Chariot can scan source code repositories for hard-coded secrets and certain misconfigurations, such as public self-hosted runners.

Note: Chariot can always scan public repositories in organization seeds for hard-coded secrets. The integrations listed on this page are only necessary if you wish to also scan private organization repositories or check for CI/CD misconfigurations.


Log into the GitHub organization you would like to integrate with Chariot, and navigate to the Personal Access Tokens page. Click Generate new token:

Give the token a descriptive name and select an expiration period. Optionally add a description. Make sure to authorize the token for the organization you wish to scan:

Scroll down, and choose the repository access for the token:

Finally, add the Contents: Read-only repository permission to your token:

Scroll down and click Generate token. Copy the token to your clipboard and navigate back to Chariot. In the Integrations tab, click on the GitHub integration card and paste the token into the integration menu:

Provide the URL to your GitHub organization and click Add. Chariot will now regularly:

  • Scan all repositories in your organization accessible to the provided token for hard-coded secrets.
  • Run Praetorian's proprietary CI/CD misconfiguration scanner against your organization.