GitHub

Connect your GitHub organization to Ciphrix using the GitHub App for automated compliance monitoring of your repositories and development workflows.

Capabilities

The GitHub integration provides the following capabilities:

✅ Compliance Checks

Automatically verify security configurations and compliance controls across your GitHub organization including:

Repository security settings
Branch protection rules
Access controls and permissions
Code scanning configurations
Secrets management
Dependency security

How to Connect GitHub

Prerequisites

Before connecting GitHub, ensure you have:

GitHub account with access to your organization
Organization Owner or Admin permissions
Access to install GitHub Apps in your organization

Connection Instructions

Step 1: Initiate GitHub Connection in Ciphrix

You have two options to initiate the GitHub connection:

Option A: From Integration Library (Recommended)

Navigate to Integration Library
- Log in to ciphrix.app
- Go to Integrations in the sidebar
- Go to the Integration Library tab
- Search for or browse to GitHub
Connect GitHub
- Click the Connect button on the GitHub integration tile
- A connection form will appear

Option B: From Create Connection

Navigate to Create Connection
- Log in to ciphrix.app
- Go to Integrations in the sidebar
- Click Create Connection
Select GitHub
- From the connection provider dropdown, select GitHub
- A connection form will appear

Step 2: Fill Connection Details

Enter Connection Information
- Connection Name: Enter a friendly name for this connection
  - Example: "My Engineering GitHub"
  - Example: "Product Team GitHub"
  - Example: "Main Organization"
- Connection Identifier: Enter your GitHub organization name
  - This is your GitHub organization's username
  - Example: If your org URL is https://github.com/acme-corp, enter acme-corp
Important: Do not click Create/Save yet

Step 3: Authorize GitHub App

Click Authorize Button
- Click the Authorize button on the form
- A popup window will open for GitHub App installation
Click Link
- In the popup, click the Link button
- This will redirect you to GitHub's authorization flow

Step 4: Install GitHub App

The GitHub App installation flow will guide you through the following steps:

Select Organization
- If you have access to multiple organizations, select the ones you want to connect
- Click on the organization name
Review Permissions
- GitHub will show you the permissions that Ciphrix is requesting
- Review the permission scopes carefully
- These permissions allow Ciphrix to:
  - Read repository metadata and settings
  - Read security configurations
  - Read organization member information
  - Read branch protection rules
  - Read code scanning results
Select Repository Access
- Choose repository access:
  - All repositories: Grant access to all current and future repositories
  - Only select repositories: Choose specific repositories to monitor
Complete Installation
- Click Install or Install & Authorize
- GitHub will process the installation
- You'll see a success message

Step 5: Complete Connection

Click Finish
- After successful installation, click the Finish button
- The popup window will close automatically
Return to Ciphrix
- You'll be back at the Ciphrix integration form
- The connection will be finalized automatically

Step 6: Verify Connection

Check Connection Status
- After completing the authorization, you'll see the integration status
- Status should show Connected or Active
Initial Scan
- Ciphrix will automatically begin scanning your GitHub organization
- Ciphrix scans your environment once a week
- You can contact support@ciphrix.com to know your next scan date
- Compliance checks will run automatically
View Results
- Navigate to Monitoring
- View compliance check results and findings for your repositories

Permissions Requested

The Ciphrix GitHub App requests the following read-only permissions:

Repository Permissions

Administration: Read-only access to repository settings
Contents: Read-only access to repository contents
Metadata: Read-only access to repository metadata
Security events: Read-only access to security alerts

Organization Permissions

Members: Read-only access to organization members
Administration: Read-only access to organization settings

These permissions allow Ciphrix to:

✅ Read repository configurations and security settings
✅ View branch protection rules
✅ Check access controls and permissions
✅ Review security scanning configurations
✅ Monitor organization member access
❌ Cannot modify any repository settings
❌ Cannot access or read actual code content
❌ Cannot push code or make commits
❌ Cannot create or modify issues, PRs, or discussions

Managing the Integration

Adding More Repositories

To add more repositories to an existing integration:

Go to your GitHub organization settings
Navigate to Settings > GitHub Apps
Find Ciphrix in the installed apps list
Click Configure
Add additional repositories to the access list
Save changes

Revoking Access

To revoke Ciphrix's access to your GitHub organization:

Go to your GitHub organization settings
Navigate to Settings > GitHub Apps
Find Ciphrix in the installed apps list
Click Configure
Scroll to the bottom and click Uninstall
Confirm the uninstallation

Note: This will also disconnect the integration in Ciphrix.

Troubleshooting

Connection Failed

Issue: Authorization popup didn't open or failed

Ensure pop-ups are not blocked by your browser
Try using a different browser
Clear browser cache and cookies
Ensure you have a stable internet connection

Authorization Not Completing

Issue: Stuck on authorization screen

Verify you have Owner or Admin permissions in the GitHub organization
Check that your GitHub session hasn't expired
Try closing the popup and clicking Authorize again
Ensure the organization name is correct

No Data Appearing

Issue: Integration connected but no compliance data showing for more than 7 days

Contact Ciphrix Support support@ciphrix.com

App Installation Failed

Issue: GitHub App installation failed

Verify you have permissions to install apps in your organization
Check if your organization has restrictions on third-party apps
Ensure your GitHub organization is not suspended
Try uninstalling and reinstalling the app

Organization Not Found

Issue: GitHub organization not found during setup

Verify the organization name is spelled correctly
Ensure the organization exists and you have access to it
Check that you're using the organization username, not the display name
Confirm the organization is not private or restricted

Need to Change Organization

Issue: Need to connect a different organization

Create a new connection in Ciphrix with the new organization name
Follow the authorization flow again
You can have multiple GitHub connections for different organizations

Support

Need help with GitHub integration?

Email: support@ciphrix.com
GitHub App Issues: Verify app installation in your GitHub organization settings

Capabilities​

✅ Compliance Checks​

How to Connect GitHub​

Prerequisites​

Connection Instructions​

Step 1: Initiate GitHub Connection in Ciphrix​

Option A: From Integration Library (Recommended)​

Option B: From Create Connection​

Step 2: Fill Connection Details​

Step 3: Authorize GitHub App​

Step 4: Install GitHub App​

Step 5: Complete Connection​

Step 6: Verify Connection​

Permissions Requested​

Repository Permissions​

Organization Permissions​

Managing the Integration​

Adding More Repositories​

Revoking Access​

Troubleshooting​

Connection Failed​

Authorization Not Completing​

No Data Appearing​

App Installation Failed​

Organization Not Found​

Need to Change Organization​

Support​