Skip to main content

GitHub Integration Setup

Connect your GitHub repositories to Cloudgeni for Infrastructure as Code scanning, automated pull request reviews, and continuous security monitoring.

What You'll Get

  • Automatic IaC scanning on every commit and pull request
  • AI-powered security reviews with detailed feedback
  • Remediation pull requests with validated fixes
  • Repository security dashboard with trends and insights
  • Team collaboration with security findings and discussions

Prerequisites

  • GitHub account with admin access to repositories
  • Cloudgeni account (free trial available)
  • Repositories containing Infrastructure as Code files:
    • .tf files (Terraform)
    • .bicep files (Azure Bicep)
    • Pulumi projects (any language)
    • .yaml/.yml CloudFormation templates
  • Time estimate: 5 minutes

Step 1: Install Cloudgeni GitHub App

  1. From Cloudgeni Dashboard:
    • Go to “Integrations” > “Add Integration”
    • Select “GitHub”
    • Click “Install GitHub App”
  2. GitHub Authorization:
    • Choose your GitHub account or organization
    • Select repository access:
      • “All repositories” (recommended for full coverage)
      • “Selected repositories” (choose specific IaC repositories)
    • Review permissions and click “Install & Authorize”
  3. Return to Cloudgeni:
    • You’ll be redirected back to Cloudgeni
    • Confirm the integration shows as “Connected”
The GitHub App requires read access to repository contents and write access to create pull requests and comments.

Step 2: Configure Repository Settings

For each connected repository:
  1. In Cloudgeni Dashboard:
    • Navigate to “Repositories”
    • Find your GitHub repository
    • Click “Configure”
  2. Scan Settings:
    • Scan Triggers:
      • On Push (scan every commit)
      • On Pull Request (review PRs automatically)
      • Manual Scan (on-demand scanning)
    • File Types:
      • Terraform (.tf, .tfvars)
      • Azure Bicep (.bicep)
      • Pulumi (detect by project files)
      • CloudFormation (.yaml, .json)
  3. Branch Configuration:
    • Default Branch: main or master
    • Protected Branches: Branches requiring PR reviews
    • Exclude Patterns: node_modules/, .git/, *.tmp
  4. Click “Save Configuration”

Step 3: Test the Integration

Manual Scan Test:
  1. In Cloudgeni, go to your repository
  2. Click “Scan Now”
  3. Wait 30-60 seconds for completion
  4. Review scan results for IaC security findings
Pull Request Test:
  1. Create a test branch in your repository
  2. Make a small change to a .tf or .bicep file
  3. Open a pull request
  4. Within 2-3 minutes, Cloudgeni should comment with:
    • Security analysis results
    • New findings introduced
    • Compliance impact assessment
    • Remediation suggestions

Sample PR Comment

🛡️ Cloudgeni Security Review✅ No new critical findings ⚠️ 1 medium severity finding
  • S3.8: Bucket allows public read access
    • File: infrastructure/storage.tf:12
    • Impact: Data exposure risk
    • Fix: Add public access block

Step 4: Enable Advanced Features

Branch Protection Rules:
  1. In GitHub, go to Settings > Branches
  2. Add rule for your default branch
  3. Enable “Require status checks”
  4. Add “cloudgeni/security-scan” as required check
  5. Enable “Require branches to be up to date”
GitHub Actions Integration:
# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Cloudgeni Security Scan
        uses: cloudgeni/github-action@v1
        with:
          api-key: ${{ secrets.CLOUDGENI_API_KEY }}
          fail-on-critical: true
Webhook Configuration (Advanced):
  • Custom webhook endpoints for internal systems
  • Slack/Teams notifications on findings
  • JIRA ticket creation for critical issues

Repository Security Dashboard

Your repository dashboard provides:Security Metrics:
  • Total findings by severity
  • Security debt trends over time
  • Compliance score by framework
  • Remediation success rate
Team Collaboration:
  • Finding assignments and status
  • Pull request security reviews
  • Comment threads and discussions
  • Integration with GitHub Issues
Automation Status:
  • Scan frequency and coverage
  • Auto-remediation success rate
  • Branch protection compliance
  • CI/CD integration health

Multiple Organization Setup

For GitHub Organizations:
  1. Install the Cloudgeni app at the organization level
  2. Grant access to all or selected repositories
  3. Configure team permissions in Cloudgeni:
    • Admins: Full access to all repositories
    • Developers: Read/write access to assigned repositories
    • Security Team: Read access to all findings
Team-Based Configuration:
  • Different scan policies per team
  • Custom remediation workflows
  • Escalation rules for critical findings
  • Integration with GitHub Teams

Troubleshooting

App Installation Fails:
  • Ensure you have admin permissions on the repository/organization
  • Check that third-party app restrictions aren’t blocking installation
  • Verify Cloudgeni domains aren’t blocked by corporate firewall
No Scan Results:
  • Confirm repository contains supported IaC files (.tf, .bicep, etc.)
  • Check that files aren’t in excluded directories
  • Verify webhook delivery in GitHub Settings > Webhooks
PR Comments Not Appearing:
  • Check Cloudgeni has write permissions to the repository
  • Verify webhook is configured and receiving events
  • Ensure PR originates from a branch (not fork) for security reviews
Status Checks Failing:
  • Review Cloudgeni scan logs for detailed error messages
  • Check API key configuration in GitHub Actions
  • Verify branch protection rules are correctly configured
Permission Errors:
  • Re-authorize the GitHub App with updated permissions
  • Check organization security policies
  • Verify repository access hasn’t been revoked

What’s Next?

Enable PR Reviews

Set up automated security reviews for all pull requests

GitLab Integration

Add GitLab repositories for multi-platform coverage

Custom Policies

Create organization-specific security and compliance rules

CI/CD Integration

Integrate security scanning into your deployment pipeline

Need Help?

Having Issues?

  • Installation problems? Check our GitHub Troubleshooting Guide
  • Webhook not working? Verify in GitHub Settings > Webhooks > Recent Deliveries
  • Missing repositories? Re-install the app with broader permissions
  • Enterprise GitHub? Contact enterprise@cloudgeni.io for setup assistance
I