JupiterOne + Github Integration

Navigate SecOps complexity by connecting GitHub users, repos, pull requests to the rest of the digital operations to analyze access and code commit security.

github integration jupiterone

Overview of Github Integration

JupiterOne provides a managed integration with GitHub. The integration connects directly to GitHub APIs to obtain account metadata and analyze resource relationships. Customers authorize access by creating a GitHub OAuth App in their account and providing the app credentials to JupiterOne.

Upon creating a new GitHub integration configuration in JupiterOne, the user is re-directed to GitHub to install the JupiterOne GitHub app.

The integration is using GitHub Apps authentication, which requests permissions from the org/account installing the app.

Beside the Metadata Permissions always granted, our app is only requesting Read Only for Repository Metadata and Organization Members at this time. Our app does not access source codes.

JupiterOne’s Github integration allows security analysts and development teams to ensure access to your code repos is assigned to the appropriate people with the appropriate permissions. It also allows your team to connect changes in you digital environment and code scanning findings with the contributor to more quickly remediate issues.

Additionally, JupiterOne is capable of detecting suspicious code commits in a git pull request (PR) by spotting commits self-approved by the code author and code commits made by a user unknown to the organization.

Github Ingested Resources

The following entity resources are ingested when the integration runs:

GitHub Entity Resource _type : _class of the Entity
Account github_account : Account
Repository github_repo : CodeRepo
Pull Request github_pullrequest : PR
User github_user : User
User github_team : UserGroup

Providing Complete Visibility for Leading Cloud-Native Organizations

Providing Complete Visibility for Leading Cloud-Native Organizations

databricks logo