Github

Owned by Nathaniel Lichauco (Unlicensed)
Last updated: May 10, 2024 by Neha Chavan
4 min read

Note: You must use the organization’s owner account to setup the OAuth app ,authenticate it and log in through the same account while syncing in Zilla. The owner account is also required to get outside collaborators.

Steps To Create a Github Connector

1. Sign in to Github. In the upper-right corner of any page, click your profile photo, then click Settings.

 

2. In the left sidebar, click Developer settings.

 

3. In the left sidebar, click OAuth Apps, then click Register a new application.

4. Name your Zilla connector then click Register application.

Homepage URL should be https://app.zillasecurity.com/

Redirect URL should be https://app.zillasecurity.com/api/auth/callback/github

For the Authorization callback URL simply copy and paste https://app.zillasecurity.com/api/auth/callback/github into the text box.

5. Copy your Client ID and Client secret to a place you may access again (you will need these credentials to connect from Zilla in a future step).

Setup Github Application Integration on Zilla

  • Locate your desired Github application instance on Zilla, click Sync now in the top right and enable API Integration.

    • Client Id - Copied from the previous steps.

    • Client Secret - Copied from the previous steps.

    • Organization Id - Name of the organization on GitHub (located at Your Organizations tab when you click profile image at upper right corner).

    • Sync repositories as resource permissions - Yes if the integration should sync user access for each repository within the organization, defaults to No.

    • Enable account modifications? (Yes/No) - Yes will automatically revoke group memberships, repository permissions for a user, outside collaborators, outside collaborators' permissions to a repo and organization membership/inside collaborators and permissions (except for owner permissions) that have been flagged for revocation after an access review during a sync. Default value is No

Scopes Requested:

The Github integration automatically requests scopes with least privilege required

By default, the following scopes are requested

read:org, read:user, user:email

If the setting “Sync repositories as resource permissions” , then the following scope is additionally requested

repo

If the setting “Enable account modifications” is set to “Yes, then the following scope is additionally requested

write:org

Note:

  1. When updating the “Sync repositories as resource permissions” setting from No to Yes, you must revoke all user tokens in Github.

  2. Revoking membership for an organization will remove that user from organization.

  3. GitHub has a concept of orphan organization i.e. organization with no owner. Make sure there are more than one owner if you are revoking ownership of an organization for a user.

  4. Revoking an outside collaborators' repository permission will remove him/her from the organization also only if he/she is not a member of any other repository.

  5. Zilla does not support organization’s ownership revocation. User will have to manually revoke the ownership directly in Github.

 

  • Click Sync Now or Next.

  • Click Next.

  • If required, grant access. Your sync will start once you have granted Zilla access.

  • Once complete you may view the data in Zilla.

  • If “Sync repositories as resource permissions” is Yes, on the Permissions tab additional permissions are displayed for each account (e.g., “admin: repo1“, “maintain: repo2”, “read: repo3”, “triage: repo4”, “write: repo5”).