Community
Questions Library
Docs
Blog
Events
Swag
Github
Slack
JupiterOne
Discussions
Release Notes
Contact Us
GitHub Integration with JupiterOne - AskJ1 Community
<main> <article class="userContent"> <h2 data-id="github-jupiterone-integration-benefits">GitHub + JupiterOne Integration Benefits</h2> <ul><li>Visualize GitHub users, teams, code repositories, pull requests, issues, installed GitHub applications, organizational secrets, repo secrets, repo environments, and environmental secrets in the JupiterOne graph.</li> <li>Map GitHub users to employees in your JupiterOne account.</li> <li>Map GitHub users to development/security trainings.</li> <li>Monitor Github software development activities within repositories including changes, reviews and approvals.</li> <li>Monitor changes to GitHub user teams, users, code repositories, and pull requests using JupiterOne alerts.</li> <li>Monitor installations of GitHub Apps using JupiterOne alerts.</li> <li>Monitor and audit outside collaborators on code repositories.</li> </ul><h2 data-id="how-it-works">How it Works</h2> <ul><li>JupiterOne periodically fetches installed GitHub apps, GitHub users, teams, code repositories, issues, and recently created/changed pull requests in those repositories to update the graph.</li> <li>Write JupiterOne queries to review and monitor updates to the graph.</li> <li>Configure alerts to take action when the JupiterOne graph changes.</li> </ul><p><strong>Note:</strong> The integration limits ingestion of pull requests during each execution to 500 of those most recently created/modified since the last execution. This is an accumulative process so that PRs which have been ingested but are not changing remain in the graph.</p> <h2 data-id="requirements">Requirements</h2> <ul><li>JupiterOne requires the JupiterOne GitHub app with read-only permissions be installed in your Github Organization account.</li> <li>You must have permission in JupiterOne to install new integrations.</li> </ul><h2 data-id="support">Support</h2> <p>If you need help with this integration, contact <a rel="nofollow" href="https://community.askj1.com">JupiterOne Support</a>.</p> <h2 data-id="integration-guidelines">Integration Guidelines</h2> <p>Upon creating a new GitHub integration configuration in JupiterOne, the user is re-directed to GitHub to install the JupiterOne GitHub app.</p> <p>The integration is using GitHub Apps authentication, which requests permissions from the Organization installing the app. The app requests the following Read Only permissions:</p> <ul><li>Organization Metadata, Administration, Members, and Secrets</li> <li>Repository Metadata, Secrets, Environments, and Issues</li> </ul><p>All of these permissions are read-only.</p> <p>The Secrets API does not reveal the values of Secrets , only their names and creation dates.</p> <p>Github References:</p> <ul><li><a rel="nofollow" href="https://developer.github.com/apps/building-github-apps/setting-permissions-for-github-apps/">https://developer.github.com/apps/building-github-apps/setting-permissions-for-github-apps/</a></li> <li><a rel="nofollow" href="https://developer.github.com/v3/apps/permissions/#metadata-permissions">https://developer.github.com/v3/apps/permissions/#metadata-permissions</a></li> <li><a rel="nofollow" href="https://developer.github.com/v3/apps/permissions/#permission-on-contents">https://developer.github.com/v3/apps/permissions/#permission-on-contents</a></li> <li><a rel="nofollow" href="https://docs.github.com/en/rest/reference/actions#secrets">https://docs.github.com/en/rest/reference/actions#secrets</a></li> <li><a rel="nofollow" href="https://docs.github.com/en/rest/reference/permissions-required-for-github-apps#permission-on-secrets">https://docs.github.com/en/rest/reference/permissions-required-for-github-apps#permission-on-secrets</a></li> </ul><h3 data-id="in-github">In GitHub</h3> <p>Install the JupiterOne app in GitHub after creating the GitHub configuration in JupiterOne.</p> <h3 data-id="in-jupiterone">In JupiterOne</h3> <ol><li>From the configuration <strong>Gear Icon</strong>, select <strong>Integrations</strong>.</li> <li>Scroll to the <strong>GitHub</strong> integration tile and click it.</li> <li>Click the <strong>Add Configuration</strong> button and configure the following settings:</li> </ol><ul><li>Enter the <strong>Account Name</strong> by which you'd like to identify this GitHub account in JupiterOne. Ingested entities will have this value stored in <code class="code codeInline" spellcheck="false" tabindex="0">tag.AccountName</code> when <strong>Tag with Account Name</strong> is checked.</li> <li>Enter a <strong>Description</strong> that will further assist your team when identifying the integration instance.</li> <li>Select a <strong>Polling Interval</strong> that you feel is sufficient for your monitoring needs. You may leave this as <code class="code codeInline" spellcheck="false" tabindex="0">DISABLED</code> and manually execute the integration.</li> </ul><ol start="4"><li>Click <strong>Create Configuration</strong> once all values are provided.</li> </ol><h2 data-id="how-to-uninstall">How to Uninstall</h2> <ol><li>From the configuration <strong>Gear Icon</strong>, select <strong>Integrations</strong>.</li> <li>Scroll to the <strong>GitHub</strong> integration tile and click it.</li> <li>Identify and click the <strong>integration to delete</strong>.</li> <li>Click the <strong>trash can</strong> icon.</li> <li>Click the <strong>Remove</strong> button to delete the integration.