Github
Permissions for the Github connection
This document specifies the exact permissions required for each service principal PAA uses. Granting more than the listed permissions is unnecessary. Granting less will cause partial or complete scan failures.
GitHub App
Purpose
Used for document synchronisation — pushing generated architecture documents, ADRs, IaC code, and assessment reports to your repository.
Where to Configure
Settings > GitHub
Required Permissions
PAA uses a GitHub App installation (not a Personal Access Token).
| Permission | Level | Required For |
|---|---|---|
| Contents | Read and Write | Push generated documents to the repository |
| Metadata | Read | Identify repository name and owner |
No other repository permissions are required.
How to Create the GitHub App
- In GitHub, go to Settings > Developer Settings > GitHub Apps > New GitHub App
- Set the Callback URL and Webhook URL as shown in PAA Settings > GitHub
- Under Repository Permissions, set Contents to Read and write
- Generate a Private Key and download it
- Install the App on your target repository
- In PAA Settings > GitHub, enter the App ID, Installation ID, and Private Key
- Set the repository owner, name, and branch
- Click Test Connection
Platform Architecture Authority — Crimson Owl Technologies Last updated: March 2026
