Configure GitHub for API Data Protection
Configure GitHub for API Data Protection
Note
Netskope API Data Protection supports the following GitHub editions:
- GitHub Free for user accounts
- GitHub Pro
- GitHub Free for organizations
- GitHub Team
- GitHub Enterprise cloud-hosted
To configure GitHub for API Data Protection, you need to authorize Netskope as a web application client to access your GitHub instance.
To configure GitHub for API Data Protection, there are two parts to this procedure:
- Install the Introspection for GitHub app in the GitHub organization account
- Configure GitHub instance in the Netskope UI
Install Introspection for GitHub App in GitHub
To install the Introspection for GitHub app in the GitHub organization:
- Log in to www.github.com using your GitHub organization account.
- Based on the location of your Netskope tenant, install the Introspection for GitHub app from the following URLs:
Note
Ensure that you are logged in to your GitHub organization account before accessing the following URLs.
- https://github.com/apps/introspection-for-github-de (for Netskope tenants based out of FR4 management plane)
- https://github.com/apps/introspection-for-github-eu (for Netskope tenants based out of AM2 management plane)
- https://github.com/apps/introspection-for-github-na (for Netskope tenants based out of SV5 management plane)
- https://github.com/apps/introspection-for-github-na-sjc (for Netskope tenants based out of SJC1 management plane)
- https://github.com/apps/introspection-for-github-na-sjc2 (for Netskope tenants based out of SJC2 management plane)
- https://github.com/apps/introspection-for-github-sin (for Netskope tenants based out of SIN2 management plane)
- https://github.com/apps/introspection-for-github-au (for Netskope tenants based out of MEL2 management plane)
- https://github.com/apps/introspection-for-github-lon3 (for Netskope tenants based out of LON3 management plane)
- https://github.com/apps/introspection-for-github-eu-zur2 (for Netskope tenants based out of ZUR2 management plane)
- https://github.com/apps/introspection-for-github-sa-ruh1 (for Netskope tenants based out of RUH1 management plane)
Note
If you are not sure of the management plane location of your tenant, contact your sales representative or Netskope support.
- Click Install.
- Select the organization name > All repositories and click Install.
Note
Keep the installation options unchanged.
Once installed, you should see a successful message. Proceed to configure the GitHub instance in Netskope UI.
Configure GitHub Instance in Netskope UI
To authorize Netskope to access your GitHub instance:
- Log in to the Netskope tenant UI and go to Settings > Configure App Access > Classic > SaaS.
- Select the GitHub icon, and then click Setup Instance.
- The Setup Instance window opens. Enter the following details:
- Instance Name: Enter the name of the GitHub organization.
Note
The instance name must be same as the GitHub organization name. It is case-sensitive.
- Instance Type: Select the appropriate features from the following options:
- API Data Protection: Select this option to allow Netskope to scan through your SaaS app instance to list files, user, and other enterprise data.
- Audit Reports: Select this option to generate audit logs/events such as any change made in the SaaS app (upload, download, delete, and more) that Netskope retrieves using API calls. You can view the audit logs/events on the Skope IT > EVENTS > Application Events page of the Netskope UI.
- Security Posture: Select this option to allow Netskope to continuously scan through your SaaS app to identify and remediate risky SaaS app misconfigurations and align security posture with best practices and compliance standards.
Note
This feature is part of the Netskope SaaS Security Posture Management solution. For additional configuration requirement, read Next Generation SaaS Security Posture Management.
- Admin Username: Enter the GitHub username of the administrator.
Note
The username must be same as the GitHub username of the administrator that you used to install the Introspection for GitHub app. It is case-sensitive.
- Admin Email: Enter the email address associated with the GitHub username.
- Instance Name: Enter the name of the GitHub organization.
- Click Save, then click Grant Access for the app instance you just created. You will be prompted to log in with your admin username and password, and then click Grant Access. When the configuration results page opens, click Close.
Refresh your browser, and you should see a green check icon next to the instance name.
Uninstall Introspection for GitHub App in GitHub
Note
You can skip this procedure if you continue to use GitHub for API Data Protection.
You can uninstall the Introspection for GitHub app too. To uninstall the app:
- Log in to www.github.com using your GitHub administration username.
- On the top-right, click Settings.Figure 4. GitHub Settings Window
- On the left navigation, click Organizations.
- Identify the organization where you have installed the GitHub app and click Settings.
- On the left navigation, click GitHub Apps.
- Identify the GitHub app and click Configure.
- Scroll down to the Uninstall <app name> section and click Uninstall.Figure 5. Netskope CASB API App Uninstall Window
Once you uninstall the app, Netskope stops receiving any notifications from GitHub.
