Onboarding Step 3: GitHub Integration
GitHub Integration
In this step you will install the Jit GitHub app and select a centralized repository for Jit. Note that integration of the GitHub App is mandatory. For more information, see Getting Started.
Requirements
When installed, the Jit GitHub app requires the following permissions in GitHub:
| Permission | Purpose |
|---|---|
| Write access to dedicated Jit files | Enables Jit to manage Jit files in your repositories. |
| Read access to administration, code, issues, and metadata | Enables Jit to read code in monitored repositories. |
| Read and write access to actions, checks, pull requests, and workflows | Enables Jit to trigger workflows, create and update PR checks, create and update pull requests, and modify workflow files. |
| Read and write access to content | Enables Jit to detect vulnerabilities in code and open remediation PRs in a new branch. |
| Read access to members | Enables Jit to verify that only members of your organization can log into the Jit platform |
| Read and write access to deployment (future feature) | Enables Jit to run security requirements on new deployments and block deployments based on security findings. |
As part of the installation steps below, you will be asked to select a repository to hold Jit's primary configuration files. You can use an existing repository or create a new one.
selected_repo/.github/workflows/jit-security.yml(GitHub Actions)selected_repo/.jit(Jit security-as-code configuration)
This architecture enables security scanning within your GitHub organization and lets you modify your security configuration as code:
- Select a repository that is not under branch protection.
- Installation of the Jit GitHub app requires owner approval.
- GitHub integration cannot be completed without a dedicated repository.
Integration Steps
Open the GitHub Integration Wizard
- InSecurity Plans go to your plan and click View Plan.
- Go to Activation > GitHub and click Integrate.
To return to the plan If you've already started to explore the Jit platform, click Go to Plan.
Wizard Step 1: Install Jit GitHub app
- Click Install to navigate to the Install Jit CI dialog in GitHub.
- In the GitHub dialog, either:
- Recommended: Select All repositories and then click Install to automatically protect new repositories with Jit. When needed, repositories can later be excluded in Manage Resources.
- If you are not logged in to GitHub as the organization owner, select Request to send a notification email with a link to the page and an Install option to the GitHub organization owners. The Onboarding wizard remains in Waiting status until the installation process is complete. Your Onboarding progress is saved if you log out of the Jit platform.
- Click Next.
Wizard Step 2: Set Jit centralized repository
- Select your dedicated repository from the dropdown.
- Click Go to plan to activate your plan's security requirements.
Additional information and options
- Branch protection rules cannot be set on a Jit centralized repo since changes to the Jit platform UI directly impact as-code configurations. If you cannot disable a branch protection rule, please contact us via chat for support.
- A dedicated a new repository can be created for Jit using the provided Create a new Jit repository link. After creating the repository, return to the Wizard and click Reload.
- IfAll repositories was not selected, Jit does not have permissions to all repositories and does not receive notification about the new repository. Click Edit access permission and allow the Jit app permission for the new repo.
- Click Reload after changing permissions.
Success!
You are good to go.
Start activating security controls in your plan.
If you have third-party products/services you would like to integrate with Jit (such as Slack or Jira) proceed to Integrating With Third-Party Products and Services.
For instructions on configuring dependency scanning within monorepos, see Monorepo Support.
Updated 4 months ago