Skip to main content

GitHub Enterprise

The RunSafe Platform integrates with GitHub Enterprise to build SBOMs for code in repositories and check license and vulnerability compliance.

Syncing the RunSafe GitHub Actions

The RunSafe Security GitHub Actions provide steps for jobs that build SBOMs for various languages and check license and vulnerability compliance. They must be included in your workflows to integrate with the RunSafe Platform. Use either GitHub Connect or the actions-sync utility to clone the RunSafe Security GitHub Actions to your GitHub Enterprise instance.

Configuring the RunSafe GitHub App

The RunSafe Platform needs access to GitHub repositories and should be granted access by configuring a RunSafe project with credentials for a GitHub App. Create the GitHub App with the following settings:

Under "Create GitHub App"

  1. GitHub App name: RunSafe Platform
  2. Homepage URL: https://runsafesecurity.com

Under "Post installation"

  1. Setup URL: https://app.runsafesecurity.com/projects/github/setup
  2. Check the box for "Redirect on update"

Under "Webhook"

  1. Check the "Active" box
  2. Webhook URL: https://app.runsafesecurity.com/webhooks/github

Under "Permissions" -> "Repository permissions"

  1. Actions: Read-only
  2. Checks: Read and write
  3. Contents: Read-only
  4. Issues: Read and write
  5. Metadata: Read-only

Under "Subscribe to events"

Check the boxes for the following:

  1. Installation target
  2. Check suite
  3. Repository
  4. Workflow run

Create the GitHub App. Once it's created, you'll gather the data required to integrate with the RunSafe Platform.

Integrating with GitHub Enterprise

Integrating GitHub Enterprise repositories requires five configuration values and can be done from the page https://app.runsafesecurity.com/organizations/<your-organization-id>/settings/integrations/github. Navigate to the page for your organization, click the toggle for "GitHub Enterprise", and supply the following values:

  1. GitHub Enterprise URL - The URL of your GitHub Enterprise instance, including the protocol and with no trailing slash.
  2. GitHub App URL - The URL of the GitHub App created in a previous step, including the protocol and with no trailing slash.
  3. GitHub App Identifier - The value of "App ID" on your GitHub App's "General" page.
  4. GitHub App Private Key (base64 encoded) - A base64-encoded private key generated on the GitHub App's "General" page by clicking the "Generate a private key" button.
  5. GitHub App Webhook Secret - The webhook secret supplied on the GitHub App's "General" page under the header "Webhook".

Click "Install GitHub Enterprise App" to integrate with RunSafe. You will be taken to GitHub to select GitHub repositories to configure, then redirected back to the RunSafe Platform to finish configuring your projects.