Monitor GitHub Branch Protection in Salesforce

Branch protection settings change? Salesforce creates a task for review immediately.

Trigger

Branch Changed

Triggers when a GitHub branch changes. Monitors a specific branch for: - New commits pushed (head commit SHA changes) - Protection status toggled (branch becomes protected or unprotected) - Protection settings changed, including: required status checks and their enforcement level, admin enforcement, required pull request reviews (dismiss stale reviews, code owner reviews, approving review count, last push approval), required linear history, force push allowance, deletion allowance, conversation resolution, branch locking, and fork syncing.

Salesforce logo

Action

Create task

Creates a new task in salesforce to track activities, to-dos, and follow-ups related to contacts, leads, or other records.

Why this helps

A team member loosens branch protection to merge a hotfix. The change goes unnoticed. Weeks later, someone pushes directly to main without review. Security gaps accumulate silently until a critical mistake happens.

  • Every branch protection change is logged as a task
  • Security team can review and approve protection changes
  • Prevents unauthorized weakening of merge policies
  • Maintains audit trail of security settings

Setup

Build it in a few focused steps.

  • 1Connect GitHub and Salesforce to Notis.
  • 2Create an automation called 'Branch Protection Changes'.
  • 3Set the prompt to: 'When branch protection settings change on the main branch, create a task in Salesforce for the security team with details of what changed (e.g., required reviews, admin enforcement). Mark it for immediate review.'
  • 4Select 'GitHub: Branch Changed' as the trigger.
  • 5Test by temporarily disabling a branch protection rule.

Questions about this workflow

Should I track changes on all branches or just main?

Notis can filter to main branch only, or to whichever branches matter most for security. Tell it your preference.

How do I know what changed?

Notis will include the specific settings that changed (e.g., 'required reviews reduced from 2 to 1') in the task description.

When this happens · Trigger

Do this · Action

Supported Triggers and Actions

Notis builds workflows that link GitHub to Salesforce. A trigger fires from one place; an action lands in another.

GitHub logo

GitHub triggers

Salesforce logo

Salesforce actions

New Workflow Artifact Created

Triggers when a new workflow artifact is created in a GitHub repository. Monitors for newly created GitHub Actions workflow artifacts. Optionally filters by artifact name to restrict monitoring to specific artifacts.

TriggerPolling

Create Salesforce Account

Deprecated: creates a new salesforce account using a json post request, requiring 'name'; specific fields (e.g., custom, dunsnumber) may have org-level prerequisites.

ActionInstant

Branch Changed

Triggers when a GitHub branch changes. Monitors a specific branch for: - New commits pushed (head commit SHA changes) - Protection status toggled (branch becomes protected or unprotected) - Protection settings changed, including: required status checks and their enforcement level, admin enforcement, required pull request reviews (dismiss stale reviews, code owner reviews, approving review count, last push approval), required linear history, force push allowance, deletion allowance, conversation resolution, branch locking, and fork syncing.

TriggerPolling

Add contact to campaign

Adds a contact to a campaign by creating a campaignmember record, allowing you to track campaign engagement.

ActionInstant

New Branch Created

Triggers when a new branch is created in a GitHub repository. Detects newly created branches. Deleted branches do not fire events.

TriggerPolling

Add lead to campaign

Adds a lead to a campaign by creating a campaignmember record, allowing you to track campaign engagement.

ActionInstant

Check Run Status / Conclusion Changed

Triggers when a specific GitHub check run changes its status or conclusion. Monitors a single check run for changes to: status (queued, in_progress, completed, etc.), conclusion (success, failure, neutral, cancelled, skipped, timed_out, action_required), started_at, and completed_at.

TriggerPolling

Add product to opportunity

Adds a product (line item) to an opportunity. the product must exist in a pricebook entry that's associated with the opportunity's pricebook.

ActionInstant

Check Suite Status / Conclusion Changed

Triggers when a GitHub check suite changes its status or conclusion for a given ref. Monitors all check suites associated with a git reference (branch, tag, or commit SHA) for changes to status (queued, in_progress, completed, etc.) and conclusion (success, failure, neutral, cancelled, skipped, timed_out, action_required, startup_failure, stale). Optionally filters by GitHub App ID.

TriggerPolling

Apply lead assignment rules

Applies configured lead assignment rules to a specific lead, automatically routing it to the appropriate owner based on your organization's rules.

ActionInstant

New Code Scanning Alert Created

Triggers when a new code scanning alert is created in a repository. Fires an event for each newly created code scanning alert detected in the configured repository. Alerts can be filtered by Git reference, scanning tool, state, and severity. The payload includes the alert number, rule details, tool information, state, severity, and the location of the most recent instance.

TriggerPolling

Associate contact to account

Associates a contact with an account by updating the contact's accountid field.

ActionInstant

New Repository Collaborator Added

Triggers when a new collaborator is added to a GitHub repository. Monitors the full list of collaborators on a repository and fires an event for each newly added collaborator. The payload includes the collaborator's GitHub username, account ID, profile URL, avatar URL, permission flags (pull, triage, push, maintain, admin), and assigned role name.

TriggerPolling

Clone opportunity with products

Clones an opportunity and optionally its products (line items). creates a new opportunity with the same field values and products as the original.

ActionInstant

Commit Event

Triggered when a new commit is pushed to a repository.

TriggerInstant

Clone record

Creates a copy of an existing salesforce record by reading its data, removing system fields, and creating a new record. optionally apply field updates to the clone.

ActionInstant

Connect any two apps with Notis in the middle.

Not just GitHub and Salesforce. Any combination from 985+ integrations.

When this happens · Trigger

Do this · Action

Save your first hour today.

7 days free trial with 20$ free usage included.
No card. Works with personal or business Salesforce.