GitHub integration with Grip Security - Posture (SSPM)

Overview

This guide outlines the integration of GitHub with Grip Security, enabling Grip Security to deliver actionable insights regarding identity, repositories, branches, workflows, and secrets for both GitHub and GitHub Enterprise.

Prerequisites

• You need to provide Grip with your GitHub Access token and Organization ID.

• You will need an administrator role on the organization/enterprise to get the access token.

Get a GitHub access token and organization ID

• From your GitHub user, go to “Settings>> Developer settings”

• Go to “Personal access tokens >> Fine-grained tokens” and click on “Generate new tokens.”

• In the “New fine-grained personal access token” page:

• Enter the “Token name.” (1)

• In “Resource owner,” select the organization for which you want to run the SSPM; in this example, it is “Grip- Security” (2).

• In the “Repository access” section, select “All repositories” (3)

• Scroll down to “Permissions” (4) and select the following permissions:

  • Administration: Read- Only

  • Contents: Read- Only

  • Metadata: Read- Only

• In “Organization permission>> Administration,” select “Read-only.”

• Click on “Generate token.”

• Review the permissions you granted (5) and click “Generate token.”

• Copy the token (6)

• Copy the Organization ID (in this example, “Grip- Security”).

Connecting GitHub to Grip SaaS Security Posture Management.

• From the Grip portal, go to “Posture >> “Add Tenant.”

• Click on “Github.”

• Enter the required information in the “Tenant Details” fields: “Display Name, Organization ID, and  API Token Key.”

• Click on “Add Tenant.”

• Once the tenant is added, you will be directed to the tenant's page.

• Click the tenant to see and filter your policy statuses, assess your security posture, and begin fixing it.