Skip to main content

GitHub Integration Setup

Connect your GitHub repositories to Cloudgeni for Infrastructure as Code scanning, automated pull request reviews, and continuous security monitoring.

What You'll Get

  • Automatic IaC scanning on every commit and pull request - AI-powered security reviews with detailed feedback - Remediation pull requests with validated fixes - Repository security dashboard with trends and insights - Team collaboration with security findings and discussions

Prerequisites

  • GitHub account with admin access to repositories - Cloudgeni account (free trial available) - Repositories containing Infrastructure as Code files: - .tf files (Terraform) - .bicep files (Azure Bicep) - .terragrunt.hcl files (Terragrunt) - Time estimate: 5 minutes

Step 1: Install Cloudgeni GitHub App

  1. From Cloudgeni Dashboard:
    • Go to “Integrations” > “Add Integration”
    • Select “GitHub”
    • Click “Install GitHub App”
  2. GitHub Authorization:
    • Choose your GitHub account or organization
    • Select repository access:
      • “All repositories” (recommended for full coverage)
      • “Selected repositories” (choose specific IaC repositories)
    • Review permissions and click “Install & Authorize”
  3. Return to Cloudgeni:
    • You’ll be redirected back to Cloudgeni
    • Confirm the integration shows as “Connected”
The GitHub App requires read access to repository contents and write access to create pull requests and comments.

Step 2: Configure Repository Settings

For each connected repository: 1. In Cloudgeni Dashboard: - Navigate to “Repositories” - Find your GitHub repository - Click “Configure” 2. Scan Settings: - Scan Triggers: - ✅ On Push (scan every commit) - ✅ On Pull Request (review PRs automatically) - ✅ Manual Scan (on-demand scanning) - File Types: - ✅ Terraform (.tf, .tfvars) - ✅ Azure Bicep (.bicep) - ✅ Terragrunt (.terragrunt.hcl) 3. Branch Configuration: - Default Branch: main or master - Protected Branches: Branches requiring PR reviews - Exclude Patterns: node_modules/, .git/, *.tmp 4. Click “Save Configuration”

Step 3: Test the Integration

Manual Scan Test: 1. In Cloudgeni, go to your repository 2. Click “Scan Now” 3. Wait 30-60 seconds for completion 4. Review scan results for IaC security findings Pull Request Test: 1. Create a test branch in your repository 2. Make a small change to a .tf or .bicep file 3. Open a pull request 4. Within 2-3 minutes, Cloudgeni should comment with: - Security analysis results - New findings introduced - Compliance impact assessment - Remediation suggestions

Sample PR Comment

🛡️ Cloudgeni Security Review ✅ No new critical findings ⚠️ 1 medium severity finding - S3.8: Bucket allows public read access - File: infrastructure/storage.tf:12
  • Impact: Data exposure risk - Fix: Add public access block

Step 4: Enable Advanced Features

Branch Protection Rules:
  1. In GitHub, go to Settings > Branches
  2. Add rule for your default branch
  3. Enable “Require status checks”
  4. Add “cloudgeni/security-scan” as required check
  5. Enable “Require branches to be up to date”
GitHub Actions Integration:
# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Cloudgeni Security Scan
        uses: cloudgeni/github-action@v1
        with:
          api-key: ${{ secrets.CLOUDGENI_API_KEY }}
          fail-on-critical: true
Webhook Configuration (Advanced):
  • Custom webhook endpoints for internal systems
  • Slack/Teams notifications on findings
  • JIRA ticket creation for critical issues

Repository Security Dashboard

Your repository dashboard provides: Security Metrics: - Total findings by severity - Security debt trends over time - Compliance score by framework - Remediation success rate Team Collaboration: - Finding assignments and status - Pull request security reviews - Comment threads and discussions - Integration with GitHub Issues Automation Status: - Scan frequency and coverage - Auto-remediation success rate - Branch protection compliance - CI/CD integration health

Multiple Organization Setup

For GitHub Organizations: 1. Install the Cloudgeni app at the organization level 2. Grant access to all or selected repositories 3. Configure team permissions in Cloudgeni: - Admins: Full access to all repositories - Developers: Read/write access to assigned repositories - Security Team: Read access to all findings Team-Based Configuration: - Different scan policies per team - Custom remediation workflows - Escalation rules for critical findings - Integration with GitHub Teams

Troubleshooting

App Installation Fails:
  • Ensure you have admin permissions on the repository/organization
  • Check that third-party app restrictions aren’t blocking installation
  • Verify Cloudgeni domains aren’t blocked by corporate firewall
No Scan Results:
  • Confirm repository contains supported IaC files (.tf, .bicep, etc.)
  • Check that files aren’t in excluded directories
  • Verify webhook delivery in GitHub Settings > Webhooks
PR Comments Not Appearing:
  • Check Cloudgeni has write permissions to the repository
  • Verify webhook is configured and receiving events
  • Ensure PR originates from a branch (not fork) for security reviews
Status Checks Failing:
  • Review Cloudgeni scan logs for detailed error messages
  • Check API key configuration in GitHub Actions
  • Verify branch protection rules are correctly configured
Permission Errors:
  • Re-authorize the GitHub App with updated permissions
  • Check organization security policies
  • Verify repository access hasn’t been revoked

What’s Next?

Enable PR Reviews

Set up automated security reviews for all pull requests

GitLab Integration

Add GitLab repositories for multi-platform coverage

Custom Policies

Create organization-specific security and compliance rules

CI/CD Integration

Integrate security scanning into your deployment pipeline

Need Help?

Having Issues?

  • Installation problems? Check our GitHub Troubleshooting Guide
  • Webhook not working? Verify in GitHub Settings > Webhooks > Recent Deliveries
  • Missing repositories? Re-install the app with broader permissions
  • Enterprise GitHub? Contact enterprise@cloudgeni.ai for setup assistance