Chariot can scan source code repositories for hard-coded secrets and certain misconfigurations, such as public self-hosted runners.
Note: Chariot can always scan public repositories for hard-coded secrets. The integrations listed on this page are only necessary if you wish to scan private repositories or check for CI/CD misconfigurations.
In this page, we show how to integrate with:
GitHub
Log into the GitHub organization you would like to integrate with Chariot, and navigate to the Personal Access Tokens page. Click Generate new token:
Give the token a descriptive name and select an expiration period. Optionally add a description. Make sure to authorize the token for the organization you wish to scan:
Scroll down, and choose the repository access for the token:
Under Repository Permissions, add the Contents: Read-only repository permission to your token:
Scroll down and click Generate token. Copy the token to your clipboard and navigate back to Chariot.
In Chariot, on the Integrations page, click Add Integration. You will see GitHub listed under the Source Code Managers section, or you can use the search bar to find GitHub directly.
Paste the token into the integration menu along with your GitHub organization's URL:
Click Connect. Chariot will now regularly:
- Scan all repositories in your organization accessible through the provided PAT for hard-coded secrets.
- Run Praetorian's proprietary CI/CD misconfiguration scanner against your organization.
- Flag new (<24 hrs) public repositories.
- Flag private repositories recently (<24 hrs) turned public.
GitLab
Log into the GitLab group you would like to integrate with Chariot, and navigate to the Personal Access Tokens page. Click Add new token:
Give the token a descriptive name and select an expiration date. Select the following permission scopes and click Create personal access token:
After GitLab creates the token, click the clipboard icon to copy the token:
In Chariot, on the Integrations page, click Add Integration. You will see GitLab listed under the Source Code Managers section, or you can use the search bar to find GitLab directly.
Paste the token into the integration menu along with your GitLab group URL:
Click Add. Chariot will now regularly scan all projects in your group accessible to the provided PAT for hard-coded secrets.