GitHub App

NOTE: We integrated Scoutflo GitHub App with only an Organizational GitHub account. Do not install the GitHub app on your personal GitHub profile.

Purpose: We promote collaboration among the engineering team to manage the infrastructure changes.

• While using Personal GitHub account, inviting members from your engineering team is not possible.

• All the resources, files, audits, etc. will be stored on your personal account and not on the centralized organization account which will make it tough to keep track of all changes.

• Once you use your personal account for storing data of the changes from Scoutflo, it has to be migrated to your organization account in case you decide to shift from personal to organization GitHub account.

If you do not have an GitHub Organization yet or do not have access, you can create your own gitHub Org. using your private account with 3 simple steps:

• It is completely free to create a GitHub Organization.

• Go to the Settings of your private GitHub account.

• Click on the 'Your organizations'.

• You will be redirected to this screen.

• Click on the 'New organization' button at the top right if you do not have any existing github organizations.

• You will be redirected to the pricing screen of the GitHub, you can select the first free option for creating a organization account.

• You will not be charged anything to use this GitHub organization and it can be used for any time period.

• You will be redirected to the Organization creation screen:

• Now you can continue with the instructions mentioned below:

• We have made an integration to connect your git seamlessly with just one click. Leverage Git for infrastructure as code (IaC) and application configuration management. Deploy and manage changes through GitOps practices.

• A secure window appears for you to authorize your Git repository connection with Scoutflo Deploy.

• Once authorized, all your Git commits manage both infrastructure and application deployments, ensuring version control and traceability.

To leverage GitOps with Scoutflo, you need to connect your Organizational GitHub account to Scoutflo. Follow the steps below to set up the integration:

Step-by-Step Process to Integrate with GitHub

Step 1: Log in to Scoutflo

• Visit deploy.scoutflo.com and log in to your Scoutflo account.

• You will come across this screen during your 'Onboarding' process:

• Go to "Get Started" → "Step 1: Connect your Git."

• Alternatively, navigate to "Account Settings" → "GitOps."

Step 2: Connect to GitHub

• Click on the "+Connect GitHub" button to begin the integration process.

• You will be redirected to the GitHub sign-in page. Choose the GitHub account where you want to install the Scoutflo GitHub app. Always choose the github organization account your are a part of to connect

• Select the relevant repositories for your project. You can choose to integrate "all repositories" or select specific ones.

• Click "Install."

Step 3: Confirmation and Redirection

• You will see a success message confirming the integration with GitHub.

• You will then be redirected back to the Scoutflo platform, where you can start using GitOps with your connected GitHub repositories.

Note: Integration with GitHub enables Scoutflo to access your repositories, allowing it to monitor changes, trigger deployments, and synchronize your infrastructure and applications.

Use case of the Scoutflo GitHub Authentication App

By installing Scoutflo's GitHub Authentication App:

1. Automated Infrastructure Deployment: Scoutflo can automate deployment tasks on selected repositories, including running CI/CD workflows, managing environment variables, and enabling cost-efficient infrastructure setups.

2. Enhanced Security: Scoutflo will monitor Dependabot alerts, secret scanning alerts, and security events to help identify and mitigate security risks in your codebase.

3. Improved Code Management: Automates pull request workflows, tracks deployment status, and manages commits to keep your repositories up to date with Scoutflo-enforced policies and configurations.

4. Streamlined Repository Access: Scoutflo can access multiple repositories, reducing the need for repeated authentication and authorization steps.

This integration does not request permissions that would compromise sensitive data or personal security information. Permissions are limited to the functionalities needed to deploy and manage resources effectively.

Permissions Requested

1. Read Access:

   • Purpose: To review and monitor repository security alerts, commit statuses, and organization events.

   • Scope:

     • Dependabot alerts: Track vulnerability alerts generated by GitHub’s Dependabot.

     • Checks, commit statuses: Access to view commit checks and statuses, helping enforce continuous integration checks.

     • Metadata and secrets: Read access to repository metadata and organization secrets used to secure your deployments.

     • Organization roles and discussions: View organization roles and discussions for transparency.

2. Read and Write Access:

   • Purpose: To deploy infrastructure, manage workflow automations, and create, update, or delete resources as needed by Scoutflo.

   • Scope:

     • Actions, workflows, and deployments: Manage GitHub Actions and workflows associated with your repository.

     • Environments and secrets: Configure and manage environments and secrets used for secure deployments.

     • Organization settings and administration: Modify settings essential to the functioning of Scoutflo.

     • Pull requests and issues: Automate issue tracking and pull request management for enhanced workflow efficiency.

3. User Permissions:

   • Scope:

     • Read and Write Access to email addresses and SSH keys: Used to validate commit signatures and manage deployment access for team members associated with your GitHub organization.

