Hanzo
PlatformHanzo KMSPlatformSecret Scanning

GitHub Secret Scanning

Learn how to configure secret scanning for GitHub.

Prerequisites

Create a GitHub Data Source in Hanzo KMS

  1. Navigate to your Secret Scanning Project's Dashboard and click the Add Data Source button. Secret Scanning Dashboard

  2. Select the GitHub option. Select GitHub Option

  3. Select the GitHub Radar Connection to use and configure which repositories you would like to scan. Then click Next. Data Source Configuration

    • GitHub Radar Connection - the connection that has access to the repositories you want to scan.
    • Scan Repositories - select which repositories you would like to scan.
      • All Repositories - Hanzo KMS will scan all repositories associated with your connection.
      • Select Repositories - Hanzo KMS will scan the selected repositories.
    • Auto-Scan Enabled - whether Hanzo KMS should automatically perform a scan when a push is made to configured repositories.

  4. Give your data source a name and description (optional). Then click Next. Data Source Details

    • Name - the name of the data source. Must be slug-friendly.
    • Description (optional) - a description of this data source.

  5. Review your data source, then click Create Data Source. Data Source Review

  6. Your GitHub Data Source is now available and will begin a full scan if Auto-Scan is enabled. Data Source Created

  7. You can view repositories and scan results by clicking on your data source. Data Source Page

  8. In addition, you can review any findings from the Findings Page. Findings Page

To create a GitHub Data Source, make an API request to the Create GitHub Data Source API endpoint.

Sample request

curl --request POST \
--url https://us.kms.hanzo.ai/api/v2/secret-scanning/data-sources/github \
--header 'Content-Type: application/json' \
--data '{
    "name": "my-github-source",
    "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "description": "my github data source",
    "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "isAutoScanEnabled": true,
    "config": {
        "includeRepos": ["*"]
    }
}'

Sample response

{
    "dataSource": {
        "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "externalId": "1234567890",
        "name": "my-github-source",
        "description": "my github data source",
        "isAutoScanEnabled": true,
        "projectId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "createdAt": "2023-11-07T05:31:56Z",
        "updatedAt": "2023-11-07T05:31:56Z",
        "type": "github",
        "connectionId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
        "connection": {
            "app": "github-radar",
            "name": "my-radar-app",
            "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a"
        },
        "config": {
            "includeRepos": ["*"]
        }
    }
}

How is this guide?

Last updated on

Usage

Learn what is secret scanning and why it matters for building secure systems.

GitLab Secret Scanning

Learn how to configure secret scanning for GitLab.

On this page

Prerequisites
Create a GitHub Data Source in Hanzo KMS
Sample request
Sample response