Skip to main content

Why integrate Devin into GitHub?

Integrating Devin into your GitHub organization allows Devin to create pull requests, read and respond to your PR comments, etc. This lets Devin be a true collaborator on your engineering team. The setup is easy! Go to app.devin.ai > Settings > Integrations > Github, click Connect, and follow the GitHub app integration steps on the screen. Make sure to select access to the relevant repos and review permissions
Using GitHub Enterprise Server? See the GitHub Enterprise Server Integration guide for setup instructions using personal access tokens.

Setting up the Integration

Having trouble? Check out our Common Issues page for solutions to common problems.
  1. In your Devin account at app.devin.ai, go to Settings > Integrations > Github, and click the “Connect” button to integrate your organization with the Devin GitHub app.
  2. This will redirect you to GitHub where you can select the GitHub account and repositories to connect Devin, and review the relevant permissions.
    • If you’re setting up the GitHub integration on behalf of your organization, make sure to select your company’s account.
Devin
  1. Once you’ve completed all the set up steps in Github, you will be directed to the Devin account settings page where you can confirm the integration is set up.
Devin
  1. [For Enterprise customers only] Add the cognition-team GitHub account to the relevant repositories. This gives us the ability to help onboard Devin onto your codebase and monitor Devin’s activity.
We recommend enabling branch protections on master to ensure checks are enforced before Devin can merge any changes.

Using Devin with the GitHub Integration

Once the integration is set up, you can go to the Devin web application and you should be able to @mention the repo in your prompt! If you are using a repository for the first time, we recommend going through the development environment setup process in the onboarding flow to ensure that Devin has the most accurate and up to date information about working with your codebase.
Devin will automatically respond to any PR comments as long as the session has not been archived

Pull Request Templates

When Devin creates a pull request, it will try to structure the PR description using a template from your repository. If you provide a template, Devin will follow its structure when writing the description it submits on GitHub.

Devin-specific template (preferred)

You can give Devin its own template without changing your human-facing default by adding a file named devin_pr_template.md in one of the supported PULL_REQUEST_TEMPLATE locations below. This is helpful if you want Devin to include extra guidance (for example, a reviewer checklist or instructions to include a Mermaid diagram of touched files).

Search & precedence order

Devin looks for the first existing file in the following order (first match wins):
  1. PULL_REQUEST_TEMPLATE/devin_pr_template.md
  2. docs/PULL_REQUEST_TEMPLATE/devin_pr_template.md
  3. .github/PULL_REQUEST_TEMPLATE/devin_pr_template.md
  4. pull_request_template.md
  5. docs/pull_request_template.md
  6. .github/pull_request_template.md
If none of these files exist, Devin falls back to its internal default PR description format.
If you already have a GitHub pull_request_template.md that you want Devin to follow exactly, just copy (or symlink) it to one of the devin_pr_template.md paths above.
For more on GitHub pull request templates (supported locations, multiple templates, query parameters, etc.), see the GitHub Docs: Creating a pull request template for your repository.

Setting Devin’s Permissions

Managing Permissions

You need to be an admin of the Github organiation where the Devin integration is installed to manage permissions
When setting up the integration, you can choose to grant permissions such that Devin can access all the organization’s repositories or only a selected subset of repos. You can always adjust permissions through the Integration configuration page in Github once the app is connected:
  • Step 1: Go to the GitHub Integration settings
  • Step 2: Navigate to Devin.ai Integration and click “Configure”
  • Step 3: Scroll to the “Repository access” section to manage permissions
Devin
Devin requires the following permissions: Read access to:
PermissionDescription
`dependabot alertsAllows Devin to resolve dependabot alerts on your behalf (i.e. bumping dependency versions)
actionsAllows Devin to view the actions configured for a repository in order to understand if Devin’s changes pass CI
checksAllows Devin to view the checks configured for a repository in order to understand if Devin’s changes pass CI
commit statusesAllow Devin to view if a commit passes CI
deploymentsAllow Devin to view which versions of a repository were deployed
metadataAllow Devin to view crucial metadata about a repository such as who owns it
packagesAllow Devin to view which versions of a repository were shipped as a package
pagesAllow Devin to consult pages associated with a repository, e.g. to view documentation
repository advisoriesAllow Devin to view security advisories related to a repo in order to help fix security issues
repository hooksAllow Devin to view the hooks configured for a repository, e.g. linting and type checking
repository projectsAllow Devin to view projects associated with a repository, e.g. to retrieve information about a task
Read and write access to:
PermissionDescription
codeAllow Devin to contribute to the codebase
discussionsAllow Devin to contribute to discussions
issuesAllow Devin to open new issues
pull requestsAllow Devin to create new PRs
workflowsAllow Devin to set up new workflows, e.g. to help configure CI/CD
We request these permissions so that Devin can work in your repository just as a regular contributor. Specifically, we permit Devin to push new branches, open PRs, and contribute to PR discussions, which is essential for Devin to productively contribute to your codebase.

Commit Signing

During your repository setup, you can use Devin’s Terminal to generate a GPG key that will be used to sign commits, as per the GPG process outlined in GitHub’s docs. We would recommend creating a dummy GitHub account in your organization to upload the GPG key to (e.g. devin@company.com) so that you can verify which commits are coming from Devin.
Devin

Security Considerations

Some additional information regarding Devin’s permissions in GitHub:
  • We recommend enabling branch protections on master to ensure checks are enforced before Devin can merge any changes.
  • If Devin is connected to your organization’s GitHub account then it will have the same permissions for any user with access to the GitHub and Devin organizations.
  • Devin will not mirror the permissions of the user running a session with Devin, it will retain the permissions granted at the org-level.
  • Devin cannot create new repos in your GitHub account.

IP Whitelisting

If you need to whitelist Devin’s services for access to your organization’s GitHub resources, please add the following IP addresses:
  • 100.20.50.251
  • 44.238.19.62
  • 52.10.84.81
  • 52.183.72.253
(Please note these IPs may change in future updates.)

GitHub Integration FAQs

Yes, a user can choose to connect a GitHub Organization or Personal account to their organization’s Devin account, but we recommend connecting the account that will have the relevant permissions for Devin to run sessions for the organization.
Only users authenticated with access/permissions to the organization that the GitHub integration was connected to can use it in their Devin runs. In other words, Devin(s) will only have access to a GitHub integration if they are launched by the people part of the organizations that installed that GitHub integration.
Encryption keys are managed by AWS KMS and rotated periodically.
I