GitHub is a web based Git repository manager. This guide walks you through the steps to gather the necessary information and configure your GitHub organization for the purpose of creating an integration with Synqly's Application Security connector.
Before you begin, ensure that you have:
- Access to the web interface of GitHub
- Access to a GitHub account that has a verified email address as well as permission to view all repositories in the organization that the Synqly integration will be configured for
| Repository Permission | Access Type | Purpose |
|---|---|---|
| Metadata | Read-only | Retrieve data about the organizations repositories |
| Code scanning alerts | Read-only | Retrieve a repositories Dependabot alerts |
| Dependabot alerts | Read-only | Retrieve a repositories Code Scanning alerts. |
GitHub currently supports four methods of authenticating with its API. Synqly currently supports two of these methods with the recommended method being to use a fine-grained personal access token.
- Log into GitHub with a user account that has a verified email address as well as permission to view all repositories in the organization that the Synqly integration will be configured for
- Select your profile picture, then select Settings
- Select Developer settings from the sidebar on the left
- Select Personal access tokens > Fine-grained tokens
- Select Generate new token
- Fill in the field titled Token name field
- In the Resouce owner field, select the organization that the integration will be configured for
- Select an token expiration date under the field titled Expiration
- In the section titled Repository access select the All repositories option
- In the section titled Permissions select Add permissions and add all of the required permissions and ensure that the listed access type aligns with the required permission access type. The required permissions and required permission access types can be found in the section above titled Required Permissions
- Select Generate token, take note of the value displayed and store it in a safe location
- You have now created a new GitHub fine-grained personal access token. Proceed to the next section titled Configuring the Integration
For more information on fine-grained personal access tokens, see the GitHub Managing your personal access tokens docs page
To configure a new GitHub integration in the Synqly system, provide each of the values as defined below:
| Integration Parameter | Description |
|---|---|
| Secret | This is the personal access token value generated from executing the steps above. |
| Organization Slug | This is the slug of the organization in which the Synqly integration will be tied to. This value can by found by navigating to your organization and viewing the url. Example https://github.com/organizations/{your-organization-slug} |
| GitHub Instance URL | This is the url that you use to access your GitHub instance. This value is only required when using a url other than https://github.com |