GitHub

Firefly integrates with GitHub to pull in information about your repositories, organizations, and related assets. This integration allows you to manage and monitor your GitHub resources as part of your Firefly Inventory, enabling you to enforce policies and maintain consistency across your GitHub assets.

Prerequisites

  • A GitHub account with appropriate permissions.

  • A Personal Access Token (PAT) with the required scopes.

  • Access to the GitHub organizations you want to integrate.

Setup Procedure

  1. Log in to your GitHub account.

  2. Generate a Personal Access Token by visiting GitHub's token creation page with the following scopes:

Repository Scopes

  • repo:status

  • repo_deployment

  • repo:invite

  • public_repo

  • security_events

Organization Scopes

  • read:org

Public Key Scopes

  • read:public_key

Repository Hook Scopes

  • read:repo_hook

  • notifications

User Scopes

  • read:user

  • user:email

Discussion Scopes

  • read:enterprise

GPG Key Scopes

  • read:gpg_key

  1. In Firefly:

    • Click Settings > Integrations.

    • Click Add New > GitHub.

    • Paste your Personal Access Token into the Access Token field.

    • Click Next.

    • Enter a descriptive name in the Nickname field.

    • Select the desired Organization.

    • Click Next.

    • Click Done.

Creating a Personal Access Token

  1. Go to GitHub.com and log in to your account.

  2. Click your profile picture > Settings.

  3. Scroll down to Developer settings (bottom left).

  4. Select Personal access tokens > Tokens (classic).

  5. Click Generate new token > Generate new token (classic).

  6. Give your token a descriptive name.

  7. Select the required scopes as listed above.

  8. Click Generate token.

Note: Copy the token immediately as you won't be able to see it again.

Configuration Details

  • Firefly scans every 8 hours by default for SaaS data.

  • Your GitHub repositories list will stay updated automatically.

  • You can enforce IaC or policies on your GitHub assets.

  • Supports monitoring of GitHub repositories, organizations.

  • Your Personal Access Token is stored securely and encrypted.

Last updated

Was this helpful?