Skip to main content
Connect GitHub to Tembo to open pull requests to improve your codebase.

Features

  • Scan for TODO comments in your codebase
  • Scan for security issues
  • Scan for performance issues
  • Scan for technical debt
  • Scan for refactoring opportunities
  • Automatically fix failed workflows and CI/CD pipelines
  • Automatically sign commits for verified contributions
  • Respond to PR comments and review feedback
  • Mention @tembo in GitHub issues to kick off work

Installation

1

Install

Navigate to the Integrations page in Tembo and click the Install button next to GitHub.
2

Authorize

Authorize Tembo to access your GitHub account. You can select specific repositories or all repositories. You’ll be redirected back to the Integrations page when complete.
3

Activate Repositories

After syncing completes (may take a few minutes), select which repositories you want Tembo to scan under “Active Repositories” on the Integrations page.Only repositories you activate here will be scanned for issues and receive improvement PRs.Tip: If repositories don’t appear after a few minutes, use the sync button on the Integrations page to manually trigger a refresh.

Managing Your Integration

Manual Sync

If you’ve added new repositories to your GitHub account or modified repository permissions, you can manually sync to refresh the list:
  1. Navigate to the Integrations page
  2. Find the GitHub integration card
  3. Click the sync button (circular arrow icon)
  4. Wait for the sync to complete - the button will show a loading indicator while syncing
The sync process will discover any new repositories you’ve granted access to and update existing repository metadata.

Supported Webhooks

Tembo listens to the following GitHub events and maps them to automation triggers (reference them as github.<event> in your triggerName, e.g., github.pull_request.opened). Tembo subscribes only to the events listed here (not every GitHub webhook). The Integrations page in the app shows the live set enabled for your org. If you need an additional event (for example, tag creation), contact support@tembo.io.
  • pull_request.opened
  • pull_request.closed
  • pull_request.reopened
  • pull_request.ready_for_review
  • pull_request.converted_to_draft
  • pull_request.edited
  • pull_request_review.submitted
  • issue_comment.created
  • installation.created
  • installation.deleted
  • installation.new_permissions_accepted
  • installation_repositories.added
  • installation_repositories.removed
See Automations for how to create triggers that start automations from these events.

Usage

Automated Scanning

Once you’ve activated repositories, Tembo automatically scans for:
  • TODO Comments - Finds and implements requested functionality from TODO items
  • Security Issues - Identifies potential security vulnerabilities in your code
  • Performance Issues - Detects slow queries, inefficient algorithms, and optimization opportunities
  • Technical Debt - Discovers areas that need refactoring or modernization
  • Refactoring Opportunities - Identifies code that can be improved through refactoring for better maintainability and clarity
  • Code Quality - Spots potential bugs, unused code, and anti-patterns

Pull Requests

When Tembo finds an issue it can address, it will:
  1. Create a Pull Request - Opens a PR with the proposed fix or improvement
  2. Add Context - Includes a detailed description of what was changed and why
  3. Request Review - Assigns the PR for team review following your repository’s workflow
All commits in Tembo PRs are automatically signed and verified. This means GitHub displays a “Verified” badge on each commit, confirming that the code was generated by Tembo’s authenticated integration and providing trust and traceability for automated changes.

Signed Commits

Tembo automatically signs all commits created through the GitHub integration using the GitHub App. This provides several benefits:
  • Verified Badge - All commits display a “Verified” badge in GitHub, confirming they were created by Tembo’s authenticated integration
  • Security Assurance - Signed commits provide cryptographic proof that the code changes originated from Tembo
  • Compliance - Helps meet requirements for verified commits in organizations with strict security policies
  • No Configuration Required - Commit signing happens automatically for all Tembo-created commits
You can verify signed commits by looking for the “Verified” badge next to commits in pull requests created by Tembo. For more details, see the Pull Requests documentation.

Working with Pull Requests

Reviewing Pull Requests

Review Tembo’s PRs just like any other team member’s work:
  • Examine the changes and verify they align with your requirements
  • Leave comments directly on the code if you need changes
  • Use the Feedback Loop feature to have Tembo address your review comments automatically

Commenting on PRs

When reviewing Tembo’s pull requests, you can request changes or improvements by tagging @tembo in your comments. This ensures Tembo responds to your specific feedback while ignoring internal team discussions or comments directed at other team members. Example: 
@tembo Please update this function to include error handling
Without the @tembo tag, Tembo will not respond to the comment, allowing for cleaner team communication.

Tagging Tembo in Issues

You can tag Tembo directly in GitHub issues to start work on implementing the requested feature or fix. Example usage: 
@tembo Please implement the API endpoint described in this issue.
Include proper error handling and follow our existing patterns.

Failed Workflow Detection

Tembo automatically monitors your GitHub Actions workflows and detects when they fail. When a workflow fails due to broken tests, linting errors, or other issues, Tembo will analyze the failure, identify the root cause, and create a PR with a fix. This helps maintain a healthy CI/CD pipeline without manual intervention.

Troubleshooting

Repositories Not Appearing After Installation

If repositories don’t appear in the “Active Repositories” list after installation:
  1. Wait a few minutes - Initial sync can take 2-5 minutes depending on the number of repositories
  2. Check repository permissions - Ensure you granted Tembo access to the repositories during installation
  3. Manual sync - Click the sync button on the GitHub integration card to refresh the repository list
  4. Verify organization access - If repositories belong to an organization, ensure you have permission to install GitHub Apps for that organization

Tembo Not Responding to @tembo Mentions

If Tembo doesn’t respond when you mention @tembo in issues or PR comments:
  1. Check the mention format - Ensure you’re using @tembo (not variations like @Tembo or @TEMBO)
  2. Verify repository activation - Confirm the repository is activated in the Integrations page
  3. Check webhook status - The Integrations page shows the live set of enabled webhooks; ensure issue_comment.created is enabled
  4. Review permissions - Verify Tembo has the necessary permissions to read issues and comments

Pull Requests Not Being Created

If Tembo isn’t creating PRs for detected issues:
  1. Verify repository activation - Only activated repositories receive automated scanning
  2. Check branch protection - Ensure Tembo has permission to create branches and open PRs
  3. Review scanning settings - Confirm automated scanning is enabled for your organization
  4. Check for existing PRs - Tembo may not create duplicate PRs for issues already addressed

Best Practices

  • Configure repository settings to match your team’s preferences
  • Use Rule Files to help Tembo understand your coding standards
  • Set up Hooks to customize Tembo’s behavior for your workflow