Package: Invicti AppSec Core (on-demand), Invicti AppSec Enterprise (on-premise, on-demand)
GitHub
Prerequisites
Before you integrate GitHub, create an Invicti AppSec service account and make sure this user has access to the projects to be scanned. Add the user to the required organizations.
Integration steps
- Log in to your GitHub account.
- In the upper-right corner, select your profile photo and go to Settings.
- In the left sidebar, open Developer settings.
- Under Developer settings, select Personal access tokens.
- Click Generate new token.
- Enter a descriptive name for the token so you can identify its purpose.
- Select the repo scope to grant repository access.
If you want to use GitHub as an Issue Manager, enable the Admin:Org permission. This prevents the need to generate a separate token.
When you integrate, select Use this ALM as Issue Manager to configure the Issue Manager settings.
- Click Generate token to create the token.
- Copy the generated token and store it securely. You won't be able to see the token again after you leave the page.
Continue the process in the Invicti AppSec UI using the generated token.
At this step, enter the token and click Test Connection. If GitHub is running on-premises, select the corresponding checkbox and provide the GitHub URL.
If you want to use GitHub as an Issue Manager, select the checkbox at the top of the list.
Onboarding projects
After integration, you can synchronize projects from the Sync option next to the Activate button. This lets you onboard projects quickly.
When you enable the Daily Sync feature, Invicti AppSec synchronizes projects from GitHub every day and automatically onboards all projects that haven't been onboarded yet. If your license project count is limited, don't enable Daily Sync. The available project quota may be consumed quickly, which can prevent you from adding new projects.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center