GitHub
Firefly integrates with GitHub to pull in information about your repositories, organizations, and related assets. This integration allows you to manage and monitor your GitHub resources as part of your Firefly Inventory, enabling you to enforce policies and maintain consistency across your GitHub assets.
Prerequisites
A GitHub account with appropriate permissions.
A Personal Access Token (PAT) with the required scopes.
Access to the GitHub organizations you want to integrate.
Setup Procedure
Log in to your GitHub account.
Generate a Personal Access Token by visiting GitHub's token creation page with the following scopes:
Repository Scopes
repo:statusrepo_deploymentrepo:invitepublic_reposecurity_events
Organization Scopes
read:org
Public Key Scopes
read:public_key
Repository Hook Scopes
read:repo_hooknotifications
User Scopes
read:useruser:email
Discussion Scopes
read:enterprise
GPG Key Scopes
read:gpg_key
In Firefly:
Click Settings > Integrations.
Click Add New > GitHub.
Paste your Personal Access Token into the Access Token field.
Click Next.
Enter a descriptive name in the Nickname field.
Select the desired Organization.
Click Next.
Click Done.
Creating a Personal Access Token
Go to GitHub.com and log in to your account.
Click your profile picture > Settings.
Scroll down to Developer settings (bottom left).
Select Personal access tokens > Tokens (classic).
Click Generate new token > Generate new token (classic).
Give your token a descriptive name.
Select the required scopes as listed above.
Click Generate token.
Note: Copy the token immediately as you won't be able to see it again.
Configuration Details
Firefly scans every 8 hours by default for SaaS data.
Your GitHub repositories list will stay updated automatically.
You can enforce IaC or policies on your GitHub assets.
Supports monitoring of GitHub repositories, organizations.
Your Personal Access Token is stored securely and encrypted.
Last updated
Was this helpful?