GitHub
This integration supports GitHub Enterprise Server and allows you to visualize GitHub users, teams, repositories, pull requests, issues, and more. Map GitHub users to employees and training, and monitor software development activities, installations of GitHub apps, and outside collaborators.
The integration limits the ingestion of pull requests and issues to the 500 most recently created or modified since the last execution.
- Installation guide
- GitHub data model
Installation
GitHub Enterprise Server Versions 3.3.3 and above have been verified as compatible with this integration. Other versions may work but are not fully supported.
To install the GitHub integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select GitHub. Click New Instance to begin configuring the integration.
In the new instance configuration, provide:
Account Name used to identify the GitHub account in JupiterOne. Ingested entities have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled.Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.For GitHub Enterprise Servers only: enable the toggle and provide the relevant Hostname, App ID, App Installation ID, and upload your API Private Key.
After creating a new GitHub integration configuration in JupiterOne, you will be re-directed to GitHub to install the JupiterOne GitHub app. The app requests read-only permissions to support ingestion of entities and relationships.
View GitHub permissions
Note
The Secrets API does not reveal the values of Secrets, only their names and creation dates.
Repository Permissions
- Actions: Read-only
- Administration: Read-only
- Dependabot alerts: Read-only
- Discussions: Read-only
- Environments: Read-only
- Issues: Read-only (enables both Issues and private-repo PRs)
- Metadata: Read-only
- Pages: Read-only
- Pull requests: Read-only
- Secrets: Read-only
Organization Permissions
- Administration: Read-only
- Members: Read-only
- Secrets: Read-only
- Events: Read-only
User Permissioms
- None
Refer to GitHub's documentation information on setting GitHub app permissions and secret permissions
Hierarchy of data retrieval
This integration uses many steps to retrieve data. Some of the steps depend on others. If there is a crash or error, it might be helpful to understand the hierarchy of step dependency:
- The root step is
fetch-account. All other steps depend on it. - There are four steps that depend only on
fetch-accountthat could be considered primary steps. These are:fetch-appsfetch-reposfetch-usersfetch-teams.
- Other steps logically require multiple primary steps to complete. Examples include:
fetch-collaboratorsfetch-team-membersfetch-team-repos
- Finally, some sophisticated steps require both primary steps and secondary steps before they can execute. For example,
fetch-prsneeds bothfetch-reposandfetch-collaboratorsin order to properly label reviewers and approvers.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | github_account | Account |
| CVE | cve | Vulnerability |
| CWE | cwe | Weakness |
| GitHub Branch Protection Rules | github_branch_protection_rule | Rule |
| GitHub Code Scanning Alerts | github_code_scanning_finding | Finding |
| GitHub Env Secret | github_env_secret | Secret |
| GitHub Environment | github_environment | Configuration |
| GitHub Issue | github_issue | Issue |
| GitHub Org Secret | github_org_secret | Secret |
| GitHub Pull Request | github_pullrequest | PR |
| GitHub Outside Collaborator | github_user | User |
| GitHub Repo Secret | github_repo_secret | Secret |
| GitHub Team | github_team | UserGroup |
| GitHub Vulnerability Alerts | github_finding | Finding |
| Github App | github_app | Application |
| Github Repo | github_repo | CodeRepo |
| Github User | github_user | User |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
github_account | HAS | github_org_secret |
github_account | HAS | github_team |
github_account | HAS | github_user |
github_account | INSTALLED | github_app |
github_account | OWNS | github_repo |
github_app | OVERRIDES | github_branch_protection_rule |
github_env_secret | OVERRIDES | github_org_secret |
github_env_secret | OVERRIDES | github_repo_secret |
github_environment | HAS | github_env_secret |
github_finding | EXPLOITS | cwe |
github_finding | IS | cve |
github_pullrequest | CONTAINS | github_pullrequest |
github_repo | ALLOWS | github_team |
github_repo | ALLOWS | github_user |
github_repo | HAS | github_branch_protection_rule |
github_repo | HAS | github_code_scanning_finding |
github_repo | HAS | github_environment |
github_repo | HAS | github_finding |
github_repo | HAS | github_issue |
github_repo | HAS | github_pullrequest |
github_repo | HAS | github_repo_secret |
github_repo_secret | OVERRIDES | github_org_secret |
github_repo | USES | github_env_secret |
github_repo | USES | github_org_secret |
github_repo | USES | github_repo_secret |
github_team | HAS | github_user |
github_team | OVERRIDES | github_branch_protection_rule |
github_user | APPROVED | github_pullrequest |
github_user | ASSIGNED | github_issue |
github_user | CREATED | github_issue |
github_user | MANAGES | github_account |
github_user | MANAGES | github_team |
github_user | OPENED | github_pullrequest |
github_user | OVERRIDES | github_branch_protection_rule |
github_user | REVIEWED | github_pullrequest |