GitHub Enterprise
Published on May 25th, 2026Introduction
The Context Store has several GitHub templated Data Sources to allow users to quickly pull relevant data into their Data Store. These templates are a starting point and often you'll want to apply filters or chained Data Sources to modify these templates to suit your needs.
Authentication
The built-in GitHub Enterprise Server Data Source are split across two integrations:
github-enterprise-app(GitHub App installation auth)github-enterprise-token(PAT/header auth)
Pre-built Data Sources
App
Permissions are expressed as GitHub App permissions.
For github-enterprise-app as a starting point, permissions across the following all Data Sources:
Metadata(read)Pull requests(read)Contents(read)Actions(read)Dependabot alerts(read)Administration(read)
| Data source seed | GitHub Enterprise endpoint(s) used | Recommended GitHub App permission(s) |
|---|---|---|
GitHub Enterprise App installation | GET /installation | Metadata (read) |
GitHub Enterprise App repositories | GET /installation/repositories | Metadata (read) |
GitHub Enterprise App pull requests (per repo) | GET /installation/repositories then GET /repos/{full_name}/pulls?state=open | Metadata (read), Pull requests (read) |
GitHub Enterprise App releases (per repo) | GET /installation/repositories then GET /repos/{full_name}/releases | Metadata (read), Contents (read) |
GitHub Enterprise App Actions workflows | GET /installation/repositories then GET /repos/{full_name}/actions/workflows | Metadata (read), Actions (read) |
GitHub Enterprise App Dependabot alerts (per repo) | GET /installation/repositories then GET /repos/{full_name}/dependabot/alerts?state=open | Metadata (read), Dependabot alerts (read) |
GitHub Enterprise App collaborators (per repo) | GET /installation/repositories then GET /repos/{full_name}/collaborators | Metadata (read), Administration (read) |
GitHub Enterprise App markdown files (per repo) | GET /installation/repositories then GET /search/code?q=extension:md+repo:{full_name} | Metadata (read), Contents (read) |
GitHub Enterprise App YAML files (per repo) | GET /installation/repositories then GET /search/code?q=extension:yaml+extension:yml+repo:{full_name} | Metadata (read), Contents (read) |
Token
Permissions are expressed as classic PAT scopes (or GHES equivalents).
For github-enterprise-token as a starting point, permissions across the following all Data Sources:
reporead:orgworkflowsecurity_events(if using Dependabot alerts seeds)
| Data source seed | GitHub Enterprise endpoint(s) used | Recommended token permission(s) |
|---|---|---|
GitHub Enterprise repositories | GET /user/repos | repo |
GitHub Enterprise organizations | GET /user/orgs | read:org |
GitHub Enterprise open pull requests | GET /search/issues?q=is:pr+is:open+author:@me | repo |
GitHub Enterprise pull requests (per repo) | GET /user/repos then GET /repos/{full_name}/pulls?state=open | repo |
GitHub Enterprise releases (per repo) | GET /user/repos then GET /repos/{full_name}/releases | repo |
GitHub Enterprise Actions workflows | GET /user/repos then GET /repos/{full_name}/actions/workflows | repo, workflow |
GitHub Enterprise installed apps | GET /user/installations | Token tied to account with app-installation visibility |
GitHub Enterprise organization members | GET /user/orgs then GET /orgs/{login}/members | read:org |
GitHub Enterprise teams | GET /user/orgs then GET /orgs/{login}/teams | read:org |
GitHub Enterprise Dependabot alerts (per repo) | GET /user/repos then GET /repos/{full_name}/dependabot/alerts?state=open | repo, security_events |
GitHub Enterprise collaborators (per repo) | GET /user/repos then GET /repos/{full_name}/collaborators | repo, read:org |
GitHub Enterprise catalog-info.yaml files | GET /search/code?q=filename:catalog-info.yaml+org:{org} | repo (private repos), read:org |
GitHub Enterprise markdown files | GET /search/code?q=extension:md+org:{org} | repo (private repos), read:org |
GitHub Enterprise YAML files | GET /search/code?q=extension:yaml+extension:yml+org:{org} | repo (private repos), read:org |
Also ensure the PAT identity or app installation is granted access to the target organizations/repositories on your GHES instance.