GitHub
Configure a GitHub App for Radar
GitHub Apps are how Radar authenticates with the GitHub API to read PR diffs and post review comments. Each self-hosted instance needs its own GitHub App.
Create the App
Go to github.com/settings/apps/new.
For an organization, go to https://github.com/organizations/<YOUR_ORG>/settings/apps/new.
Fill in the form:
| Field | Value |
|---|---|
| GitHub App name | Something unique, e.g. Radar Security (yourcompany) |
| Homepage URL | Your domain or https://github.com/shipsecure-labs/radar |
| Webhook URL | https://your-domain.com/github/webhook |
| Webhook secret | Generate one: openssl rand -hex 32 |
| Webhook active | Checked |
Set Repository permissions:
| Permission | Access |
|---|---|
| Contents | Read-only |
| Pull requests | Read & Write |
Leave all other permissions as "No access".
Under Subscribe to events, check Pull request.
Click Create GitHub App.
Get your credentials
On the app settings page, note the App ID (numeric value near the top).
Scroll to Private keys and click Generate a private key. A .pem file will download.
Convert it to a single-line format for your .env:
awk 'NF {sub(/\r/, ""); printf "%s\\n", $0}' your-app-name.*.private-key.pemClick Install App in the left sidebar, select your account/organization, and choose which repositories to install on.
Environment variables
GITHUB_APP_ID=123456
GITHUB_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nMIIE...\n-----END RSA PRIVATE KEY-----\n"
GITHUB_WEBHOOK_SECRET=your-webhook-secretThe
GITHUB_PRIVATE_KEYmust be in PEM format. Replace actual newlines with\nwhen using a.envfile.