Understand the benefits and process of linking GitHub account with PingSafe
Benefits of Github integration with PingSafe:
- Detects secrets, API keys, passwords, and hardcoded tokens embedded in the code to prevent fraudulent use of credentials. Currently, PingSafe detects more than 700 secrets and blocks the merge request in real time if any of the secrets are identified by the scanner.
- Detect misconfigurations in IaC(infrastructure as code) repositories to prevent security issues in production cloud infrastructure.
- Enables PingSafe to monitor the personal public repositories of the developers to detect the accidental leakage of secrets by the developers.
Permissions required during installation:
- Read access to Dependabot alerts, packages, and security events -> PingSafe provides you a consolidated view of your Dependabot alerts and other security events.
- Read access to code, discussions, issues, metadata, pull requests -> PingSafe scans your code, discussions, and issues to detect embedded secrets, API keys, passwords, and hardcoded tokens, and misconfigured IaC files.
- Read and write access to checks -> For each pull request created on GitHub, PingSafe attaches a security report in the form of checks. The status of checks can be Successful, Failed, or Pending depending on the security status and settings on the PingSafe dashboard.
- Read access to emails -> This is the read access to the email ID of the user installing the PingSafe. This is required to complete the OAuth flow. We also use this email to inform you in case there is something wrong with the installation.
Note: PingSafe does not consume any action minutes to support any of these features.
Connect your Github Account with PingSafe:
- Click on the top right corner of your account name, Select the “Settings” menu.
- Under “VCS Integration”, click on the “Github” tab or visit https://app.pingsafe.com/settings/integrations/github .
- Click on the “Add Another” button and select your Github account.
- You will be redirected to GitHub for the installation.
- Choose the account on which you want to install the PingSafe app.
- You will see the below screen if you’re the admin of the GitHub account.
- You can complete the integration by clicking “Install & Authorize”. You will be redirected back to PingSafe once the installation is done.
- In case, if you are not the admin of the GitHub account, you will get the below screen:
- In case you are seeing the “Authorize & Request” button, proceed with the option and you will be redirected back to PingSafe. Ask your GitHub admin to approve the installation to see it on the PingSafe dashboard.
- Once the installation is completed, PingSafe will start scanning all your existing repositories for embedded secrets and you’ll be able to see the leaked/hardcoded secrets under the “Information Leaks” on the PingSafe Dashboard.
By default, PingSafe will scan all the new merge requests for secrets and create a check with “Neutral” status even if secrets are detected in the code.
If you want to block the developers from merging code with embedded secrets, you can change the setting on the PingSafe dashboard to “Failed (blocking pull requests)”.
- In order to start scanning your IaC repositories, go to the “IaC scanning” tab and turn on the scanning for your repositories.
-
- Get alerted about misconfiguration in your Terraform templates to prevent issues from going to production.
- Get alerted about verified secrets being committed in your private repositories
- Get alerted when a new public repository is created by your developer:
- Get alerted when your developer is committing some secret in their public repositories. The secrets may belong to your organization.
- Get alerted about misconfiguration in your Terraform templates to prevent issues from going to production.
