Contents x
    Github
    • 1 Minute to read
    • Print
    • PDF
    Contents

    Github

    • 1 Minute to read
    • Print
    • PDF
    Article Summary

    About this document

    This document provides the step-by-step procedure to configure Github in SAFE.

    Introduction

    SAFE integrates with Github via read-only APIs and fetches the security misconfiguration of the Github account in SAFE. 

    Prerequisites

    • Github Admin Access
    • API URL
    • Organization Name
    • Access Token
    • SAFE Admin Access

    Generate Access Token

    To generate the Access Token:

    1. Log in to your GitHub account as Admin. 
    2. Click the User Profile from the top-right of the page.
    3. Click Settings.
      Github%201
    4. Scroll down to the left navigation and click the Developer Settings option.
      Github%202
    5. Click the Personal Access Token > Tokens (classic).
    6. Click the Generate New Token > Generate New Token (classic) button.
      Screenshot%202024-02-27%20at%204.28.53%E2%80%AFPM
    7. Enter the name.
    8. Add the following Permissions:
      1. admin:read:org
      2. repo:status
      3. repo:repo_deployment
      4. repo:public_repo
      5. repo:invite
      6. repo:security_events
        Permissions
    9. Click the Generate Token button. 
    10. The system displays the access token. Copy and save the token to use while configuring Gihub in SAFE.
      Access%20Token%205

    Configure Github in SAFE

    To configure Github:

    1. Log in to your SAFE account as Admin.
    2. Click Integrations from the left navigation.
    3. Click the Github card and go to the configuration page.
    4. Click the Configure button.
    5. Enter the following details:
      1. API URL - https://api.github.com
      2. Organization Name
      3. Access Token
    6. Enter the Auto Sync Frequency.
    7. Click the Test Connection button.
    8. Once the connection is verified, click the Save button.
    9. Click the Sync Now button to trigger an on-demand sync.
    10. Upon a successful sync, the system pulls the Github assets and their findings in SAFE. You can track the status of the sync in the History table.

    Github%20configuration

    View Result

    Scroll down to the Finding View and Asset View availabe on the configuration page.

    • Findings View: This tab displays all the findings details fetched from Github.
      Github%20Findings
    • View Assets: This tab displays all the assets pulled from Github.

    History

    Learn More about Integration History here.

    8. SAFE's Outgoing IP Addresses

    Click here to find the outgoing IP addresses of SAFE. All traffic to any integrations in SAFE will see one IP address as the source IP of the incoming connection.

    Was this article helpful?
    What's Next