Begin Scanning GitHub

Use these steps to connect your GitHub account to Prisma SaaS.
You can connect a GitHub to Prisma SaaS to scan for public exposure of repository folders or source code files to ensure your company’s proprietary information is secure. With GitHub, you can control if Prisma SaaS scans a collection of owner accounts connected to an organization or a single owner account.
  1. Add GitHub to Prisma SaaS.
    1. From the Prisma SaaS
      , select
      Add a Cloud App
      , and click the
    2. Click
      Connect to GitHub Account
      , enter your username or email address, and your password.
      You must sign in with an account that has owner privileges.
    3. Authorize Prisma SaaS access to your GitHub account.
  2. (Optional)
    If your GitHub account is part of an organization, you must grant Prisma SaaS access to begin scanning of organization repositories.
    1. Log in to GitHub, click your profile icon, and select
    2. Select the organization name, click
      Third-party access
      , and
      Grant Access
      to Aperture (now known as Prisma SaaS).
  3. Add policy rules.
    When you add a new cloud app, Prisma SaaS automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of GitHub to determine if you need to Add a New Asset Rule to look for incidents unique to GitHub.
  4. Start scanning GitHub for incidents.
    1. Select
      Cloud Apps & Scan Settings
    2. In the Cloud Apps row that corresponds to the application instance you just added, select
      Start Scanning
      Prisma SaaS scans all assets in the associated app and begins to identify incidents. Depending on the number of users and assets, it may take some time to complete the process. However, as soon as you begin to see this information populating on the Prisma SaaS dashboard, you can begin to Assess Incidents.
  5. Monitor the results of the scan.
    As Prisma SaaS scans files and matches them against enabled policy rules, you can Monitor Scan Results on the Dashboard to verify your policy rules are effective. Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the policy rules to ensure better results.

Recommended For You