BlogOpen a Ticket
Guides
Start typing to search…

GitHub

Prerequisites

Before integrating GitHub, it is recommended to create an Invicti ASPM service account as a preparation step and ensure that this user has access to the projects to be scanned. Creating the user and adding it to the required organizations is sufficient.

Integration Steps

  1. Log in to the GitHub account.
  2. In the upper-right corner of the page, select the profile photo and navigate to Settings.
  1. From the left sidebar, open Developer settings.
  1. Under Developer settings, select Personal access tokens.
  1. Click Generate new token.
  2. Provide a descriptive name for the token to clearly identify its purpose.
  3. Select the repo scope to grant the required repository access.
❗️

When GitHub is intended to be used as an Issue Manager, the Admin:Org permission must be enabled. This prevents the need to generate a separate token.

During the integration, selecting Use this ALM as Issue Manager is sufficient to configure the Issue Manager settings.

  1. Click Generate token to create the token.
  2. Copy the generated token and store it securely. For security reasons, the token will not be visible again after leaving the page.

After this step, the process can be continued from the Invicti ASPM UI using the generated token.

At this step, entering the token and clicking Test Connection is sufficient. If GitHub is running on-premises, the corresponding checkbox should be selected and the GitHub URL should be provided.

If GitHub will also be used as an Issue Manager, the checkbox at the top of the list must be selected as well.

Onboarding Projects

Afterwards, projects can be synchronized from the Sync option located next to the Activate button, allowing projects to be onboarded quickly.

When the Daily Sync feature is enabled, the system synchronizes projects from GitHub on a daily basis and automatically onboards all projects that have not yet been onboarded. If the license project count is limited, enabling this feature is not recommended. The available project quota may be consumed rapidly, which can prevent new projects from being added to the system.


Updated 22 days ago