Scope of Repository Access

When authorizing the Scoutflo app, you can choose to apply the integration to:

• All Repositories: This includes both public and private repositories, allowing Scoutflo to monitor and manage infrastructure deployment across the board.

• Selected Repositories: If you prefer, you can limit the app to specific repositories based on project requirements. Public repositories will be read-only.

Security and Privacy

Scoutflo is committed to security and only requests permissions necessary to facilitate infrastructure automation and management. Sensitive data such as code and repository secrets remain secure within GitHub, as we adhere strictly to GitHub’s OAuth and permissions framework.

Integration Process

1. Install and Authorize: Choose either all repositories or selected ones based on your needs.

2. Review Permissions: Confirm that the permissions align with your use case.

3. Redirect: Once authorized, you’ll be redirected to Scoutflo’s connect page to complete the setup.

To get the data for the DORA dashboard, it is recommended to select all repositories while installing the github app or you will not be able to check DORA metrics for all the repositories.

By integrating Scoutflo with GitHub, you are empowering your development and operations teams to automate and manage resources more efficiently. We assure you that this integration will uphold security standards, bringing both security and productivity to your workflows.

Generating a GitHub User Access Token with the Scoutflo GitHub App

When you integrate GitHub with the Scoutflo platform, Scoutflo generates a user access token, providing secure, user-specific access to Scoutflo’s features within GitHub. This token mirrors the permissions granted to your GitHub user within the organization, enabling Scoutflo to perform actions on your behalf based on your access level. Here’s an explanation of how it works, why it’s needed, and how it ensures secure, streamlined interactions.

Why We Generate a User Access Token

The user access token is essential to:

1. Act on Behalf of the User: With permissions equivalent to your role in the organization, Scoutflo can perform user-specific actions, such as creating pull requests, running workflows, and managing repository resources.

2. Maintain Secure, User-Specific Access: The token respects your organization’s permission structure, granting Scoutflo access only to repositories and actions that you’re authorized to manage.

3. Enable Continuous Operations: Tokens expire over time, but Scoutflo’s backend automatically renews them, preventing interruptions to ongoing tasks and workflows.

How It Works

1. Token Generation and Scope Control: Upon authorizing the Scoutflo GitHub app, the platform generates a GitHub user access token based on the permissions granted to your account by the organization. This ensures that the token has access only to the resources specified by the organization.

2. Automatic Token Renewal: To avoid disruptions, Scoutflo’s backend automatically renews the token as it nears expiration, ensuring uninterrupted access to your GitHub workflows.

3. Handling Access Changes: If your GitHub permissions are modified (e.g., if you’re removed from the organization or your role changes), Scoutflo will detect these changes. This could result in errors or limited functionality on our platform if your access level changes or is removed entirely, providing a secure response to any permission adjustments.

Permissions Granted by the User Access Token

The user access token inherits permissions based on your organization’s settings, providing secure, direct access to:

• Repositories:

  • Pull Requests and Issues: Manage and automate actions on pull requests and issues in authorized repositories.

  • Workflows and Deployment Management: Trigger workflows and control deployment environments according to your assigned roles.

  • Secure Resource Access: The token enables access to resources like SSH keys and GPG keys for commit signing, ensuring secure commits and repository access.

• Organizational Access: The token will reflect your access rights as defined by the organization, so you can seamlessly manage code, policies, and deployments according to your permissions within GitHub.

Benefits and Security

This user-specific token approach provides the following benefits:

• Reduced Authentication Overhead: With automatic renewal, the token minimizes interruptions, enabling Scoutflo to act on your behalf without frequent reauthentication.

• Actions Based on Assigned Permissions: As the token mirrors your organizational access, you can perform actions in GitHub that align with your role, maintaining proper access boundaries.

• Transparent Error Handling: If your GitHub permissions are modified or revoked by the organization (e.g., you’re removed from the org or your access level is changed), Scoutflo will detect this, preventing unauthorized actions and alerting you to any issues.

Getting Started with Your Access Token

Once the Scoutflo GitHub app is installed:

1. Authorize Token Generation: During setup, you’ll authorize the Scoutflo app to generate your user-specific access token with the appropriate scope based on your organizational role.

2. Automatic Renewal: Scoutflo’s backend will manage token renewals automatically, ensuring no interruptions in access as tokens expire.

3. Responding to Access Changes: If your organizational permissions change, Scoutflo will reflect these changes, ensuring actions on our platform remain consistent with your current GitHub access level.

By integrating with a secure, personalized token, Scoutflo guarantees a streamlined experience while maintaining strict compliance with GitHub’s OAuth and security standards. This token approach enables robust control of actions and resources within your GitHub environment, tailored to each user’s role.