GitHub

GitHub is a tool that allows developers to create, store, manage and share their code.

Usage of Github in Delivery Shield

Delivery Shield can run security analysis to identify the GitHub security posture using frameworks such as OpenSSF Scorecard.
It also collects metadata such as repository name, branch, list of commits, approvers etc., to perform supply chain security-related analysis and populate it on the DBOM for audit purposes.
It can run security scans such as SAST, Secret Scan and license scan on GitHub repositories.

To Integrate Delivery Shield:

Navigate to Setup > Integrations.
In the Source panel, click Github.

You can use the toggle button provided below the integration tile to enable or disable it as needed.

The Github integration page is displayed. Click +New Account.
In the popup that appears, enter the values for the following:

Enter the Account Name, API URL and Token values of your Github account.
Select the Teams and the corresponding Environments from the dropdown for which you want the integration to be available. The integration will be available for the selected teams and environment only.
You can select up to 5 teams for the integration to be displayed.
- A sample is given below for reference:
- In the example above,
  - if Team 1, Team 2, and Team 3 are selected, only applications associated with these teams can access the integration. Any applications belonging to other teams, such as Team 4, will not have access to this account.
  - Even if the user who created this account is also an admin for Team 4, the integration account remains restricted and is not available for Team 4.
  - Access to the account is strictly limited to the specified Teams and Environments selected during account creation.
- For Organization Admins:
  - When an Organization Admin creates an account without selecting specific Teams and Environments, the account will be universally applicable, granting access to all teams and all environments by default.
- For Team Admins with Multiple Teams:
  - If a Team Admin who manages multiple teams creates an account without specifying particular Teams and Environments, the account will only be accessible to the teams for which the logged-in user holds admin privileges.
Click Save. The tool is integrated in the source stage.
To delete the integration, click the Delete button.
You can edit the entered Github values by clicking the Edit option as shown below:

Enter the new values and click Update.

The new values get updated.

PreviousIntegrating CI and CD tools in Delivery Shield NextGitLab

Last updated 6 minutes ago

Was this helpful?