Skip to main content
NEW: RSAC 2026 NHI Field Report. How Non-Human Identity became cybersecurity's central axis
Integrations//
Setup Guide

GitHub Integration

Connect your GitHub organization to Cremit Argus to scan every repository, commit, and issue for exposed API keys, tokens, and secrets. Automatic scope updates when repos are added.

About this guide

This comprehensive guide will walk you through the complete setup process. Expected completion time: 5-10 minutes.

Overview

Cremit's GitHub integration allows you to scan your repositories for exposed credentials, API keys, and other sensitive information in real-time. This integration supports both GitHub.com (Official) and GitHub Enterprise Server (Self-hosted) instances.

Step-by-Step Setup

Step 1: Navigate to Scan Sources

  • Log in to your Cremit dashboard
  • Navigate to Configuration > Scan Sources in the left sidebar
  • Click the New or Create button

Step 2: Configure GitHub Connection

On the "Create Scan Source" page, configure the following:

1. GitHub Instance: Select your GitHub type

  • GitHub.com (Official) - For public GitHub (recommended for most users)
  • GitHub Enterprise - For self-hosted GitHub instances

2. Label: Enter a descriptive name for this scan source (e.g., "CremitHQ")

3. Description: (Optional) Add additional details about this scan source

4. Select GitHub Account: Choose your connected GitHub account from the dropdown

  • You should see your account with "User" and "Installed" badges
  • If your account is not listed, click Refresh Account List

5. Click Create button to complete setup

Step 3: Configure Scan Settings

After creating the scan source, you'll be redirected to the configuration page:

Scan Settings:

  • Scan Source Enabled: Toggle to ON to enable scanning for this source
  • Auto-enable New Repositories: Automatically enable scanning for newly added repositories

Step 4: Manage Target Repositories

In the Target Management section:

1. View All Repositories: All accessible repositories will be listed automatically

2. Repository Information: Each repository shows:

  • Repository name (e.g., ben-cremit/awesome-cicd-attacks)
  • Visibility badge (🟢 public or 🔒 private)
  • Scan progress
  • Last scan timestamp
  • Current status

3. Bulk Actions:

  • Enable All: Enable scanning for all repositories at once
  • Disable All: Disable scanning for all repositories at once
  • Refresh: Update the repository list

4. Individual Management: Use checkboxes to select specific repositories for bulk operations

Verification

To verify successful integration:

  • Check that the Enabled badge appears in the top right corner
  • Verify that your repositories are listed in the Target Management section
  • Confirm that active repositories show "Enabled" status
  • Check scan progress for enabled repositories

Troubleshooting

Issue: GitHub account not appearing in the list

  • Solution: Click "Refresh Account List" or verify that Cremit GitHub App is installed on your GitHub account

Issue: Repositories not being scanned

  • Solution: Verify that the repository is enabled in Target Management and that Scan Source Enabled is toggled ON

Key Benefits

  • ✅ Simple Setup: Integration completes in just a few clicks
  • ✅ Automatic Discovery: Automatically detects all accessible repositories
  • ✅ Flexible Control: Enable/disable scanning per repository or in bulk
  • ✅ Real-time Monitoring: Continuous scanning for exposed secrets
Ready to connect

Start securing your infrastructure

Connect this integration to Cremit and start protecting your machine identities in minutes

Quick Links

All IntegrationsAll Setup GuidesCremit Dashboard

Need help?

Our support team is here to assist you with the integration process.

By the numbers

5-10 min
Setup time
24/7
Monitoring
Real-time
Alerts
GitHub Integration | Cremit Integration Guide