To integrate with GitHub, Jit requires a dedicated repository that will host the product security plan, as well as the installation of the Jit GitHub application. These are prerequisites that enable the implementation of the set of security tools Jit orchestrates, that are specified in the security plan, via GitHub actions. This architecture choice allows Jit to invoke the set of code security tools without pulling the user source code into Jit's cloud. Jit GitHub application installation cannot be completed without owner approval.
- Click the Create Repository link to go to the GitHub's repository creation page and create a repository with the following specifications.
- Template: None.
- Owner: The organization you want to monitor. When the Jit GitHub app is installed later in this process, it gets access to the organization selected here.
- Repository name:
- Visibility: Private.
- Initialize this repository with: None of the listed options.
- Return to the Jit platform, and select Next.
When installed, the Jit GitHub app receives the following minimal set of permissions in GitHub:
- Write access to dedicated Jit files— which allows Jit to manage Jit files on your repositories.
- Read access to administration, code, issues, and metadata— which allows Jit to read the code on monitored repositories.
- Read and write access to actions, checks, pull requests, and workflows— which allows Jit to trigger workflows in the .jit repository, create and update PR checks, create and update pull requests, and modify workflow files.
- Select the link Install.
- Select the organization where you created the
.jitrepository in the previous step.
Selecting any organization other than the one where you created the
.jitrepository will result in installation failure.
- Select whether to install Jit GitHub app to All repositories or Only select repositories. If you do choose the Only select repositories option, the
.jitrepository must be selected in addition to the repositories you wish to monitor.
Jit recommends selecting All repositories. Repositories can later be excluded from the product security plan if you do not wish to protect them with Jit. Furthermore, with the selection of All repositories newly created repositories will be automatically protected by Jit.
- Select Install to proceed. If this option is not visible, see the note below.
If you are not currently logged in to GitHub as the organization owner, this page presents a Request rather than an Install option. Select Request to send a notification email to the GitHub organization owners. This email contains a link to this page, where the owner may complete installation by selecting Install. The onboarding wizard displays a waiting state until the installation is complete. Your progress in the onboarding process is preserved, even if you log out of the Jit platform.
Once the Jit platform confirms a successful installation, select Next and proceed to activate your security plan.
Updated 25 days ago