Skip to main content

GitHub Integration - Elastic

GitHub Integration

The GitHub integration collects events from the GitHub API(external, opens in a new tab or window).

Logs

Audit

The GitHub audit log records all events related to the GitHub organization. See Audit log actions(external, opens in a new tab or window) for more details.

To use this integration, the following prerequisites must be met:

  • You must be an organization owner.
  • You must be using Github Enterprise Cloud.
  • You must use a Personal Access Token with read:audit_log scope.

This integration is not compatible with GitHub Enterprise server.

 

Code Scanning

The Code Scanning lets you retrieve all security vulnerabilities and coding errors from a repository setup using Github Advanced Security Code Scanning feature. See About code scanning(external, opens in a new tab or window) for more details.

To use this integration, GitHub Apps must have the security_events read permission. Or use a personal access token with the security_events scope for private repos or public_repo scope for public repos. See List code scanning alerts(external, opens in a new tab or window)

 

Secret Scanning

The Github Secret Scanning lets you retrieve secret scanning for advanced security alerts from a repository setup using Github Advanced Security Secret Scanning feature. See About Secret scanning(external, opens in a new tab or window) for more details.

To use this integration, GitHub Apps must have the secret_scanning_alerts read permission. Or you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the repo scope or security_events scope. For public repositories, you may instead use the public_repo scope. See List secret scanning alerts

 

Dependabot

The Github Dependabot lets you retrieve known vulnerabilites in dependencies from a repository setup using Github Advanced Security Dependabot feature. See About Dependabot(external, opens in a new tab or window) for more details.

To use this integration, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the repo scope or security_events scope. For public repositories, you may instead use the public_repo scope. See Authenticating with GraphQL(external, opens in a new tab or window) and Token Issue(external, opens in a new tab or window)

 

Issues

The Github Issues datastream lets you retrieve github issues, including pull requests, issue assignees, comments, labels, and milestones. See About Issues(external, opens in a new tab or window) for more details. You can retrieve issues for specific repository or for entire organization. Since Github API considers pull requests as issues, users can use github.issues.is_pr field to filter for only pull requests.

All issues including closed are retrieved by default. If users want to retrieve only open requests, you need to change State parameter to open.

To use this integration, users must use Github Apps or Personal Access Token with read permission to repositories or organization. Please refer to Github Apps Permissions Required(external, opens in a new tab or window) and Personal Access Token Permissions Required(external, opens in a new tab or window) for more details.