GitHub, Inc. is a provider of Internet hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git.

GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline.

Connecting your GitHub allows OX to map your apps and scan them for security issues.

GitHub server

  • - if you are using the public SaaS GitHub server, you can use either "Identity provider" or "Token" login. The Token option has the address of the SaaS server by default.

  • GitHub Enterprise - if you are using a private GitHub installation, use "Token" login and provide the GitHub server URL on the "Token" login tab.

Connection options

  • Identity Provider - just click “Connect” under the “Identity Provider” tab and follow the instructions from GitHub on the screen.

Important note - Just keeping pressing next on the GitHub screens is not enough. In many cases, only your private repositories are accessible by default. If you want to include your organization repositories, you must explicitly approve them when asked by GitHub.

  • Token - Create a token in GitHub with the permissions (scopes) mentioned below, copy the token into the token field and click “Connect”.

Token scopes required

  • repo

  • read:packages

  • write:org

  • read:org

  • read:repo_hook

  • user:email

Once you have verified GitHub connectivity, you can see all of the repositories and can select them for scanning.

Setting repositories' scope

You can use the "Gear" icon to choose the repositories' scope OX will cover. Only repositories chosen here will be covered and scanned.

Here you can also decide what will happen by default with newly discovered repositories.

Last updated

Copyright ©2024 OX Security. All rights reserved.