GitHub Cloud

Connect Sola and GitHub Cloud to get security insights

Overview

The GitHub Cloud integration connects data from your GitHub account to your Sola workspace, making it easy to search and find answers to your specific use cases.

The GitHub integration gives you a complete view of your GitHub organization, allowing you to monitor and analyze GitHub security posture and potential threats.

With the GitHub integration, you can:

Gain full visibility into repository access and permissions.
Monitor security policies, including branch protection and organization settings.
Track and manage Dependabot vulnerability alerts.
Ensure security best practices for your GitHub organization.

Your data can only be retrieved, never modified.

Once connected, your data is securely stored, and access is restricted to retrieving configurations and metadata only. Authentication methods ensure secure delegation of permissions while maintaining data integrity.

Set up GitHub data source integration with Sola

Go to Integrations > Data Sources > click New data source > select GitHub Cloud.

The Sola wizard will take you through the steps.

Connect GitHub to Sola

To connect GitHub Cloud, you’ll need a GitHub account with organization owner permissions or admin access to all repositories in your GitHub organization.

Recommended for secure, production use. This method leverages a GitHub App to grant Sola temporary, permissioned access to your GitHub resources, at either the repository or organization level, based on your choice. It minimizes risks associated with personal tokens and long-term credentials by enforcing strict, scoped access.

GitHub App (Recommended) Install Sola’s GitHub App to securely and easily grant access to your organization’s GitHub data.
Custom GitHub App Create and install your own GitHub App for full control over permissions and configuration (see how-to guide below)

Not sure which method to choose? We recommend starting with the GitHub App for the fastest and most reliable setup.

How do I set up a GitHub data source using custom GitHub App?

Complete the following steps to set up and configure your GitHub App to integrate Sola with GitHub Cloud.

Learn more about creating GitHub Apps.

1. Create and configure your GitHub App

Log in to your GitHub account and go to GitHub Settings > Developer settings > GitHub Apps.
Click New GitHub App, and set:
- App Name: Sola Integration (recommended)
- Homepage URL: https://app.sola.security
- Webhook: Uncheck Active (No webhook required)
- Permissions: We recommend providing Read-Only permissions for all repository and organization related permissions.
  - To access GitHub workflows, you will need at least Read & Write permissions.
  - For valuable insights, provide access to at least the following scopes:
    repository:administration
    repository:metadata
    repository:webhooks
    organization:administration
    organization:webhooks
Click Create GitHub App and save the App ID.

2. Generate a Private Key

In your newly created app settings, navigate to General > Private Keys.
Click Generate a private key.
Securely store the downloaded .pem file. This is your GitHub App private key.

3. Install the GitHub App

In the app settings, go to the Install App tab.
Select the organization or account where you want to install the app.
Click Install and confirm the installation.

4. Get your installation ID

After installing the app, you will be redirected to the installation page: https://github.com/settings/installations/<app_installation_id>

Copy and save the <app_installation_id>.

5. Provide your credentials to Sola

Complete the integration by providing the following parameters in the Sola wizard:

GitHub App ID
GitHub App Installation ID
GitHub App private key (.pem file)

Sync behavior and limitations

Some tables have specific sync constraints due to data size, retention policies, or performance considerations. Below are special cases to be aware of:

Table

Sync details

github_commit

Includes data from the last 1 month.

github_actions_artifact