GitHub MCP server
Read and write repos, issues, pull requests, and Actions runs on GitHub.
About
Connect Tracecat to GitHub to triage code, security findings, and CI activity from agents working alongside AppSec analysts and DevOps engineers. You can pull CodeQL or Dependabot alerts, open a tracking issue, and assign it to the right code owner so vulnerabilities land in the same workflow engineers already use. From there, agents can review pull request diffs, retry failed Actions runs, and post follow-up comments when a fix ships, all attributed to the connected user in your GitHub audit log.
Setup
- 1
Sign in with OAuth
You'll authorize Tracecat to access GitHub on your behalf. No API keys to manage.
- 2
Select the
GitHubtile in the Tracecat MCP catalogOpen the
MCP catalogin your workspace, select theGitHubtile, and complete the OAuth flow. - 3
Enable
GitHubin your agentIn your
ai.agentaction orAgents→toolstab, selectGitHubfrom theMCP integrationsdropdown.
Tools
create_issue | Open a new issue in a repository with title, body, labels, and assignees. |
search_issues | Search issues across repositories with GitHub's search syntax and filters. |
create_pull_request | Open a pull request between two branches with title, body, and reviewers. |
get_pull_request | Fetch a pull request with its head and base refs, mergeable state, and review status. |
list_pull_request_files | List the files changed in a pull request along with patch hunks. |
get_file_contents | Read the contents of a file from a repository at a specific ref. |
list_workflow_runs | List GitHub Actions workflow runs for a repository, filtered by branch, status, or actor. |
get_code_scanning_alert | Fetch a code scanning alert with rule, severity, and affected location. |
list_dependabot_alerts | List Dependabot alerts for a repository with package, severity, and remediation advice. |
create_or_update_file | Commit a new or updated file to a branch, creating a tree and commit in one call. |