Integrations/github/
Setup Guide

GitHub Integration

Learn how to integrate Cremit with GitHub to scan your repositories for exposed credentials, API keys, and sensitive information in real-time.

About this guide

This comprehensive guide will walk you through the complete setup process. Expected completion time: 5-10 minutes.

Overview

Cremit's GitHub integration allows you to scan your repositories for exposed credentials, API keys, and other sensitive information in real-time. This integration supports both GitHub.com (Official) and GitHub Enterprise Server (Self-hosted) instances.

Step-by-Step Setup

Step 1: Navigate to Scan Sources

  1. Log in to your Cremit dashboard
  2. Navigate to Configuration > Scan Sources in the left sidebar
  3. Click the New or Create button

Step 2: Configure GitHub Connection

On the "Create Scan Source" page, configure the following:

  1. GitHub Instance: Select your GitHub type

    • GitHub.com (Official) - For public GitHub (recommended for most users)
    • GitHub Enterprise Server (Self-hosted) - For self-hosted GitHub instances

  2. Label: Enter a descriptive name for this scan source (e.g., "CremitHQ")

  3. Description: (Optional) Add additional details about this scan source

  4. Select GitHub Account:

    • Choose your connected GitHub account from the dropdown
    • You should see your account with "User" and "Installed" badges
    • If your account is not listed, click Refresh Account List

  5. Click Create to complete the setup

Step 3: Configure Scan Settings

After creating the scan source, you'll be redirected to the configuration page:

Scan Settings:

  • Scan Source Enabled: Toggle ON to enable scanning for this source
  • Auto-scan New Targets: Toggle ON to automatically scan newly discovered repositories

Step 4: Manage Target Repositories

In the Target Management section:

  1. View All Repositories: All accessible repositories will be listed automatically

  2. Repository Information: Each repository shows:

    • Repository name (e.g., ben-cremit/awesome-cicd-attacks)
    • Visibility badge (🟢 public or đź”’ private)
    • Scan progress
    • Last scanned timestamp
    • Current status (Enabled/Disabled)

  3. Bulk Actions:

    • Enable All: Enable scanning for all repositories at once
    • Disable All: Disable scanning for all repositories at once
    • Refresh: Update the repository list

  4. Individual Management: Use checkboxes to select specific repositories for bulk operations

Verification

To verify successful integration:

  1. Check that the Enabled badge appears in the top right corner
  2. Verify that your repositories are listed in the Target Management section
  3. Confirm that the status shows as "Enabled" for active repositories
  4. Monitor the scan progress to ensure scanning begins

Troubleshooting

Issue: GitHub account not appearing in the list

  • Solution: Click "Refresh Account List" or ensure the Cremit GitHub App is properly installed in your GitHub account

Issue: Repositories not showing

  • Solution: Verify that you have proper access permissions to the repositories in GitHub

Issue: Scan not starting

  • Solution: Ensure both "Scan Source Enabled" and repository-specific toggles are ON

Key Benefits

âś… Simple Setup: Integration completes in just a few clicks
âś… Automatic Discovery: Automatically detects all accessible repositories
âś… Flexible Control: Enable/disable scanning per repository or in bulk
âś… Real-time Monitoring: Continuous scanning for exposed credentials
âś… Support for Both Public and Private Repositories

Ready to connect

Start securing your infrastructure

Connect this integration to Cremit and start protecting your machine identities in minutes

Quick Links

All IntegrationsAll Setup GuidesCremit Dashboard

Need help?

Our support team is here to assist you with the integration process.

By the numbers

5-10 min
Setup time
24/7
Monitoring
Real-time
Alerts