</li> </ol><p><br></p> <h2 data-id="data-model">Data Model</h2> <h3 data-id="entities">Entities</h3> <p>The following entities are created:</p> <table><thead><tr><th>Resources</th> <th>Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Entity <code class="code codeInline" spellcheck="false" tabindex="0">_class</code></th> </tr></thead><tbody><tr><td>Account</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_account</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Account</code></td> </tr><tr><td>GitHub Env Secret</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_env_secret</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Secret</code></td> </tr><tr><td>GitHub Environment</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_environment</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Configuration</code></td> </tr><tr><td>GitHub Issue</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_issue</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Issue</code></td> </tr><tr><td>GitHub Org Secret</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_org_secret</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Secret</code></td> </tr><tr><td>GitHub Pull Request</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_pullrequest</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">PR</code></td> </tr><tr><td>GitHub Repo Secret</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo_secret</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Secret</code></td> </tr><tr><td>GitHub Team</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_team</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">UserGroup</code></td> </tr><tr><td>Github App</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_app</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">Application</code></td> </tr><tr><td>Github Repo</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">CodeRepo</code></td> </tr><tr><td>Github User</td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_user</code></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">User</code></td> </tr></tbody></table><h3 data-id="relationships">Relationships</h3> <p>The following relationships are created:</p> <table><thead><tr><th>Source Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> <th>Relationship <code class="code codeInline" spellcheck="false" tabindex="0">_class</code></th> <th>Target Entity <code class="code codeInline" spellcheck="false" tabindex="0">_type</code></th> </tr></thead><tbody><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_org_secret</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_team</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_account</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_user</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_account</code></td> <td><strong>INSTALLED</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_app</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_account</code></td> <td><strong>OWNS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_env_secret</code></td> <td><strong>OVERRIDES</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_org_secret</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_env_secret</code></td> <td><strong>OVERRIDES</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo_secret</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_environment</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_env_secret</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo</code></td> <td><strong>ALLOWS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_team</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo</code></td> <td><strong>ALLOWS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_user</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_environment</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_issue</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_pullrequest</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo_secret</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo_secret</code></td> <td><strong>OVERRIDES</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_org_secret</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo</code></td> <td><strong>USES</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_env_secret</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo</code></td> <td><strong>USES</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_org_secret</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo</code></td> <td><strong>USES</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_repo_secret</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_team</code></td> <td><strong>HAS</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_user</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_user</code></td> <td><strong>APPROVED</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_pullrequest</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_user</code></td> <td><strong>ASSIGNED</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_issue</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_user</code></td> <td><strong>CREATED</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_issue</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_user</code></td> <td><strong>MANAGES</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_account</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_user</code></td> <td><strong>MANAGES</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_team</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_user</code></td> <td><strong>OPENED</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_pullrequest</code></td> </tr><tr><td><code class="code codeInline" spellcheck="false" tabindex="0">github_user</code></td> <td><strong>REVIEWED</strong></td> <td><code class="code codeInline" spellcheck="false" tabindex="0">github_pullrequest</code></td> </tr></tbody></table><p><br></p> </article> </main>