Integrations
      Back to home
      1. Knowledge Base
      2. Detect
      3. Integrations

      Connecting GitHub private repo

      Connect to GitHub with a Personal Access Token, for organizations that want to create Prelude Detect Security Tests using custom libraries stored in private repositories.  This is not required if your library is publicly available.

       

      To attach an Amazon account to Detect, you will need:

      • The Prelude Dashboard / UI (US1 | EU1) or Prelude CLI
      • Access to GitHub (or a Personal Access Token already provided)

       

      In GitHub

      Navigate to Personal Access Tokens in Github

      • Direct access: https://github.com/settings/personal-access-tokens

      or

      1. Navigate to https://github.com 
      2. Click your user-icon (top right)
      3. Click Settings from the menu
      4. Select "Developer Settings" from the left hand menu
      5. Select "Personal access tokens" then "Fine-grained tokens"

      Generate a New Token

      1. Select "Generate New Token"
        1. authenticate if necessary
      2. Expiration: Set Expiration (or select No Expiration)
      3. Limit PAT Scope:
        1. We minimally requre "Read-Only" access to the Contents of the repositories containing the library you wish to use.
        2. Repository access: select the repositories that you want to allow the PAT to access
        3. Set Repository Permissions, ensure "Contents" is "Read-only"
        4. Click "Generate Token" and confirm "Contents" are atleast Read-Only
        5. Click "Generate Token"
        6. Copy the provided token.  It won't be recoverable later.

      In Prelude

      Attach the partner

      You can attach a partner via UI or CLI

      via UI

      • Navigate to your user name in upper right hand corner and select "Integrations"
      • Select the "Connect" action for GitHub
      • Fill out Base URL, Tenant ID, APP ID and App Secret to connect
        • Base URL should be set to https://github.com

      via CLI

      Ensure you have the latest version of the CLI

      • run: prelude partner attach --api https://github.com --user {ORGANIZATION}/{PROJECT} --secret {PAT} GITHUB
        • replace {ORGANIZATION}, {PROJECT} and {PAT} with the values from your GitHub PAT Generation
        • --api is a required field that should be set to https://github.com

      Detach the partner

      via UI

      • Navigate to your user name in upper right hand corner and select "Integrations"
      • Select the "Disconnect" action for GitHub

      via CLI

      Ensure you have the latest version of the CLI

      • run: prelude partner detach GITHUB
      • if you have multiple GITHUB integrations, then use --instance_id to select the specific instance to detach.