Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Include Page
API Header
API Header

...

Info

Note: You must use the organization’s owner account to setup the OAuth app ,authenticate it and log in through the same account while syncing in Zilla. The owner account is also required to get outside collaborators.

Steps To Create a Github Connector

1. Sign in to Github. In the upper-right corner of any page, click your profile photo, then click Settings.

...

3. In the left sidebar, click OAuth Apps, then click Register a new application.

...

4. Name your Zilla connector then click Register application.

Homepage URL should be https://app.zillasecurity.com/

...

Redirect URL should be https://app.zillasecurity.com/api/auth/callback/github

...

For the Authorization callback URL simply copy and paste https://app.zillasecurity.com/api/auth/callback/Githubgithub into the text box. Set up

...

5. Copy your Client ID and Client secret to a place you may access again (you will need these credentials to connect from Zilla in a future step).

Setup Github Application Integration on Zilla

...

  • Locate your desired Github application instance on Zilla, click Sync now in the top right and enable API Integration.

...

    • Client Id - Copied from the previous steps.

    • Client Secret - Copied from the previous steps.

    • Organization Id - Name of the organization on GitHub (located at Your Organizations tab when you click profile image at upper right corner).

    • Sync repositories as resource permissions - Yesif the integration should sync user access for each repository within the organization, defaults to No.

    • Enable account modifications? (Yes/No) - Yes will automatically revoke group memberships, repository permissions for a user, outside collaborators, outside collaborators' permissions to a repo and organization membership/inside collaborators and permissions (except for owner permissions) that have been flagged for revocation after an access review during a sync. Default value is No

Scopes Requested:

The Github integration automatically requests scopes with least privilege required

By default, the following scopes are requested

read:org, read:user, user:email

If the setting “Sync repositories as resource permissions” , then the following scope is additionally requested

repo

If the setting “Enable account modifications” is set to “Yes, then the following scope is additionally requested

write:org

Info

Note:

  1. When updating the “Sync repositories as resource permissions” setting from No to Yes, you must revoke all user tokens in Github.

  2. Revoking membership for an organization will remove that user from organization.

  3. GitHub has a concept of orphan organization i.e. organization with no owner. Make sure there are more than one owner if you are revoking ownership of an organization for a user.

  4. Revoking an outside collaborators' repository permission will remove him/her from the organization also only if he/she is not a member of any other repository.

  5. Zilla does not support organization’s ownership revocation. User will have to manually revoke the ownership directly in Github.

...

  • Click Sync Nowor Next.

  • Click Next.

...

    ...

    • If required, grant access. Your sync will start once you have granted Zilla access.

    ...

      ...

      • Once complete you may view the data

      ...

      • in Zilla.

      • If “Sync repositories as resource permissions” is Yes, on the Permissions tab additional permissions are displayed for each account (e.g., “admin: repo1“, “maintain: repo2”, “read: repo3”, “triage: repo4”, “write: repo5”).

      ...

      Info

      Troubleshooting GitHub Integration:

      1. Error 401 - This could due to expired access token or the user trying to sync does not have admin or owner access to GitHub’s account. Try reauthenticating the GitHub instance will resolve the error and if the issue still persist contact your admin for right access.

      2. Error 403 - This error could be due to insufficient scopes, please ensure that the scopes provided for zilla connector should be same as mentioned in these document. Error 403 could also occur if the organization has enabled OAuth App Access Restrictions, disabling the restriction would fix the issue. Refer this document for disabling the OAuth app access restrictions.

      3. Error 422 - This could also occur because your organization has enabled OAuth App Access Restrictions. Refer this document for disabling the OAuth app access restrictions.

      4. Error 400 - This could be due to API error please contact support@zillasecurity.com.

      5. Error 404 - This could be due to logging in through a non-owner of the organization trying to access repositories. Please make sure you are logged in with an owner of the organization

      Include Page
      Integrations Footer
      Integrations Footer