This guide provides instructions on how to get started with Endor Labs using the Endor Labs GitHub App.
Prerequisites for GitHub App
Before installing and scanning projects with Endor Labs GitHub App, make sure you have:
- A GitHub cloud account and organization. If you don’t have one, create one at GitHub.
- Administrative permissions to your GitHub organization. Installing the Endor Labs GitHub App in your organization requires approval or permissions from your GitHub organizational administrator.
- Endor Labs GitHub App requires read permissions to Dependabot alerts, actions, administration, checks, code, commit statuses, issues, metadata, packages, pull requests, repository hooks, and security events. It does not need write access to any resources.
Quickstart with GitHub App
-
Log in to Endor Labs.
-
Select Getting Started from the left navigation menu.
-
Select SCAN WITH GITHUB APP.
-
Click Install GitHub App.
Endor Labs GitHub App page appears.
-
Click Install.
-
Select a user to authorize the app.
-
Select the organization in which you want to install the app.
-
Select whether to install and authorize Endor Labs on all your repositories or select the specific repositories that you wish to scan.
-
Click Install & Authorize.
If the button to install says **Install and Request** instead of **Install and Authorize**, you don't have permission to install the GitHub App. Select **Install and Request** to notify your organizational administrator of your request to install.
-
Select the Endor Labs namespace that you want to use and click Next.
-
Select the scanners that you wish to use and click Continue.
You will be redirected back to Endor Labs.
Review the results of your project
Sign in to the Endor Labs user interface, click Projects on the left sidebar, and select your project to review the scan results.