Skip to main content

Why integrate Devin with GitHub?

Integrating Devin with your GitHub organization enables Devin to create pull requests, respond to PR comments, and collaborate directly within your repositories. This allows Devin to function as a full contributor on your engineering team. To get started, navigate to app.devin.ai > Settings > Integrations > GitHub, click Add Connection, and follow the prompts. You will select which repositories Devin can access and review the required permissions.
Using GitHub Enterprise Server? See the GitHub Enterprise Server Integration guide for setup instructions using personal access tokens.

Setting up the Integration

You must be an admin of your GitHub organization to create and manage the Devin integration. Having trouble? Check out our Common Issues.
  1. In your Devin account at app.devin.ai, navigate to Settings > Integrations > GitHub and click Add Connection.
Devin
  1. If you are not already logged in to GitHub, you will be prompted to authenticate.
Devin
  1. Select the GitHub organization you want to connect to Devin.
Devin
  1. Choose whether to grant Devin access to All repositories or Select repositories to control which repositories Devin can access.
Devin
  1. After completing the GitHub authorization, you will be redirected to Devin settings where you can confirm the integration is active.
Devin
We recommend enabling branch protection rules on your main branch to ensure all required checks pass before Devin can merge changes.

Using Devin with the GitHub Integration

For Core and Teams users

Once the integration is configured, you can @mention repositories directly in your prompts within the Devin web application.

For Enterprise users

Once the integration is configured, you can delegate repositories to specific organizations from Enterprise Settings > Repository Permissions.
Devin
If you are working with a repository for the first time, we recommend completing the development environment setup in the onboarding flow to ensure Devin has accurate, up-to-date information about your codebase. Devin automatically responds to PR comments as long as the session has not been archived.

Managing Devin’s Permissions in GitHub

During setup, you can grant Devin access to all repositories in your organization or limit access to specific repositories. You can adjust repository access at any time through GitHub’s settings:
  1. Navigate to your GitHub organization’s Settings > GitHub Apps (e.g., https://github.com/organizations/<org_name>/settings/installations)
  2. Select Configure for the Devin.ai integration
  3. Under Repository access, choose to grant access to all repositories or select specific repositories
  4. Click Save to apply your changes
Devin
Devin requires the following permissions: Read access to:
PermissionDescription
dependabot alertsAllows Devin to resolve dependabot alerts on your behalf (i.e. bumping dependency versions)
actionsAllows Devin to view the actions configured for a repository in order to understand if Devin’s changes pass CI
checksAllows Devin to view the checks configured for a repository in order to understand if Devin’s changes pass CI
commit statusesAllow Devin to view if a commit passes CI
deploymentsAllow Devin to view which versions of a repository were deployed
metadataAllow Devin to view crucial metadata about a repository such as who owns it
packagesAllow Devin to view which versions of a repository were shipped as a package
pagesAllow Devin to consult pages associated with a repository, e.g. to view documentation
repository advisoriesAllow Devin to view security advisories related to a repo in order to help fix security issues
repository hooksAllow Devin to view the hooks configured for a repository, e.g. linting and type checking
repository projectsAllow Devin to view projects associated with a repository, e.g. to retrieve information about a task
Read and write access to:
PermissionDescription
codeAllow Devin to contribute to the codebase
discussionsAllow Devin to contribute to discussions
issuesAllow Devin to open new issues
pull requestsAllow Devin to create new PRs
workflowsAllow Devin to set up new workflows, e.g. to help configure CI/CD
These permissions enable Devin to work in your repositories as a regular contributor—pushing branches, opening pull requests, and participating in PR discussions.

Pull Request Templates

When Devin creates a pull request, it uses a template from your repository to structure the PR description. If you provide a template, Devin follows its format when submitting PRs to GitHub. You can provide Devin with its own template without modifying your default human-facing template by adding a file named devin_pr_template.md in one of the supported PULL_REQUEST_TEMPLATE locations below. This is useful if you want Devin to include additional context, such as a reviewer checklist or a Mermaid diagram of modified files.

Template search order

Devin searches for templates in the following order and uses the first match:
  1. PULL_REQUEST_TEMPLATE/devin_pr_template.md
  2. docs/PULL_REQUEST_TEMPLATE/devin_pr_template.md
  3. .github/PULL_REQUEST_TEMPLATE/devin_pr_template.md
  4. pull_request_template.md
  5. docs/pull_request_template.md
  6. .github/pull_request_template.md
If no template is found, Devin uses its default PR description format.
If you want Devin to use your existing pull_request_template.md, copy or symlink it to one of the devin_pr_template.md paths listed above.
For more on GitHub pull request templates (supported locations, multiple templates, query parameters, etc.), see the GitHub Docs: Creating a pull request template for your repository.

Commit Signing

During repository setup, you can use Devin’s terminal to generate a GPG key for signing commits, following the process outlined in GitHub’s documentation. We recommend creating a dedicated GitHub account in your organization (e.g., [email protected]) to associate with the GPG key, making it easy to identify commits from Devin.
Devin

Security Considerations

  • Branch protection: We recommend enabling branch protection rules on your main branch to ensure all required checks pass before Devin can merge changes.
  • Organization-level permissions: Devin uses the permissions granted at the organization level, not the permissions of the individual user running a session.
  • Consistent access: All users with access to both the GitHub and Devin organizations share the same Devin integration permissions.
  • Repository creation: Devin cannot create new repositories in your GitHub account.

IP Allowlisting

If your organization requires IP allowlisting for GitHub access, add the following IP addresses:
  • 100.20.50.251
  • 44.238.19.62
  • 52.10.84.81
  • 52.183.72.253
  • 20.172.46.235
  • 52.159.232.99
These IP addresses may change in future updates. We recommend monitoring our release notes for any changes.

GitHub Integration FAQs

Yes, you can connect either a GitHub Organization or a personal GitHub account to your Devin organization. However, we recommend connecting the account that has the appropriate permissions for Devin to access the repositories your team needs.
Only users who are members of the organization that installed the GitHub integration can use it in their Devin sessions. Devin inherits access to the GitHub integration based on the user’s organization membership.
Encryption keys are managed by AWS KMS and rotated periodically.