search
Book a demo

GitHub

GitHub provides cloud-based hosting for software development and version control using Git. It offers distributed version control and source code management capabilities.

By connecting GitHub to OX, you enable the system to map your applications and scan them for security issues.

In addition, when connecting GitHub, GitHub Actions is a CI/CD platform that automates the build, test, and deployment pipeline.

Before deciding on the connection method you are going to use, learn about the connection methods used in OX. The following connection methods are available:

hashtag
GitHub Server Options

  • GitHub.com (Public SaaS): If you are using the public GitHub server, you can log in using either the Identity Provider or Token method. The Token method defaults to the public GitHub server address.

  • GitHub Enterprise (Private Server): If you are using a private GitHub instance, select the Token login option and provide your GitHub server URL.

hashtag
Connecting Multiple Accounts

You can connect multiple source control accounts within the same organization, securing them all under a single organization in the OX platform. For instance, you can connect multiple GitLab accounts under one organization using multiple token connections, multiple identity providers, or multiple apps connections.

Integrating with multiple accounts is especially beneficial for large organizations where different departments may need separate credentials to access different GitLab instances or other services. The integration is flexible and robust because you can combine different connection methods, such as using tokens for more sensitive accounts and apps and identity providers for less sensitive ones.

hashtag
Connecting using GitHub App

The GitHub App method offers a streamlined way to connect an OX platform account to GitHub. This method uses an application created by OX Security, which simplifies the connection process.

When using this method, you install the OX GitHub app into your GitHub organization. The app is granted permissions to access your GitHub data, allowing the OX platform to interact with your repositories.

To connect with GitHub App:

  1. In the OX platform, go to Connectors and select GitHub > GITHUB APP.

  1. Select CONNECT. You are automatically redirected to the source control system’s authentication dialog.

  2. Login to GitHub. The Install OX Security dialog appears with the list of organizations that you have defined on GitHub.

  1. Select the organization with which you want to set the GitHub-OX integration.

  1. In the Install & Authorize OX Security dialog, select as follows:

  • All repositories: Grants OX GITHUB APP permissions to all the GitHub repositories within the selected GitHub organization.

  • Only select repositories: Select GitHub repositories to which you want to grants OX GITHUB APP permissions within the selected GitHub organization.

  1. Select Install & Authorize. The connection is established and you are redirected back to OX Security, where the list of all the repositories that participate in the integration appears.

  1. Select the repos you want to scan and click SAVE.

  2. (optional) Select branches you want to scan within the selected repos.

  3. To connect more GitHub accounts to the same organization in the OX platform, select Add another GitHub App +, add the app and select CONNECT.

hashtag
Connecting using Identity Provider

The Identity Provider (IDP) method is another way to link GitHub to OX Security. This method relies on authentication services provided by GitHub or a third-party service. The user connects using their GitHub account credentials, allowing the OX platform to use GitHub as the identity provider for authentication.

To connect with Identity Provider:

  1. In the OX platform, go to Connectors and select GitHub > IDENTITY PROVIDER.

need to replace this screenshot

  1. Select CONNECT. You are automatically redirected to the source control system’s authentication dialog.

  2. Log in to GitHub and grant permissions to access the data.

  1. Select Authorize oxsecurity. The connection is established and you are redirected back to OX Security, where the list of all the repositories that participate in the integration appears.

  1. Select the repos you want to scan and select SAVE.

  2. (optional) Select branches you want to scan within the selected repos.

  3. To connect more GitHub accounts to the same organization in the OX platform, select Add another Identity Provider +, set the required parameters and select CONNECT.

hashtag
Connecting using Token

The Token method provides the most flexibility for connecting GitHub to OX Security. In this method, users generate an API token in GitHub, which serves as a security credential to allow OX Security access to specific repositories and actions.

To connect with Token:

  1. Get a GitHub token.

  2. In the OX platform, go to Connectors and select GitHub > TOKEN.

  1. In the Configure your GitHub credentials dialog, set the following parameters:

    Parameter
    Description

    GitHub Host URL

    Add your GitHub organization account URL.

    Token

    Paste the GitHub token you have created.

    Token Name

    The token name is automatically generated by OX app. You can change/edit the connection name at any time.

  2. To select specific repositories for scanning by OX platform, select the gear icon next to DELETE.

  1. Select the repos you want to protect.

  1. Select SAVE.

  2. (optional) Select branches you want to scan within the selected repos.

  3. To connect more GitHub accounts to the same organization in the OX platform, select Add another Token +, set the required parameters and select CONNECT.

Last updated