GitHub Integration
Scan repositories, commit history, and issues for exposed secrets across your GitHub organization.
Key Features
- Scans all accessible repositories (public + private) via GitHub App
- Full commit history scan, not just the latest HEAD
- Issue and pull request body scanning
- Automatic scope expansion when new repos are created
- Org-level or repo-level install granularity
Requirements
- 1GitHub organization owner or admin to install the GitHub App
- 2Cremit Argus account
Step-by-step setup guide
The exact flow you follow inside the dashboard.
Overview
Cremit's GitHub integration allows you to scan your repositories for exposed credentials, API keys, and other sensitive information in real-time. This integration supports both GitHub.com (Official) and GitHub Enterprise Server (Self-hosted) instances.
Step-by-Step Setup
Step 1: Navigate to Scan Sources
- Log in to your Cremit dashboard
- Navigate to Configuration > Scan Sources in the left sidebar
- Click the New or Create button
Step 2: Configure GitHub Connection
On the "Create Scan Source" page, configure the following:
1. GitHub Instance: Select your GitHub type
- GitHub.com (Official) - For public GitHub (recommended for most users)
- GitHub Enterprise - For self-hosted GitHub instances
2. Label: Enter a descriptive name for this scan source (e.g., "CremitHQ")
3. Description: (Optional) Add additional details about this scan source
4. Select GitHub Account: Choose your connected GitHub account from the dropdown
- You should see your account with "User" and "Installed" badges
- If your account is not listed, click Refresh Account List
5. Click Create button to complete setup
Step 3: Configure Scan Settings
After creating the scan source, you'll be redirected to the configuration page:
Scan Settings:
- Scan Source Enabled: Toggle to ON to enable scanning for this source
- Auto-enable New Repositories: Automatically enable scanning for newly added repositories
Step 4: Manage Target Repositories
In the Target Management section:
1. View All Repositories: All accessible repositories will be listed automatically
2. Repository Information: Each repository shows:
- Repository name (e.g., ben-cremit/awesome-cicd-attacks)
- Visibility badge (🟢 public or 🔒 private)
- Scan progress
- Last scan timestamp
- Current status
3. Bulk Actions:
- Enable All: Enable scanning for all repositories at once
- Disable All: Disable scanning for all repositories at once
- Refresh: Update the repository list
4. Individual Management: Use checkboxes to select specific repositories for bulk operations
Verification
To verify successful integration:
- Check that the Enabled badge appears in the top right corner
- Verify that your repositories are listed in the Target Management section
- Confirm that active repositories show "Enabled" status
- Check scan progress for enabled repositories
Troubleshooting
Issue: GitHub account not appearing in the list
- Solution: Click "Refresh Account List" or verify that Cremit GitHub App is installed on your GitHub account
Issue: Repositories not being scanned
- Solution: Verify that the repository is enabled in Target Management and that Scan Source Enabled is toggled ON
Key Benefits
- ✅ Simple Setup: Integration completes in just a few clicks
- ✅ Automatic Discovery: Automatically detects all accessible repositories
- ✅ Flexible Control: Enable/disable scanning per repository or in bulk
- ✅ Real-time Monitoring: Continuous scanning for exposed secrets
Other integrations in this category
GitLab
Scan self-hosted or SaaS GitLab projects, commit history, and issues for credential exposure.
AWS S3
Scan S3 buckets for credentials, API keys, and tokens stored in object storage.
Google Drive
Scan documents, spreadsheets, and shared drives for pasted credentials, API keys, and tokens.