Install the Trident GitHub App
Open the GitHub integration settings
In the Trident dashboard, navigate to Settings → Integrations → GitHub and click Install App.
Authorize the Trident GitHub App
GitHub will redirect you to the App authorization screen. Select whether to grant access to your entire organization or to specific repositories, then click Install & Authorize.
Select target repositories
Back in the Trident dashboard, choose which repositories Trident is allowed to open PRs in. You can select one repository per project or multiple repositories for a monorepo setup.
What Trident creates PRs for
Once the GitHub App is installed, Trident automatically opens draft pull requests for the following finding types:| Finding type | Example change |
|---|---|
| IAM policy fixes | Remove wildcard * actions from an over-permissive AWS policy |
| Terraform changes | Add encryption or restrict public access on an S3 bucket resource |
| Kubernetes RBAC patches | Scope a ClusterRole to namespace-level permissions |
| Agent code fixes | Apply a system-prompt hardening patch suggested by Sentinel’s Fix Agent |
Pull request format
Every PR Trident opens follows the same structure:- Draft status — PRs always open as drafts so they do not trigger auto-merge rules or required-review workflows until your team is ready.
- Finding summary — The PR description includes the finding name, severity, affected resource, and the reasoning behind the proposed change.
- Proposed diff — The change is scoped to the minimum edit needed to resolve the finding.
- Dashboard link — A direct link back to the finding in Trident so reviewers have full context before merging.
Required permissions
The Trident GitHub App requests the following permissions:| Permission | Level | Reason |
|---|---|---|
pull_requests | Write | Create and update draft PRs |
contents | Read | Read repository files to generate accurate diffs |
push access to your default branch. It cannot force-push, merge pull requests, or modify branch protection rules.