Configure GitHub for the Next Generation API Data Protection
Configure GitHub for the Next Generation API Data Protection
To configure GitHub for the Next Generation API Data Protection, follow the instructions below.
- The classic version of the GitHub app is now deprecated. New customers can no longer set up a new GitHub app instance on the classic platform. If you need to setup a new instance of GitHub, select the GitHub app available under Next Generation platform.
- If you currently use the classic version of the GitHub app, no action required. You should continue to use the classic version that you use today. Netskope will notify you via a banner message on the Netskope tenant UI when you can switch over to the Next Generation app.
Alternatively, you may add the appropriate Netskope IP ranges to your organization as described in this article. For a list of Netskope IP address ranges, see NewEdge Consolidated List of IP Ranges for Allowlisting (requires a log in credential. If you do not have one, contact support@netskope.com.)
Prerequisite
Before configuring GitHub for the Next Generation API Data Protection, review the prerequisites.
-
You require a GitHub Enterprise Cloud edition.
-
A GitHub account who is either a member or owner of your GitHub organization.
-
If you have guest or external users in your SaaS environment belonging to domains considered internal, you must set the appropriate internal domains for Netskope to classify exposure accurately. To set up internal domains, follow this article.
Install the Netskope CASB API App in GitHub
To install the Netskope CASB API app in the GitHub organization, follow the steps below:
-
Log in to www.github.com using your GitHub organization account.
-
Install the Netskope CASB API app from the following URL: https://github.com/apps/netskope-casb-api.
-
Click Install.
-
Select the organization name > All repositories and click Install.
To know more about the permissions, see Permissions Required for GitHub.Keep the installation options unchanged.
Once installed, you should see a successful message at the top of the page. Proceed to configure the GitHub instance in Netskope UI.
Configure GitHub Instance in Netskope UI
To authorize Netskope to access your GitHub instance, follow the steps below:
-
Log in to the Netskope tenant UI and go to Settings > Configure App Access > Next Gen > CASB API.
-
Under Apps, select GitHub and click Setup CASB API Instance.
The Setup Instance window opens.
-
Enter the GitHub organization name.
The organization name should be the same as the one you installed the Netskope CASB API app on. It is case-sensitive. -
Under Administrator Email, enter the email address of the user who will receive an email notification when a policy violation or event triggers. This step is optional.
-
Under Instance Name, enter a name of the SaaS app instance. This step is optional and if left blank, Netskope will determine the name of the app instance post grant.
-
Click Grant Access. You will be prompted to log in with your GitHub member or owner of your GitHub organization username and password, and then click Sign In. When the configuration results page opens, click Close.
Refresh your browser, and you should see a green check icon next to the instance name.
Next, you can can view the Next Generation API Data Protection Inventory page to get deep insights on various entities on your GitHub environment. For more information on the Inventory page, see Next Generation API Data Protection Inventory.
You can receive audit events and standard user behavior analytic alerts in Skope IT. To know more: Next Generation API Data Protection Skope IT Events.
Next, you should configure a Next Generation API Data Protection policy. To do so, see Next Generation API Data Protection Policy Wizard.
(Optional) Uninstall the Netskope CASB API App in GitHub
If you discontinue the integration between GitHub and Next Generation API Data Protection, first, you have to delete the GitHub instance from the Netskope tenant UI. Then, uninstall the Netskope CASB API app from GitHub.
You can uninstall the Netskope CASB API app. To uninstall the app, follow the steps below:
-
Log in to www.github.com using your GitHub administration username.
-
On the top-right, click Settings.
-
On the left navigation, click Organizations.
-
Identify the organization where you have installed the GitHub app and click Settings.
-
On the left navigation, click GitHub Apps.
-
Identify the GitHub app and click Configure.
-
Scroll down to the Uninstall <app name> section and click Uninstall.
Once you uninstall the app, Netskope stops receiving any notifications from GitHub.