Github Actions - User Guide

In this article, you will understand step by step how to easily integrate with Github Actions

Permissions

The connection should be established by the owner of the organization. Only read access is required for all the listed scopes:

  1. Actions
  2. Metadata

Prerequisites

  1. Organization Owner in Github - Sign in to your Github account as the owner of the organization you wish to connect with.
    1. To confirm that you are the Organization Owner, visit the following page: https://github.com/settings/organizations.
      Make sure you see at least one organization listed on the page.
  2. If you've previously connected Scytale to GitHub organization, you may need to remove the Scytale app before connecting.

Connecting Scytale & Github Actions


1. In Scytale menu, navigate to the "integrations" page
2. Click on Connect Github Actions
3. Add a name for the connection
4. Click Next
5. Click on Connect

 
 

    6. Upon clicking connect, a new tab will open, guiding you to sign in to GitHub. The connection process in Scytale will remain open, as you come back to complete the connection

    7. You will see a list of your organizations. Choose the GitHub organization you wish to have monitored by Scytale, aligning with the audit scope

    Note: If "Configure" is visible next to the organization's name, it indicates that the organization already has the Scytale GitHub App installed.
    Please uninstall the app before attempting to connect.



    8. On the next page, you will see the list of permissions which are requested
    9. Repositories selection:

    1. All repositories: Choose this if you want Scytale to monitor all of your repositories within a selected organization, including those created in the future.
    2. Only select repositories: Choose this if you want Scytale to monitor specific repositories only. Unselected repositories will not be monitored (this only applies to private repositories; public ones remain visible even if they're not selected). New repositories created in the future will not be included in the monitoring.


    10. Click Install & Authorize
    11. After clicking Install & Authorize, you will be redirected back to Scytale and you've successful connected Github Actions ✅

    FAQs

    1. Which Github pull requests do we collect for auditing?
      Pull requests that have been merged will be monitored, while those in any other status will not be monitored.

    Troubleshooting

    1. If the user who is trying to connect is not an owner of the selected organization, you may encounter this error.

      How to resolve this issue?

      To confirm that you are the Organization Owner, visit the following page: https://github.com/settings/organizations.

      Make sure you see at least one organization listed on the page.