Begin Scanning a GitHub App

Authorize SaaS Security API to connect to GitHub to scan all content shared within the app.
You can connect a GitHub to SaaS Security API to scan for public exposure of repository folders or source code files to ensure your company’s proprietary information is secure. With GitHub, you can control if SaaS Security API scans a collection of owner accounts connected to an organization or a single owner account.
To connect GitHub to SaaS Security API and begin scanning assets, you need to:
For information on which automated remediation capabilities SaaS Security API supports with GitHub, refer to Supported Content, Remediation and Monitoring.

Add GitHub App

In order for SaaS Security API to scan assets, you must consent to specific permissions during the course of adding the GitHub app.
  1. From the
    Dashboard
    , select
    Add a Cloud App
    , and click the
    GitHub
    icon.
  2. Click
    Connect to GitHub Account
    , then sign in with a GitHub account that has owner privileges.
  3. If your GitHub account is part of an organization,
    Grant
    SaaS Security API access to scan your organization’s repositories.
  4. Authorize
    SaaS Security API (listed as
    PAN ShieldArc
    ) access to your GitHub account.
  5. Verify that you successfully granted Third-Party application access to SaaS Security API.

Identify Risks

When you add a new cloud app, then enable scanning, SaaS Security API automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
  1. Start scanning the new GitHub app for risks.
    1. Select
      Settings
      Cloud Apps & Scan Settings
      .
    2. In the Cloud Apps row that corresponds to the new GitHub app, select
      Actions
      Start Scanning
      .
  2. During the discovery phase, as SaaS Security API scans files and matches them against enabled policy rules:
    • Verify that SaaS Security web interface displays assets.
    • Verify that your default policy rules are effective. If the results don’t capture all risks or you see false positives, proceed to next step to improve your results.
  3. (
    Optional
    ) Modify match criteria for existing policy rules.
  4. (
    Optional
    ) Add new policy rules.
    Consider the business use of your cloud app, then identify risks unique to your enterprise. As necessary, add new:
  5. (
    Optional
    ) Configure or edit a data pattern.
    You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.

Fix GitHub Onboarding Issues

The most common issues related to onboarding a GitHub app are as follows:
Symptom
Explanation
Solution
SaaS Security API web interface does not display assets that are associated with new branches.
For performance reasons, SaaS Security API only scans the default branch of the repository, not all branches of the repository.
This is expected behavior.

Recommended For You