This document details the process for integrating your GitHub account with the security platform, enabling the scanning of public and private source code repositories. Two primary methods are supported: GitHub OAuth App (recommended for ease of use) and Personal Access Token (PAT).
Prerequisites
A GitHub user account.
The account must have access to the repositories or organizations intended for scanning.
Method 1: Integrating via GitHub OAuth App (Recommended)
This method uses GitHub's native authorization flow to grant the platform the necessary permissions to access and scan your repositories.
Step 1: Initiate Configuration
From the GitHub integration page, locate the connection section.
Ensure the "Via Github OAuth App" option is selected.
Click the Configure button to start the authorization process.
Step 2: Review and Authorize Access
You will be redirected to GitHub's authorization page.
Review the requested permissions, which typically include:
Repositories: Public and private access.
Personal user data: Email addresses (read-only).
If connecting to an Organization, ensure the necessary organization access is checked and click Grant where applicable.
Click the Authorize developer-clouddefense button to confirm the connection.
Step 3: Connection Confirmation and Post-Integration
Upon successful authorization, you will be redirected back to the platform. A banner stating "Connected to GitHub" will confirm the integration status.
Your account is now connected and ready to scan your private repositories.
Proceed by clicking Scan applications.
Method 2: Integrating via Personal Access Token (PAT)
This method requires generating a scoped Personal Access Token directly within GitHub and then providing that token to the security platform.
Part A: Generating the Personal Access Token (PAT) on GitHub
The token must be generated with the correct scopes to ensure repository access.
1. Navigate to Developer Settings
In GitHub, go to your user settings.
In the sidebar, click on Developer settings.
2. Start Token Generation
In the Developer settings menu, select Personal access tokens and then Tokens (classic).
Click the Generate new token dropdown, and then choose Generate new token (classic) for general use.
3. Configure Token Details and Scopes (CRITICAL)
On the New personal access token page:
Note: Provide a clear name for the token (e.g., onboard-git-cdefense).
Expiration: Set an appropriate expiration date (e.g., 90 days).
Select Scopes: Under the Scopes section, you must check the repo checkbox.
Note: Checking the top-level repo scope grants full control over private repositories, which is required for scanning.
4. Finalize and Copy the Token
Scroll to the bottom and click Generate token.
IMPORTANT: Copy the generated token immediately. You will not be able to view it again.
Part B: Using the PAT in the Security Platform
1. Select the PAT Method
Return to the GitHub integration page.
Click on the Via Personal Access Token button.
2. Enter and Configure Token
In the connection form, paste the copied GitHub Access Token into the field.
Click the Configure button to finalize the integration.
Post-Integration Steps: Sharing Configuration (Optional)
Once connected, you have the option to share this integration with others in your organization or team.
Under the Share GitHub integration section, select the desired option:
Share with organization
Share with the team
Click Share.
This allows other users within your organizational scope to utilize this existing GitHub connection for their own application scanning purposes.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article