GitHub Integration
The Treblle GitHub Application is an intelligent API discovery and refactoring tool that integrates directly with your GitHub organization.
It automatically identifies APIs across your repositories and provides AI-powered analysis, refactoring suggestions, and automated code improvements.
Note
The Treblle GitHub Application requires a Treblle Enterprise Plan. Contact sales to upgrade your account.
Key Features
Automatic API Discovery
Scan your GitHub organization and automatically discover APIs across all repositories with metadata including language, framework, endpoints, and activity information.
AI-Powered Code Review
Get automated AI reviews analyzing security vulnerabilities, performance bottlenecks, API design patterns, and comprehensive code quality scoring.
Automated Refactoring
Enable one-click refactoring to create PRs with suggested improvements, Treblle SDK integration, and detailed change descriptions ready for team review.
Installation
Prerequisites
- GitHub organization admin access
- Treblle Enterprise Plan subscription
- Treblle SDK Token (found in Dashboard → Settings)
Step 1: Install the GitHub App
- Navigate to the Treblle GitHub App
- Click Install or Configure
- Select your GitHub organization
- Choose installation scope:
- All repositories: Discovers APIs across your entire organization
- Selected repositories: Limit discovery to specific repositories
Step 2: Configure the Application
After installation, you’ll be redirected to the Treblle setup page:
- Enter your Treblle SDK Token
- Find this in: Treblle Dashboard → Settings → API Keys
- Click Complete Setup
Step 3: Review Discovered APIs
- Log in to your Treblle Dashboard
- Navigate to APIs → Discovered APIs
- Review the automatically discovered APIs from your GitHub organization
Supported Languages & Frameworks
Framework Support
The Treblle GitHub Application supports automatic API discovery for the following technologies
Spring Boot
Version 2.0+ | Full Support
.NET Core
Version 3.1+ | Full Support
Express
Version 4.0+ | Full Support
Laravel
Version 5.5+ | Full Support
FastAPI
Version 0.60+ | Full Support
Django
Version 3.9+ | Full Support
Tip
More frameworks are being added regularly. Check back for updates or contact support to request support for your framework.
Detection Algorithm
Privacy-First Approach
Treblle uses a proprietary API detection algorithm designed for speed, security, and privacy. The application does not:
- Clone entire repositories
- Access all files in your codebase
- Store your source code
- Require read access to sensitive files
How It Works
The detection algorithm looks for common, non-invasive patterns that indicate the presence of an API:
Laravel Applications:
- Checks for
routes/api.phpfile - Detects Laravel framework dependencies in
composer.json
Spring Boot Applications:
- Identifies
spring-boot-starter-webdependency - Looks for
@RestControllerannotations
.NET Core Applications:
- Detects
ApiControllerattributes - Identifies
Routeattributes and routing configuration
Express Applications:
- Checks for API routes in
app.js,server.js, or similar entry points - Identifies Express framework usage in
package.json
FastAPI Applications:
- Detects
FastAPIimports in Python files - Identifies API route decorators
Django Applications:
- Checks for Django REST framework dependencies
- Identifies API URL patterns in
urls.py
Minimized Repository Access
The algorithm is designed to minimize repository access while maximizing detection accuracy, ensuring your codebase remains secure and private.
Using AI Code Review
Request a Code Review
- Navigate to APIs → Discovered APIs in your Treblle Dashboard
- Select the API you want to review
- Click Request AI Review
- Wait for the analysis to complete (typically 2-5 minutes)
Review Results
The AI review provides comprehensive analysis across multiple dimensions:
Security Score:
- SQL injection vulnerabilities
- Authentication/authorization issues
- Data validation problems
- Secret management concerns
Performance Score:
- N+1 query problems
- Inefficient database queries
- Caching opportunities
- Resource utilization
API Design Score:
- REST best practices compliance
- Endpoint naming conventions
- Response structure consistency
- HTTP status code usage
Understanding Recommendations
Each recommendation includes:
- Priority level: Critical, High, Medium, or Low
- Description: Clear explanation of the issue
- Impact: How it affects your API
- Suggested fix: Specific code changes to address the issue
Automated Refactoring
Enable Auto-Refactoring
- Review the AI analysis results
- Click Enable Auto-Refactoring
- Confirm the changes you want to apply
- Wait for Treblle to create the Pull Request (typically 5-10 minutes)
What Gets Changed
The automated refactoring process:
- Fixes identified issues based on AI recommendations
- Integrates Treblle SDK for your language/framework
- Updates dependencies if needed
- Adds configuration files for Treblle monitoring
- Maintains code style and formatting conventions
Review the Pull Request
Once created, the PR includes:
- Detailed description of all changes made
- Before/after code comparisons
- Rationale for each modification
- Test results (if tests exist)
- Treblle SDK setup instructions
Deployment Options
SaaS Deployment (Default)
Hosted processing on Treblle’s servers with fast setup, automatic updates, and 99.9% uptime SLA. No infrastructure required.
Private Cloud Deployment
Deploy in your AWS, Azure, or GCP environment with private processing, data control, and custom compliance for data sovereignty requirements.
On-Premises Deployment
Self-hosted solution with air-gapped support, complete data isolation, and custom security policies for maximum control.
Note
Private Cloud and On-premises deployments require a custom Enterprise agreement. Contact sales for more information.
Security & Privacy
Data Access
The Treblle GitHub Application:
- Only reads repository metadata and specific API-related files
- Never stores your complete source code
- Uses minimal permissions required for API discovery
- Encrypts all data in transit and at rest
Permissions Required
GitHub Permissions
The GitHub App requests these permissions for operation
Repository contents
Read-only | Detect API patterns and frameworks
Pull requests
Read & Write | Create refactoring PRs
Metadata
Read-only | Access repository information
Caution
You can revoke these permissions at any time in your GitHub organization settings without affecting your existing Treblle integrations.
Frequently Asked Questions
Does Treblle store my source code?
No, Treblle only reads specific files needed for API detection (like route files and configuration) and never stores your complete source code. All analysis is performed in real-time and data is encrypted both in transit and at rest.
How long does API discovery take?
Initial discovery typically completes within 5-10 minutes depending on the number of repositories. The system scans incrementally, so you’ll see results appearing progressively in your dashboard.
Can I customize which issues get auto-refactored?
Yes, before enabling auto-refactoring, you can review and select which AI recommendations to apply. You have full control over what changes are included in the generated pull request.
What happens if I don't have tests in my repository?
The refactoring process will still work, but the generated PR won’t include test results. We recommend reviewing changes extra carefully and testing manually in a staging environment before merging.
Can I use this with private repositories?
Yes, the Treblle GitHub Application works with both public and private repositories. The same privacy-first principles apply regardless of repository visibility.
How do I uninstall the GitHub App?
Navigate to your GitHub organization settings → Installed GitHub Apps → Treblle → Uninstall. This will immediately revoke all permissions and stop API discovery.
