GitHub for Snyk Essentials

GitHub setup guide for Snyk Essentials

If you used GitHub Apps for your SCM integrations at the Snyk Organization level, Snyk Essentials requires an overview of your GitHub Organization. This means that the GitHub integration in Snyk Essentials uses an API token as an authentication method to onboard your GitHub Organization.

Pulled entities by Snyk Essentials from GitHub

  • Repositories

  • Builds - only when using GitHub Actions.

  • Scans - only when using Code security.

Prerequisites

Ensure you meet all prerequisites listed on the GitHub and GitHub Enterprise permission requirements page.

Integrate GitHub using Snyk Essentials

  1. Profile name (mandatory): Input your integration profile name.

  2. Organizations (mandatory): Input the names of all the relevant GitHub organizations.

If you have changed the name of your GitHub organization, copy the new name from the GitHub URL and paste it into the GitHub Organizations field in the Snyk Essentials Integration Hub.

  1. Access Token (mandatory): Create your GitHub PAT from your GitHub Organization.

  1. Broker Token (mandatory): Create and add your Broker token if you use Snyk Broker.

  2. API URL (mandatory) - Input the API URL. The default URL is https://api.github.com.

  3. Pull personal repositories (optional): Enable the option if you only want to pull the repositories you own.

  4. Add Backstage Catalog (optional): If you want to add your Backstage catalog, follow the instructions from the Backstage file for SCM Integrations page.

Generate a Personal access token from your GitHub settings

  1. Open GitHub and click the Settings menu for your profile.

  2. Select Developer settings from the left sidebar.

  3. Select Personal access tokens and then Tokens (classic).

  4. Click Generate new token and, from the dropdown, select Generate new token (classic).

  5. Add a description for your token in the Note field.

  6. Select the required permissions:

    • repo

    • read:org

    • read:user

    • user:email.

  7. Click Generate token.

  8. Copy and store the displayed key.

Fine-grained personal access token is not supported.

API Version

You can use the GitHub REST API repository to access information about the API.

You can use as the host Address the IP/URL of the GitHub server. The default URL is https://api.github.com.

The user associated with the token needs to have write permissions on relevant repositories to collect a breakdown of scan issues.

Last updated

Was this helpful?