Chariot provides comprehensive security scanning for GitHub repositories, helping organizations identify potential security risks like exposed secrets and misconfigurations. While Chariot can scan any public repository without additional setup, you'll need to configure an integration to scan private repositories within your organization.

In this page, we show how to integrate with GitHub using a Personal Access Token (PAT) or by installing a Github Application.

GitHub PAT

To integrate GitHub with Chariot, you'll need to create a Personal Access Token (PAT) with the appropriate permissions. Start by visiting GitHub's Personal Access Tokens page and generating a new token.

Give the PAT a descriptive name and set an appropriate expiration period. Make sure to authorize the token for your target organization.

Choose the repository access for the token:

Under Repository Permissions, grant "Contents: Read-only" access to allow Chariot to scan repository contents.

Click Generate token at the bottom of the page. Copy the token to your clipboard and navigate back to Chariot.

Configuring the Integration in Chariot

Navigate to the Integrations page and select GitHub from the "Source Code Managers" section. 

Enter your GitHub organization's URL and paste your PAT in the provided fields, then click Connect to establish the integration.

 

  • Scan all repositories in your organization accessible through the provided PAT for hard-coded secrets.
  • Run Praetorian's proprietary CI/CD misconfiguration scanner against your organization.
  • Flag new (<24 hrs) public repositories.
  • Flag private repositories recently (<24 hrs) turned public.

GitHub App Integration

As an alternative to using a Personal Access Token, you can integrate Chariot using the GitHub App installation method, which provides more granular control over repository access.

To set up the GitHub App integration, navigate to the Integrations page in Chariot and select GitHub from the Source Code Managers section.

When clicking Connect, choose the "Install GitHub App" option in the popup dialog. 

You'll be directed to GitHub's App installation page where you can configure access permissions. Select your target organization.

Choose whether to grant access to all repositories or specify individual repositories for Chariot to scan. After setting your preferences, click "Authorize & Request" to proceed.

GitHub will send an approval email containing a review request link.

Through this link, you can review and approve repository access for the Chariot app.

You can verify the installation by checking your organization's GitHub Apps settings under Settings > Third Party Access > GitHub Apps.

Once approved, Chariot will display the successful integration status in the integrations table. You can manage the app's access permissions at any time through your organization's GitHub settings.

If you run into any issues during the integration process or have questions about maximizing the value of this integration, our support team is ready to help. You can reach us at support@praetorian.com, and we'll be happy to guide you through any challenges you encounter.