Prerequisites
- Organization Owner in Github - Owner permissions are required to connect, as only Owners in GitHub can view user information. To verify if you are the Organization owner, visit this page: https://github.com/settings/organizations
Those with owner permissions will see something similar to this
-
If you've previously connected Vanta to GitHub, you may need to remove the Vanta app from GitHub before continuing.
Procedure
- In Vanta:
- Select Available and search for GitHub
-
When prompted, "How would you like to connect GitHub?", choose "Cloud" and click "Next"
- Verify that your account is an owner of the GitHub organization you are trying to connect (See prerequisites, for example)
-
On the 'Connect Step' tab, Click the "Connect GitHub" button to request authorization from GitHub.
- This will open in a new tab, prompting you to sign into GitHub. The connection flow in Vanta will remain open, as you will come back to that to complete the connection.
- You should see a list of yourself and your organizations. Select your company GitHub organization to be monitored by Vanta.
Note: If “Configure” is visible on the right side of the organization’s name, that means the organization already has the Vanta GitHub App installed. This will need to be uninstalled before trying to connect.
-
Once you've selected your company's GitHub organization, you can select which repositories Vanta will monitor.
- If you select All repositories, Vanta will automatically monitor all repositories created within the organization, including those created in the future.
-
If you select Only selected repositories, Vanta will only monitor those you have selected. Vanta will not know about new repositories unless you update this setting.
The set of monitored repositories can be updated at any time through GitHub: How to change which repositories Vanta can see in Github
- If you select All repositories, Vanta will automatically monitor all repositories created within the organization, including those created in the future.
- After clicking save, You will be redirected back to Vanta.
To Verify that GitHub is successfully connected, you can visit the Organization account settings -> Installed GitHub Apps -> check if Vanta GitHub Integration is there