What does this connector do?
This connector scans the GITHUB environment for the following four compliance checks.
- Ensure that MFA is enabled for all GitHub users
- Ensure that access to repositories is via teams and not to individual users
- Key branch protection is enabled on the main branch
- Secrets, if any, are updated every size months
These checks are pre-mapped to ISO and SOC 2 requirements automatically out of the box.
This connector requires an Organization Github account and does not work with Personal accounts. The user that configures the installation ID must be a member of the organization.
You can read more about types of GitHub accounts here.
Connecting to GitHub
Required Permissions
Please ensure you have admin or equivalent permissions to install GitHub Apps in your Github environment. You can read about installing Github Apps here.
Overview
ControlMap connects to GitHub using a GitHub App installed in your Github environment.
You can start by accessing the app using the link below.
https://github.com/apps/audit-evidence-collection
Follow the instructions for configuring and installing this app in your environment by clicking on the Configure button.
* If you do not see the Configure button, make sure that you are logged into an organization account.
You will be guided through a series of steps such as
1. Selecting the organization where you want to install the application (if you have access to more than one organization)
2. Approving the repositories and the User Permissions
After completing these steps, you will be redirected to the GitHub App home page.
Once you have requested the installation, your Github admin (which in this case will be you) will receive an email to approve the installation of the ControlMap app.
You can follow the instructions in the email or directly go to
Organization > Settings > Installed Github Apps > Review Request
The admin will then be able to review the request and install the application.
Once the application is installed, please make a note of the Installation Id from the URL as shown below. This is the installation Id you will provide in the ControlMap Github Integration screen to continue.
Configuring connection in ControlMap
Provide the installation id in the settings on the integration screen and click Create & Next to connect Github to ControlMap