Comment on page
GitHub & GitHub Actions
Let's get to know the GitHub connector
GitHub, Inc. is a provider of Internet hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git.
GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline.
Connecting your GitHub allows OX to map your apps and scan them for security issues.
- github.com - if you are using the public SaaS GitHub server, you can use either "Identity provider" or "Token" login. The Token option has the address of the SaaS server by default.
- GitHub Enterprise - if you are using a private GitHub installation, use "Token" login and provide the GitHub server URL on the "Token" login tab.
- Identity Provider - just click “Connect” under the “Identity Provider” tab and follow the instructions from GitHub on the screen.
Important note - Just keeping pressing next on the GitHub screens is not enough. In many cases, only your private repositories are accessible by default. If you want to include your organization repositories, you must explicitly approve them when asked by GitHub.
Once you have verified GitHub connectivity, you can see all of the repositories and can select them for scanning.
You can use the "Gear" icon to choose the repositories' scope OX will cover. Only repositories chosen here will be covered and scanned.
Here you can also decide what will happen by default with newly discovered repositories.