Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

Overview

This document provides instructions on how to connect to an API to import data from this application into your instance of Zilla.

In this guide, you will:

  1. Launch your application from inside Zilla

  2. Set up an API configuration

  3. Send your data securely to Zilla

Step-by-Step Instructions

Note: You must use organization’s owner account to setup the OAuth app and authenticate it. The owner account is also required to get outside collaborators.

Steps To Create a Github Connector

1. Sign in to Github. In the upper-right corner of any page, click your profile photo, then click Settings.

2. In the left sidebar, click Developer settings.

3. In the left sidebar, click OAuth Apps, then click Register a new application.

4. Name your Zilla connector then click Register application.

Homepage URL should be https://app.zillasecurity.com/

Redirect URL should be https://app.zillasecurity.com/api/auth/callback/github

For the Authorization callback URL simply copy and paste https://app.zillasecurity.com/api/auth/callback/github into the text box.

5. Copy your Client ID and Client secret to a place you may access again (you will need these credentials to connect from Zilla in a future step).

Setup Github Application Integration on Zilla

  • Locate your desired Github application instance on Zilla, click Sync now in the top right and enable API Integration.

    • Client Id - Copied from the previous steps.

    • Client Secret - Copied from the previous steps.

    • Organization Id - Name of the organization on GitHub (located at Your Organizations tab when you click profile image at upper right corner).

    • Sync repositories as resource permissions - Yes if the integration should sync user access for each repository within the organization, defaults to No.

    • Enable account modifications? (Yes/No) - Yes will automatically revoke group memberships, repository permissions for a user, outside collaborators, outside collaborators' permissions to a repo and organization membership/inside collaborators and permissions (except for owner permissions) that have been flagged for revocation after an access review during a sync.

Note:

  1. When updating the “Sync repositories as resource permissions” setting from No to Yes, you must revoke all user tokens in Github.

  2. Revoking membership for an organization will remove that user from organization.

  3. GitHub has a concept of orphan organization i.e. organization with no owner. Make sure there are more than one owner if you are revoking ownership of an organization for a user.

  4. Revoking an outside collaborators' repository permission will remove him/her from the organization also only if he/she is not a member of any other repository.

  5. Zilla does not support organization’s ownership revocation. User will have to manually revoke the ownership directly in Github.

  • Click Sync Now or Next.

  • Click Next.

  • If required, grant access. Your sync will start once you have granted Zilla access.

  • Once complete you may view the data in Zilla.

  • If “Sync repositories as resource permissions” is Yes, on the Permissions tab additional permissions are displayed for each account (e.g., “admin: repo1“, “maintain: repo2”, “read: repo3”, “triage: repo4”, “write: repo5”).

Troubleshooting GitHub Integration:

  1. Error 401 - This could due to expired access token or the user trying to sync does not have admin or owner access to GitHub’s account. Try reauthenticating the GitHub instance will resolve the error and if the issue still persist contact your admin for right access.

  2. Error 403 - This error could be due to insufficient scopes, please ensure that the scopes provided for zilla connector should be same as mentioned in these document. Error 403 could also occur if the organization has enabled OAuth App Access Restrictions, disabling the restriction would fix the issue. Refer this document for disabling the OAuth app access restrictions.

  3. Error 422 - This could also occur because your organization has enabled OAuth App Access Restrictions. Refer this document for disabling the OAuth app access restrictions.

  4. Error 400 - This could be due to API error please contact support@zillasecurity.com.

When you have finished with all the steps above, review the information in Zilla that was synced.

Having trouble? Try our Troubleshooting articles or contact support@zillasecurity.com.

  • No labels