Connecting GitHub Code to Drata
Making an initial connection to GitHub Code
Here's why
Connecting GitHub Code to Drata allows you to catch compliance and security issues before they are deployed to production.
Before Diving in
Make sure you have the ability to install GitHub app on your company's GitHub organization. Do not install the Drata app in your personal account. You can ensure that organization is selected on the second step of the connection process (see below).
Permissions & Repository Access Drata requires following permissions for GitHub Code connection:
Read access to Dependabot alerts, administration, metadata, and security events
Read and write access to code and pull requests
Drata requires Read access to scan Infrastructure-as-Code (IaC) within your repositories to identify any compliance & security issues. Additionally, Drata requires Read and write access for Code reviews feature which helps your engineering teams remediate the issues found in your IaC by creating automated pull requests. Drata will not commit this code directly to your repositories. A pull request created by Drata bot will require a review and approval prior to commit in the branch. The remediation feature is turned off by Default.
You can select repositories that you would like Drata to scan for Infrastructure-as-Code (IaC). You can either select All repositories or select only the ones that have IaC.
You will need
Ownerrole for the Github Org/Repo you want to integrate. You can see your role for the orgs your account is connected to here: https://github.com/settings/organizations
Here's how
Follow the steps below to connect GitHub Code to Drata:
Install GitHub Code App
Select "Connections" on the side navigational menu.
Select the 'Available connections' tab and then search for 'GitHub Code' to select the connect button for the GitHub Code integration.
Follow the instructions in the side panel to complete your GitHub code connection. Drata recommends that you select repositories that have IaC. Alternatively, you can select All repositories and will be able to enable scanning by repositories.
Upon successful installation, you will be redirected back to Drata. Follow the steps below to configure the repositories that you would like Drata to scan.
Configure Repositories for Scanning
In these steps, you will configure repositories you would like Drata to scan.
Select 'Settings' from the sub-menu by clicking on your username.
Select 'Compliance as Code' from the Company Settings.
Identify and select a repository by clicking on the row (in the Repository table).
Turn on the Enable scanning button toggle.
Optionally, you can configure the Branch you would like Drata to scan. Drata will automatically identify your default repository branch. If you are unsure which branch to select, leave as-is.
Optionally, you can also configure folder path that you would like Drata to scan. This allows you to control what code Drata will see. If you are unsure, leave it blank and Drata will automatically identify IaC within your repository.
Optionally, you can turn on Code reviews feature by clicking on the Create pull requests button toggle.
Drata allows for additional configuration options for pull requests to help your engineering teams quickly remediate the issues found during scan. Drata will create pull requests based on the Minimum severity that you select. For example, selecting 'Medium' severity will include remediation changes that are targeting all issues of medium and higher severity.
You can also select how Drata should create pull requests -
One pull request per security and compliance issue - Drata will create a pull request per Test. Select this option if you like smaller changes that are targeting fixes per test. Note: selecting this option may result in several pull requests within your code repository.
Group all compliance issues into one pull request - Drata will create a single pull request that includes remediation for all issues found. Select this option if you and the engineering team have bandwidth to address all issues.
Last updated