UpGuard Core provides two types of GitHub-based node types - the organization or account node type and the repository node type. This guide outlines how to add GitHub nodes into your UpGuard instance to be monitored.

Prerequisites

  • You must have a GitHub account
  • You must have access to the GitHub organization and repositories you want to scan under your account
  • You must be able to generate or at least access personal access tokens

GitHub Organization Node Type

To add a GitHub Organization node, navigate to Discover > Add Nodes.

w500

Then search for the available github node types and select GitHub Organization and then Go Agentless.

w300

Next, enter in the connection and credential information required to scan this node type.

w500

Here:

  • Connection manager group is the CM group you want to use to scan the node. The simplest option is to select the Default group shipped with the appliance, but you can select other satellite CM groups if required. (The CM simply needs to be able to make HTTPS requests to GitHub).
  • Node Name is the name you want to label the node in UpGuard. It has no technical bearing on the scan itself and should be something that is informative and descriptive for your users.
  • Organization URL is the base URL you use to browse your repositories on GitHub.
  • API Token is your API access token which can be found and generated via Personal access tokens page in GitHub Settings.

Click Scan Node to properly register this node and begin an initial scan.

GitHub Repository Node Type

To add a GitHub Repository node, navigate to Discover > Add Nodes.

w500

Then search for the available github node types and select GitHub Repository and then Go Agentless.

w300

Next, enter in the connection details to allow the node to be scanned.

w500

Here:

  • Connection manager group is the CM group you want to use to scan the node. The simplest option is to select the Default group shipped with the appliance, but you can select other satellite CM groups if required. (The CM simply needs to be able to make HTTPS requests to GitHub).
  • Node Name is the name you want to label the node in UpGuard. It has no technical bearing on the scan itself and should be something that is informative and descriptive for your users.
  • Repository URL is the URL you use to browse to this particular repository in GitHub.
  • API Token is your API access token which can be found and generated via Personal access tokens page in GitHub Settings.

Click Scan Node to add and scan the repository.

What Next?

Once you’ve started monitoring your GitHub Account and Repositories for changes, you should head over to our best practices article on Securing your GitHub Account for some basic policies you can import from our Policy Library to help secure your code.

Tags: