1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. SaaS Security API
    5. Secure Sanctioned SaaS Apps on SaaS Security API
    6. Add Cloud Apps to SaaS Security API
    7. Begin Scanning a GitHub App

    Begin Scanning a GitHub App

    Authorize SaaS Security API to connect to GitHub to scan all content shared within the app.
    You can connect a GitHub to SaaS Security API to scan for public exposure of repository folders or source code files to ensure your company’s proprietary information is secure. With GitHub, you can control if SaaS Security API scans a collection of owner accounts connected to an organization or a single owner account.
    To connect GitHub to SaaS Security API and begin scanning assets, you need to:
    For information on which automated remediation capabilities SaaS Security API supports with GitHub, refer to Supported Content, Remediation and Monitoring.

    Add GitHub App

    In order for SaaS Security API to scan assets, you must consent to specific permissions during the course of adding the GitHub app.
    1. From the
      Dashboard
      , select
      Add a Cloud App
      , and click the
      GitHub
       icon.
    2. Click
      Connect to GitHub Account
      , then sign in with a GitHub account that has owner privileges.
    3. If your GitHub account is part of an organization,
      Grant
       SaaS Security API access to scan your organization’s repositories.
    4. Authorize
       SaaS Security API (listed as
      PAN ShieldArc
      ) access to your GitHub account.
    5. Verify that you successfully granted Third-Party application access to SaaS Security API.

    Identify Risks

    When you add a new cloud app, then enable scanning, SaaS Security API automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
    1. Start scanning the new GitHub app for risks.
      1. Select
        Settings
        Cloud Apps & Scan Settings
        .
      2. In the Cloud Apps row that corresponds to the new GitHub app, select
        Actions
        Start Scanning
        .
    2. During the discovery phase, as SaaS Security API scans files and matches them against enabled policy rules:
      • Verify that SaaS Security web interface displays assets.
      • Verify that your default policy rules are effective. If the results don’t capture all risks or you see false positives, proceed to next step to improve your results.
    3. (
      Optional
      ) Modify match criteria for existing policy rules.
    4. (
      Optional
      ) Add new policy rules.
      Consider the business use of your cloud app, then identify risks unique to your enterprise. As necessary, add new:
    5. (
      Optional
      ) Configure or edit a data pattern.
      You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.

    Fix GitHub Onboarding Issues

    The most common issues related to onboarding a GitHub app are as follows:
    Symptom
    Explanation
    Solution
    SaaS Security API web interface does not display assets that are associated with new branches.
    For performance reasons, SaaS Security API only scans the default branch of the repository, not all branches of the repository.
    This is expected behavior.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo