# GitHub

GitHub is a tool that allows developers to create, store, manage and share their code.

### Usage of Github in Delivery Shield

* Delivery Shield can run security analysis to identify the GitHub security posture using frameworks such as [OpenSSF Scorecard](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/compliance-automation/openssf-scorecard).  
* It also collects metadata such as repository name, branch, list of commits, approvers etc., to perform supply chain security-related analysis and populate it on the DBOM for audit purposes. 
* It can run security scans such as SAST, Secret Scan and license scan on GitHub repositories.

### To Integrate Delivery Shield:

1. Navigate to **Setup** > **Integrations**.
2. In the **Source** panel, click **Github**.
3. The Github integration page is displayed. Click **+New Account**. 

<figure><img src="/files/hUguNMDhlqKljdPUfAyb" alt=""><figcaption></figcaption></figure>

4. In the popup that appears, enter the values for the following:

<figure><img src="/files/khAtrSSDB7e4DDs3PueP" alt=""><figcaption></figcaption></figure>

5. Enter the **Account Name, API URL, Authentication Type** and **Token** values of your Github account.
6. Select the **Teams** and the corresponding **Environments** from the dropdown for which you want the integration to be available. The integration will be available for the selected teams and environment only.&#x20;

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>You can select up to 5 teams for the integration to be displayed. </p></div>

   * A sample is given below for reference:

   <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXeuMZQzZsZQuulVdW9B9OuffNPoEXqbcpcAkYtKVyb7YiTQxbVIt1L4Gh-zshqX2J9MFKIat8x4oWFIGxdg3j1XVagyUNhUAlD_52soyMyd1cy53p6XiYi0LsTjIBfHcybRWl61?key=D9EXoOdGF7oYOBvYaW2GnRWJ" alt=""><figcaption></figcaption></figure>

   * In the example above,&#x20;
     * if **Team 1**, **Team 2**, and **Team 3** are selected, only applications associated with these teams can access the integration. Any applications belonging to other teams, such as **Team 4**, will not have access to this account.
     * Even if the user who created this account is also an admin for **Team 4**, the integration account remains restricted and is not available for **Team 4**.&#x20;
     * Access to the account is strictly limited to the specified **Teams** and **Environments** selected during account creation.
   * **For Organization Admins:**
     * When an **Organization Admin** creates an account without selecting specific **Teams** and **Environments**, the account will be universally applicable, granting access to **all teams** and **all environments** by default.
   * **For Team Admins with Multiple Teams:**<br>
     * If a **Team Admin** who manages multiple teams creates an account without specifying particular **Teams** and **Environments**, the account will only be accessible to the teams for which the logged-in user holds admin privileges.
7. Click **Save**. The tool is integrated in the source stage.&#x20;
8. To delete the integration, click the **Delete** button.&#x20;
9. You can edit the entered Github values by clicking the **Edit** option as shown below:

<figure><img src="/files/5pWgxCfcvH0NIvrdHysB" alt=""><figcaption></figcaption></figure>

10. Enter the new values and click **Update**.&#x20;

<figure><img src="/files/ggGrCdZZgeM8vTBUot0T" alt=""><figcaption></figcaption></figure>

The new values get updated. \ <br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opsmx.com/ssd/security-risk-and-prioritization/getting-started/integrating-ci-and-cd-tools-in-delivery-shield/github.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.