Authentication and Permissions¶

GHAS Compliance uses primarily the GitHub REST and GraphQL API’s to perform specific tasks and actions. This requires authenticating using a GitHub Access Token which can access various services endpoints.

Permissions¶

The main use case using GitHub Action uses an automatic token authentication which might not have the permissions needed for every policy.

Code Scanning¶

GitHub Code Scanning API requires the ability to read Code Scanning results which can be accessed using Action generated Tokens.

Versions: GHES <= 3.0

Dependencies¶

GitHub Dependency Graph & Dependabot requires various permissions to access the GraphQL API.

Note: Default Action generated Tokens don’t support accessing this API.

Secret Scanning¶

Secret Scanning requires a lot of permissions to access the content from the API.

“To use this endpoint, you must be an administrator for the repository or organization, and you must use an access token with the repo scope or security_events scope.”

Source: GitHub docs

Note: Default Action generated Tokens don’t support accessing this API.

Versions: GHES <= 3.1

Authentication and Permissions¶

Permissions¶

Code Scanning¶

Dependencies¶

Secret Scanning¶

GHAS Compliance

Navigation

Related Topics