GitHub has rapidly become the most widely used open source code repository in the world. ThreatKey’s security assessment tool integrates through GitHub so that our customers can easily connect to GitHub, and seamlessly manage their GitHub security within our product.

In order to provide analytics, metrics and data visualization for security risk in GitHub repositories, ThreatKey uses OAuth2 to connect to GitHub in a read-only manner. This is a first-class integration, which means ThreatKey has been approved by GitHub for their API program. This allows users to connect their GitHub organization to ThreatKey without sharing their credentials with ThreatKey. Instead, users install and authorize the connection using their GitHub credentials.

When connecting a user's account to ThreatKey via OAuth2, ThreatKey receives three key pieces of information:

  • A unique refresh token that grants persistent access to a user's account until they revoke access in their organization's GitHub settings
  • A short-lived access token which can be used immediately to make API requests on behalf of the user until it expires
  • An endpoint from which we can obtain new access tokens that are valid for one hour
To get started, click the GitHub button on the sources screen. This will open a new window, where you will be prompted to login to GitHub if you aren't already logged in. Once you login, you will be asked to authorize ThreatKey to access your account. After this is complete, you'll be redirected back to the app.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us