Integrate with GitHub

Overview

Integrating Github.com allows Bridgecrew Cloud to:

  • Include your Infrastructure-as-Code files in daily scans
  • Scan changed resources in Infrastructure-as-Code files for every new build generated, (before it is merged to the main branch) and provide an actionable view of the results via GitHub checks - see Code Review.
  • Display compliance badges for your repositories - see Code Repository Badges
  • Open Pull Requests when you Remediate buildtime Incidents in your main branch - see Remediate.

📘

Note on Scans

  • Daily Scans - These scans analyze the entire contents of your Infrastructure-as-Code files in your main branch.
  • Scans triggered by Infrastructure-as-Code files changes in other branches- These scans inspect only the resources changed in the latest build of the branch.

How to Integrate

For details on integrating Bridgecrew with Github Enterprise Server, see here.

Part 1 - In Bridgecrew

  1. From Integrations Catalogue, under Code Integrations, select GitHub .
968
  1. Under the Configure Account tab, select Authorize. A GitHub Settings page will open.
960

Part 2 - In GitHub:

  1. Select Authorize Bridgecew.
1875
  1. Select All Repositories or select specific repositories, then select Install & Authorize.
1841

Part 3 - In BridgeCrew

  1. Select one of the following options then select Next:
  • Permit all existing repositories
  • Permit all existing and future repositories
  • Choose from the repository list.
    If choosing from the repository list, select the relevant repositories.

Note: selecting Previous will bring you back to the Configure Account tab. Use this to configure another account, if necessary.

1918
  1. When the message "New account successfully configured" appears, select Done.
1906

Note: after the next GitHub scan, the scanned repository will appear in the Integrations grid; for further details, see here.

Example

The image below shows an example of a Bridgecrew comment on a violation found in IaC resources modified in the PR that triggered the scan.
The comment includes violation details and a link to a documentation page that explains the related Policy.

1469

Authorizing a repository via the GitHub API

If you choose to select individual repositories in step 4 above, it can become challenging to manage a large list of repositories in a microservices-based or similar dynamic environment. Unfortunately, this is a limitation on the GitHub UI and is not controllable by Bridgecrew.

However, you can perform the following steps to automatically add a repo. The steps below work for a personal repository, but the process is similar if you have GitHub administrator for your organization.

  1. In GitHub, go to installed apps and click "configure" for the "Bridgecrew" app.
  2. Note the installation ID in the URL: https://github.com/settings/installations/1234567
  3. Go here and create a personal API access token. For simplicity, enable all scopes.
  4. Fetch the repo ID for a repository you want to add:

curl -u GITHUB_USERNAME:GITHUB_API_TOKEN -H "Accept: application/vnd.github.v3+json" https://api.github.com/users/GITHUB_USERNAME/repos | jq '.[] | select(.name == "REPO_NAME") | .id'

  1. Add the repo to the list of authorized apps:

curl -u GITHUB_USERNAME:GITHUB_API_TOKEN -H "Accept: application/vnd.github.v3+json" -X PUT https://api.github.com/user/installations/INSTALLATION_ID/repositories/REPO_ID

  1. If you go to the GitHub integrations page in Bridgecrew, you should see the new repository available to be selected. You can use the "Select all" button to select all the repos you authorized.