Configure GitHub Instance for SaaS Security Posture Management
Configure GitHub Instance for SaaS Security Posture Management
Note
To integrate GitHub with SaaS Security Posture Management (SSPM), customer should have a GitHub enterprise cloud license.
Any non-enterprise licensed GitHub instances that are already integrated with SaaS Security Posture Management will stop receiving repository updates. Customers should upgrade their license and then re-grant the GitHub instance.
The installation instruction describes how to integrate your GitHub account with Netskope. To configure GitHub for SaaS Security Posture Management, you need to authorize Netskope as a web application client to access your GitHub account. To configure GitHub for SaaS Security Posture Management, there are two parts to this procedure:
- Install the Classic CASB API for GitHub app in the GitHub organization account
- Configure GitHub instance in the Netskope UI
Important
If you have already configured GitHub for API Data Protection, you need not install the GitHub app yet again. You can edit the existing GitHub instance under Settings > Configure App Access > Classic > SaaS and enable the Security Posture checkbox and re-grant the app instance.
Install Classic CASB API for GitHub App in GitHub
To install the Classic CASB API for GitHub app in the GitHub organization:
– If you are not sure of the management plane location of your tenant, contact your sales representative or Netskope support.
- Log in to www.github.com using your GitHub organization account.
- Based on the location of your Netskope tenant, install the Classic CASB API for GitHub app from the following URLs:
- https://github.com/apps/introspection-for-github-de (for Netskope tenants based out of FR4 management plane)
- https://github.com/apps/introspection-for-github-eu (for Netskope tenants based out of AM2 management plane)
- https://github.com/apps/introspection-for-github-na (for Netskope tenants based out of SV5 management plane)
- https://github.com/apps/introspection-for-github-na-sjc (for Netskope tenants based out of SJC1 management plane)
- https://github.com/apps/introspection-for-github-au (for Netskope tenants based out of MEL2 management plane)
- https://github.com/apps/introspection-for-github-na-sjc2 (for Netskope tenants based out of SJC2 management plane)
- https://github.com/apps/introspection-for-github-sin (for Netskope tenants based out of SIN2 management plane)
- https://github.com/apps/introspection-for-github-lon3 (for Netskope tenants based out of LON3 management plane)
- https://github.com/apps/introspection-for-github-eu-zur2 (for Netskope tenants based out of ZUR2 management plane)
- https://github.com/apps/introspection-for-github-sa-ruh1 (for Netskope tenants based out of RUH1 management plane)
- Click Install.
- Select the organization name > All repositories and click Install.
Note
Keep the installation options unchanged.
Once installed, you should see a successful message. Proceed to configure the GitHub instance in Netskope UI.
Note
Once you install the app, Netskope seeks consent for a set of permissions from your GitHub account. To know more about the permissions, see Permissions Required for GitHub.
Configure GitHub Instance in the Netskope UI
To authorize Netskope to access your GitHub instance:
- Log in to the Netskope tenant UI:
https://<tenant hostname>.goskope.com
and go to Settings > Configure App Access > Classic > SaaS. - Select the GitHub icon, and then click Setup Instance.
- The Setup Instance window opens. Enter the following details:
- Instance Name: Enter the name of the GitHub organization.Instance Type: Select the Security Posture checkbox. Select this option to allow Netskope to continuously scan through your SaaS app to identify and remediate risky SaaS app misconfigurations and align security posture with best practices and compliance standards.
Note
The instance name must be same as the GitHub organization name. It is case-sensitive.
Also, you have the option to run the policy at intervals (15 minutes, 30 minutes, 45 minutes, and 60 minutes).
Admin Username: Enter the GitHub username of the administrator.Admin Email: Enter the email address associated with the GitHub username.Note
The username must be same as the GitHub username of the administrator that you used to install the Classic CASB API for GitHub app. It is case-sensitive.
- Instance Name: Enter the name of the GitHub organization.
- Click Save, then click Grant Access for the app instance you just created. You will be prompted to log in with your admin username and password, and then click Grant Access. When the configuration results page opens, click Close.
Refresh your browser, and you should see a green check icon next to the instance name.
Next, you should configure a security posture policy. To do so, see SaaS Security Posture Management Policy Wizard.