sevco.io

📘

Public Preview

This integration is currently in public preview. We are investigating new fields to pull from GitHub as well as different authentication methods. If you have feedback about this integration, please feel free to contact us.

About

GitHub provides tools for software development including distributed version control, CI/CD, and project tracking.

Why you should integrate

This integration will provide visibility into your GitHub users within the Sevco Security app. You will be able to see the user's username, name*, and email*, as well as important timestamps like when the user was created or last updated.

*Unlike some tools, GitHub accounts are not owned by an organization, so the user has the choice to make this information public. If the user has not made a field public, it will not appear in Sevco.

How does the Integration Work

This integration pulls users using the GitHub GraphQL API; specifically the getMembersWithRoles query on the Organization object.

This data is only used internally; we do not share it with any parties outside of Sevco. Refer to our privacy policy for details.

Configurations

  1. Choose a Schema: A schema is a configuration template that defines a specific way to connect, authenticate, and interact with a source. The following are the available schemas:

    • Personal Access Token: Will retrieve user assets using your GitHub Personal Access Token (PAT)
  2. Configure Plugin:

    Personal Access Token Schema

    FieldDescriptionExample
    Enterprise GraphQL EndpointThe GraphQL endpoint of your self-hosted GitHub Enterprise server, if applicablehttps://github.sevco.com/graphql
    TokenYour Personal Access token from GitHubghp_ikGhqWDKu9p5KqpMvJFULYl2Ja7Ai8B7zNtC
    Organization NameThe name of the organization you want to pull assets from. This should be the string that appears in your organization's GitHub URL (e.g. https://github.com/github)github
  3. Configure Name: OPTIONAL: You can give the configuration a name to provide an identifiable attribute of the configuration to delineate other similar configurations.

  4. Activate Config: To enable this configuration and begin pulling data select "Activate". If you wish to save the configuration to come back later to finish, select "Save Draft". This will save the configuration, but keep it disabled until Activated.

Source Documentation

Creating Credentials

Personal Access Token Schema

In order to use the Personal Access Token schema, you must create a token with the following scopes:

read:org
read:user
user:email

Please refer to the following documentation for creating a personal access token:

https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token

Contact Us

If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].