Github Actions - User Guide

In this article, you will understand step by step how to easily integrate with Github Actions

Through the integration with Github Actions, all deployments actions and workflows are collected for audit evidence. Performing this task manually can be quite time consuming, therefore this integration will streamline the SOC2 audit, and the evidence collected will address the controls related to the change management criteria.

How to connect Github Actions integration?

Step 1: Log in to the Scytale web app

  • Click on the "Integrations" menu screen to the left.
  • Click on the "Connect" button under the Github Actions icon.
  • Connection Name - is used to differentiate between your connections.
    For instance, if you manage multiple accounts or would like to connect multiple times to the integration. It's automatically titled (Connection 1,2,3 etc), but you can change it to a custom name to make it easier to identify.
    For example: scytale-production-env.
  • Click on "Next".
  • In the next step, you will be directed to Github to approve the authorization with Scytale, by clicking on "Connect". 

  • If you are not connected to your account, you'll need to confirm access.


Step 2: Authorize integration within Github

  • On the Github page, click on the "Install" button.


  • In the next step - "Install and Authorize", select "All repositories".
  • Click on the "Install & Authorize" button after you have read which permissions are required for the authentication.
  • Account access may need to be confirmed.

  • Once confirmed, you will be redirected to the Scytale app and the integration with  Github Actions will be successful.

Permissions for the integration with Github Actions:

Scytale collects evidence automatically for auditing purposes by using the permissions you have granted. The integration requires the following read-only permissions:

  • repositories:read 
  • actions: read