Connecting Vanta & GitHub (Cloud version)

  • Updated
Prerequisites
  • Organization Owner in Github - Owner permissions are required to connect, as only Owners in GitHub can view user information. To verify if you are the Organization owner, visit this page: https://github.com/settings/organizations 

Those with owner permissions will see something similar to this

mceclip3.png

 

 

Procedure

  • In Vanta:
    • Select Integrations from the left-hand navigation panel
    • Select Available and search for GitHub 
    • Select Connect

  Screenshot 2024-06-14 at 3.37.21 PM.png

 
  • When prompted, "How would you like to connect GitHub?", choose "Cloud" and click "Next"

Screenshot 2023-08-15 at 3.17.48 pm.png

 

  • Verify that your account is an owner of the GitHub organization you are trying to connect (See prerequisites, for example)
  • On the 'Connect Step' tab, Click the "Connect GitHub" button to request authorization from GitHub.

Screenshot 2023-08-15 at 3.34.12 pm.png

  • This will open in a new tab, prompting you to sign into GitHub. The connection flow in Vanta will remain open, as you will come back to that to complete the connection.

Screenshot 2023-08-15 at 3.24.38 pm.png

 

  • You should see a list of yourself and your organizations. Select your company GitHub organization to be monitored by Vanta.

Note: If “Configure” is visible on the right side of the organization’s name, that means the organization already has the Vanta GitHub App installed. This will need to be uninstalled before trying to connect. 

Screenshot 2023-08-16 at 8.49.46 am.png

  • Once you've selected your company's GitHub organization,  you can select which repositories Vanta will monitor.
    • If you select All repositories, Vanta will automatically monitor all repositories created within the organization, including those created in the future.
    • If you select Only selected repositories, Vanta will only monitor those you have selected. Vanta will not know about new repositories unless you update this setting. 
      The set of monitored repositories can be updated at any time through GitHub: How to change which repositories Vanta can see in Github

 

Screenshot 2023-08-16 at 8.51.08 am.png

 

  • After clicking save, You will be redirected back to Vanta.

 

Screenshot 2023-08-16 at 8.51.20 am.png

 

 

To Verify that GitHub is successfully connected, you can visit the Organization account settings -> Installed GitHub Apps -> check if Vanta GitHub Integration is there

Screen_Shot_2023-02-07_at_10.12.20_AM.png