Skip to main content
OpenSRE connects to GitHub via the GitHub MCP server to search code, browse recent commits, inspect files, and trace changes correlated with alerts — helping identify which deployment or code change triggered an incident.

Prerequisites

  • GitHub account with repository access
  • Personal access token or GitHub Copilot MCP access

Setup

Option 1: Interactive CLI

opensre integrations setup
Select GitHub when prompted.

Option 2: Environment variables

GITHUB_MCP_AUTH_TOKEN=ghp_your_personal_access_token
GITHUB_MCP_URL=https://api.githubcopilot.com/mcp/   # default
GITHUB_MCP_MODE=streamable-http                      # default
GITHUB_MCP_TOOLSETS=repos,issues,pull_requests,actions  # default
VariableDefaultDescription
GITHUB_MCP_AUTH_TOKENRequired. GitHub personal access token
GITHUB_MCP_URLhttps://api.githubcopilot.com/mcp/GitHub MCP server URL
GITHUB_MCP_MODEstreamable-httpTransport mode: streamable-http, sse, or stdio
GITHUB_MCP_TOOLSETSrepos,issues,pull_requests,actionsComma-separated toolsets to enable
GITHUB_MCP_COMMANDCommand to run (required for stdio mode only)
GITHUB_MCP_ARGSSpace-separated args for stdio mode

Option 3: Persistent store

{
  "version": 1,
  "integrations": [
    {
      "id": "github-prod",
      "service": "github",
      "status": "active",
      "credentials": {
        "url": "https://api.githubcopilot.com/mcp/",
        "mode": "streamable-http",
        "auth_token": "ghp_your_token",
        "toolsets": ["repos", "issues", "pull_requests", "actions"]
      }
    }
  ]
}

Creating a personal access token

  1. In GitHub, go to SettingsDeveloper settingsPersonal access tokensTokens (classic)
  2. Click Generate new token
  3. Select the following scopes: repo, read:org
  4. Copy the token
For GitHub Enterprise Server, set GITHUB_MCP_URL to your enterprise MCP endpoint.

Transport modes

ModeWhen to use
streamable-httpDefault. Works with GitHub Copilot MCP and most hosted instances
sseFor older MCP servers using Server-Sent Events
stdioFor running a local MCP server process (npx @modelcontextprotocol/server-github)

Verify

opensre integrations verify --service github
Expected output: 
Service: github
Status: passed
Detail: GitHub MCP validated for your-username; discovered 18 tools including repository source investigation helpers

Troubleshooting

SymptomFix
Authentication failedCheck that the token has repo scope and is not expired
Required tools missingEnsure toolsets include repos — it provides get_file_contents, list_commits, etc.
Connection refusedVerify GITHUB_MCP_URL is reachable and the MCP server is running

Security best practices

  • Use a fine-grained personal access token with read-only repository access.
  • Limit token scope to the repositories OpenSRE needs to inspect.
  • Store the token in .env, not in source code.