls
Incremental updates every 1 hour. Full refresh daily.
Why It Matters for Reviewers
- Reduces evidence follow-ups by attaching system exports directly to answers.
- Keeps timestamps explicit for audit windows.
- Makes sampling easier through evidence bundles.
Controls and Frameworks Impacted
Adobe Common Controls Framework (Adobe CCF)
ADOBE_CCF
1 control
Aurora Essentials (Baseline Control Set)
AURORA_ESS
1 control
Australian Information Security Manual (ISM)
AUSTRALIAN_ISM
1 control
Australian ISM for IRAP and ASD
AUSTRALIAN_ISM_IRAP
1 control
BSI IT Grundschutz (Grundschutz++)
BSI_IT_GRUNDSCHUTZ
1 control
Cybersecurity Code of Practice for Critical Information Infrastructure
CCOP
1 control
CIS Controls v8
CIS
1 control
CMS Acceptable Risk Safeguards (ARS)
CMS_ARS
1 control
COBIT 2019 Framework: Governance and Management Objectives
COBIT
1 control
Cyber Risk Institute Profile (CRI)
CRI_PROFILE
1 control
DESC Combined Standards (Digital Dubai / DESC family overlay)
DESC_COMBINED_STANDARDS
1 control
NHS DTAC (Digital Technology Assessment Criteria)
DTAC
1 control
GitHub (Org Audit Log and Security Alerts) Integration Questions
Does this require admin access?
Does this require admin access?
It depends on the evidence you choose to capture. We'll confirm required permissions during setup.
Can we control cadence?
Can we control cadence?
Yes. In eligible plans, cadence is configurable.
Can we export evidence if a reviewer asks?
Can we export evidence if a reviewer asks?
Yes. Export evidence bundles for offline attachments, or give reviewers structured access through Trust Center. Aurora keeps the source and timestamps so work stays reusable between reviews.
Want to Confirm Evidence Coverage for GitHub (Org Audit Log and Security Alerts)?
Tell us about your evidence gap, audit question, or framework target. We'll show what can be automated, what stays manual, and how to share it in a controlled way.
15-minute walkthrough. No obligation. See Aurora applied to your workflow with the exact outputs reviewers receive. (No compliance guarantees.)