All Integrations
G
Developer Tools

TruePrivacy + GitHub

Scan GitHub repositories for accidentally committed personal data or API keys.

Auth: OAuth 2.0
Setup time: 10 minutes
Connect GitHub View API Docs

Overview

GitHub repositories can accidentally contain personal data — customer email lists in test files, PII in fixture data, API keys in configuration files. TruePrivacy integrates with GitHub to scan repositories for accidentally committed personal data and sensitive credentials, alerting your team to issues before they become compliance or security incidents.

For development teams committed to privacy by design, the GitHub integration complements CI/CD scanning by providing historical repository scanning — catching personal data that was committed before automated scanning was in place.

What TruePrivacy can do

Data Discovery

Data types accessed

  • Accidentally committed email addresses
  • PII in test data and fixtures
  • Hardcoded personal information in config files
  • API keys and credentials (flagged as security risk)

DSR capabilities

  • Identify repositories containing personal data
  • Generate remediation recommendations for discovered PII
  • Alert repository owners to personal data findings

How it works

  1. 1

    Connect TruePrivacy to your GitHub organization via OAuth 2.0 or GitHub App installation.

  2. 2

    TruePrivacy scans selected repositories for personal data patterns — email addresses, phone numbers, national ID numbers — in code, configuration files, and test data.

  3. 3

    Discovered personal data is flagged with the repository, file, and line number for remediation.

  4. 4

    Automated alerts notify the repository owner and privacy team when personal data is found.

Frequently asked questions

Yes, with appropriate authorization. TruePrivacy scans private repositories that the connected GitHub account or GitHub App has access to. Repository selection is configurable — you can include or exclude specific repositories.

TruePrivacy can scan the current HEAD of each branch, or optionally scan commit history to identify historically committed personal data. Historical scanning is configurable and can be scoped to a date range.

TruePrivacy flags the finding and generates a remediation recommendation. Actual removal from Git history requires git-filter-repo or BFG Repo-Cleaner — TruePrivacy provides guidance and links to appropriate tooling as part of the remediation recommendation.

Connect TruePrivacy to GitHub today

Start your free trial and connect GitHub in 10 minutes.

Start Free TrialBook a Demo