# GitHub Cloud

## Overview

The GitHub Cloud integration connects data from your GitHub account to your Sola workspace, making it easy to search and find answers to your specific use cases.

The GitHub integration gives you a complete view of your GitHub organization, allowing you to monitor and analyze GitHub security posture and potential threats.

With the GitHub integration, you can:

* Gain full visibility into repository access and permissions.
* Monitor security policies, including branch protection and organization settings.
* Track and manage Dependabot vulnerability alerts.
* Ensure security best practices for your GitHub organization.

{% hint style="warning" %}
**Your data can only be retrieved, never modified.**

Once connected, your data is securely stored, and access is restricted to retrieving configurations and metadata only. Authentication methods ensure secure delegation of permissions while maintaining data integrity.
{% endhint %}

## Set up GitHub data source integration with Sola

{% columns %}
{% column width="75%" %}
Go to ***Integrations*** > [***Data Sources***](https://app.sola.security/integrations/data-sources) > click ***New data source*** > select ***GitHub Cloud***.

*The Sola wizard will take you through the steps.*
{% endcolumn %}

{% column width="25%" %} <a href="https://app.sola.security/integrations/data-sources?integration=github" class="button primary">Set up GitHub -></a>
{% endcolumn %}
{% endcolumns %}

### Connect GitHub to Sola

To connect GitHub Cloud, you’ll need a GitHub account with organization owner permissions or admin access to all repositories in your GitHub organization.

{% tabs %}
{% tab title="GitHub App" %}
Recommended for secure, production use.\
This method leverages a GitHub App to grant Sola temporary, permissioned access to your GitHub resources, at either the repository or organization level, based on your choice. It minimizes risks associated with personal tokens and long-term credentials by enforcing strict, scoped access.

* **GitHub App** (*Recommended*)\
  Install Sola’s GitHub App to securely and easily grant access to your organization’s GitHub data.
* **Custom GitHub App**\
  Create and install your own GitHub App for full control over permissions and configuration\
  ([see how-to guide below](#how-do-i-set-up-a-github-data-source-using-custom-github-app))

*Not sure which method to choose?* We recommend starting with the GitHub App for the fastest and most reliable setup.
{% endtab %}

{% tab title="Access Token" %}
Personal access token with read permissions.

**Required scopes**:

* repo
* read:org
* read:user
* user:email
* gist
* read:project
  {% endtab %}
  {% endtabs %}

*Follow the* [*step-by-step guide below*](#how-do-i-set-up-a-github-data-source-using-custom-github-app) *to complete the setup.*

<details>

<summary><strong>How do I set up a GitHub data source using custom GitHub App?</strong> </summary>

Complete the following steps to set up and configure your GitHub App to integrate Sola with GitHub Cloud.

{% hint style="info" %}
[Learn more about creating GitHub Apps](https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/registering-a-github-app).
{% endhint %}

#### 1. Create and configure your GitHub App

* Log in to your GitHub account and go to ***GitHub Settings*** > ***Developer settings*** > ***GitHub Apps***.
* Click ***New GitHub App*****,** and set:
  * `App Name:` Sola Integration (recommended)
  * `Homepage URL:` [https://app.sola.security](https://app.sola.security/)
  * `Webhook:` Uncheck Active (No webhook required)
  * `Permissions:` We recommend providing ***Read-Only*** permissions for all repository and organization related permissions.
    * To access GitHub workflows, you will need at least ***Read & Write*** permissions.
    * For valuable insights, provide access to at least the following scopes:
      * `repository:administration`
      * `repository:metadata`
      * `repository:webhooks`
      * `organization:administration`
      * `organization:webhooks`
* Click ***Create GitHub App*** and save the ***App ID***.

#### 2. Generate a Private Key

* In your newly created app settings, navigate to ***General*** > ***Private Keys***.
* Click ***Generate a private key***.
* Securely store the downloaded **.pem file**. This is your GitHub App private key.

#### 3. Install the GitHub App

* In the app settings, go to the ***Install App*** tab.
* Select the organization or account where you want to install the app.
* Click **Install** and confirm the installation.

#### 4. Get your installation ID

After installing the app, you will be redirected to the installation page: **<https://github.com/settings/installations/\\>\<app\_installation\_id>**

* Copy and save the **\<app\_installation\_id>**.

#### 5. Provide your credentials to Sola

Complete the integration by providing the following parameters in the Sola wizard:

* [x] GitHub App ID&#x20;
* [x] GitHub App Installation ID&#x20;
* [x] GitHub App private key (.pem file)

</details>

## Sync behavior and limitations

Some tables have specific sync constraints due to data size, retention policies, or performance considerations. Below are special cases to be aware of:

<table><thead><tr><th width="233.73828125">Table</th><th>Sync details</th></tr></thead><tbody><tr><td>github_commit</td><td>Includes data from the last 1 month.</td></tr><tr><td>github_actions_artifact</td><td>Includes data from the last 3 months.</td></tr><tr><td>github_issue</td><td>Includes data from the last 3 months.</td></tr><tr><td>github_issue_comment</td><td>Inherits the 3-month limit from github_issue, as comments are linked to issues.</td></tr><tr><td>github_pull_request</td><td>Includes data from the last 3 months.</td></tr><tr><td>github_release</td><td>Includes data from the last 3 months.</td></tr><tr><td>github_tag</td><td>Includes data from the last 3 months.</td></tr></tbody></table>

## Explore the app gallery for GitHub Cloud apps

![](/files/bKdo3yzED39AfQ5Oyclq) Get started with [GitHub-focused security apps](https://sola.security/app-gallery/?search=github), built by our expert team.

<figure><img src="/files/FNJ6DnRmNSUvDTprjVEx" alt="Explore the app gallery for GitHub Cloud apps"><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sola.security/integrations/data-sources/github.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.