Integrate Cortex Cloud Application Security with your GitHub SaaS version control system (VCS) to enable security scans for exposed secrets, infrastructure-as-code (IaC) misconfigurations, vulnerabilities, package operational risks, and license compliance issues in your repositories. This integration allows you to analyze, prioritize, and resolve detected issues efficiently.
How to integrate GitHub SaaS
Prerequisite
Before you begin:
In GitHub, grant the user performing the Cortex application authorization the following permissions:
Organization Owner: Only an Organization Owner can directly authorize and install the application
Scope: The Cortex application requires the following authorization scopes:
Read access to Dependabot alerts, actions, actions variables, administration, deployments, discussions, metadata, packages, repository hooks, secret scanning alerts, secrets, and security events
Read and write access to checks, code, commit statuses, issues, and pull requests
Note
In contrast to GitLab SaaS , GitLab Self Managed (On-Prem) and Azure Repos, there is no individual record of each token used for authentication on the integrations page. However, Cortex Cloud Application Security retains and uses these tokens for necessary actions. Removing an integration will delete all associated tokens.
Onboarding steps
On the Cortex Cloud tenant.
Search for GitHub (SaaS), hover over it and click Add, or Add Another Instance if an instance is already onboarded.
Click on the Configure account step of the GitHub SaaS onboarding wizard.
You are redirected to your GitHub SaaS account in order to install and authorize Cortex AppSec), the GitHub App application handling the Cortex Cloud Application Security functionality.
Install and authorize Cortex AppSec on GitHub SaaS.
Select your organization on which will be installed.
Select the repositories to be authorized.
Review the permissions granted the application.
Click .
You are redirected to the Select Repositories step of the GitHub SaaS installation wizard on the console.
Refer to the GitHub documentation for more on authorizing and installing GitHub SaaS Apps.
On the Cortex XSIAM console.
Under Selection Options, choose the repositories to be connected to the instance:
Permit all existing repositories
Permit all existing and future repositories
Select Choose from repository list and select repositories from the list
Click Save.
Verify integration: On Data Sources, select → → and confirm that the status of your integrated GitHub instance is 'Connected'.
Verify integration and confirm that the your integrated GitHub SaaS instance has a status of Connected.
On Data Sources & Integrations, search for GitHub SaaS.
Hover over and select the resulting entry.
Verify that the status of your GitHub SaaS instance is Connected.
View repository assets and mitigate detected issues.
Subscribed events
Below is a comprehensive list of events to which Cortex Cloud Application Security is subscribed. These events encompass various actions and changes occurring within your GitHub SaaS environment that trigger notifications and integrations with Cortex Cloud Application Security.
Manage data source integrations
Manage integrations to align with evolving requirements and ensure they remain current.
Navigate to → and use the Vendor filter to located the required integration.
Select your vendor from the list.
The integrated instances for the selected vendor are displayed.
Right-click on an instance and select an option:
: Redirects to the Select Repositories step of the integration wizard, where you can modify configurations for the selected instance. For more details, refer to the relevant integration guide
: When confirmed, deletes the instance, including data from previous scans
Copy entire row – Copies all column values for the selected row to the clipboard.