Skip to content

Integrate GitHub with BoostSecurity

BoostSecurity lets you connect your GitHub organization and apply security checks, including CI/CD supply chain security checks and Dependabot.

Prerequisites

As a prerequisite to installing the application:

  • Ensure that you have a GitHub organization and the following permissions in place.

Permissions

This integration will require the following permissions:

  • Read access - Actions, Dependabot alerts, webhooks, administration, metadata, secret scanning alerts, workflows, and security events.
  • Read & Write access - Checks, Issues, Pull Requests.

1. Connect GitHub to BoostSecurity

To install the GitHub App on your GitHub organization:

  1. Go to Settings on the navigation panel and select Integrations; Settings > Integrations.

    Settings and Integrations

  2. Choose the GitHub integration from the Available section.

    GitHub SCM

  3. Click Install: You will be directed to the GitHub App to install the BoostSecurity GitHub App.

  4. Select the appropriate GitHub organization on your account you want to install the BoostSecurity GitHub App.

  5. Choose whether to install the GitHub App on All repositories or Only select repositories.

    Info

    If you install the BoostSecurity app on All repositories, the access will apply to all current and future repositories. However, installing the app on Only select repositories would restrict BoostSecurity's access to just those repos. It is therefore recommended to install it for all repositories so that it is simpler to add the BoostSecurity security scanner to new repositories.

    Repository Access

  6. Click Install and Authorize.

Once the installation is completed, the BoostSecurity GitHub card is added to the Settings > Integrations > Installed section. At this point, the BoostSecurity GitHub App is installed on your GitHub organization!!!

GitHub Installed

2. Enable Default Dependabot and CI/CD Scanner Protection

It is recommended to configure your CI/CD pipelines and Dependabot for your GitHub organization after a successful integration.

To do this,

  1. Go to the Scanner Coverage page and select the Default Scanner Protection column for your GitHub integration.

  2. Toggle Enable the CI/CD scanner for new organizations and repositories and Enable the Dependabot scanner for new repositories.

    Enable CI/CD Scanner