Github Actions - User Guide

In this article, you will understand step by step how to easily integrate with Github Actions

Permissions for Github Actions Integration 

The connection should be established by the owner of the organization. Only read access is required for all the listed scopes:

  • Actions
  • Metadata

Prerequisites

  1. Organization Owner in Github - Sign in to your Github account as the owner of the organization you wish to connect with.
    1. To confirm that you are the Organization Owner, visit the following page: https://github.com/settings/organizations.
      Make sure you see at least one organization listed on the page.
  2. If you've previously connected Scytale to GitHub organization, you may need to remove the Scytale app before connecting.

How to Connect Scytale and Github Actions


1) In Scytale, go to 'Integrations'.

 2) Search for Github Actions and select 'Connect'.

3) Add a connection name - this will be used to differentiate between your connections - and then select 'Next'

4) Select 'Connect'.
 
 5) You will be redirected to GitHub to allow access to the Scytale web app.

    You will see a list of your organizations. Choose the GitHub organization you wish to have monitored by Scytale, aligning with the audit scope

    Note: if "Configure" is visible next to the organization's name, it indicates that the organization already has the Scytale GitHub App installed.
    Please uninstall the app before attempting to connect.



    6) On the next page, you will see the list of permissions which are requested


    7) Choose the relevant repositories:

    • All repositories: Choose this if you want Scytale to monitor all of your repositories within a selected organization, including those created in the future.
    • Only select repositories: Choose this if you want Scytale to monitor specific repositories only. Unselected repositories will not be monitored (this only applies to private repositories; public ones remain visible even if they're not selected). New repositories created in the future will not be included in the monitoring.


    8) Select 'Install & Authorize'.

    9) You have now successfully connected to Github Actions

    FAQs

    Which Github pull requests do we collect for auditing?
    Pull requests that have been merged will be monitored, while those in any other status will not be monitored.

    Troubleshooting

    If the user who is trying to connect is not an owner of the selected organization, you may encounter this error.

    How to resolve this issue?

    To confirm that you are the Organization Owner, visit the following page: https://github.com/settings/organizations.

    Make sure you see at least one organization listed on the page.