# Frequently Asked Questions

# How do I create a fine-grained Personal Access Token for GitHub?

Please see [GitHub's documentation](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token) for more information on how to create a fine-grained PAT.

**_NOTE:_** Make sure to choose the right organization as the _Resource owner_. On the screenshot below, the fine-grained Personal Access Token will grant certain permissions only on the repositories owned by the Ketryx organization. In your case, the _Resource owner_ will most likely be your organization (the company you are working for).

The following _Read-only_ permissions are required for the integration with Ketryx:

- _Contents_
- _Metadata_
- _Pull requests_

It should look like this:

This token will serve as the authentication method to fetch both Pull Request data and the Git repository for SOUP dependency analysis from GitHub.

When entering the authentication credentials in Ketryx, the username has no effect, but the password should be the PAT.
