Skip to main content

Connection Issues

This guide helps you troubleshoot connection problems with git providers and cloud accounts.

Git Provider Connections

GitHub

Symptoms:
  • Redirect loop during OAuth
  • “Access denied” error
  • Authorization page not loading
Solutions:
  1. Clear browser cookies for github.com and cloudgeni.ai
  2. Try incognito/private browsing mode
  3. Verify GitHub account isn’t blocked
  4. Check GitHub organization allows third-party apps
  5. If using GitHub Enterprise, verify server URL is correct
For Organization Restrictions:
  1. Go to GitHub Organization Settings
  2. Navigate to Third-party accessOAuth App access
  3. Find Cloudgeni and click Grant
Symptoms:
  • Missing repositories in Cloudgeni
  • Stale repository list
  • New repos not appearing
Solutions:
  1. Click Refresh in IaC Repositories settings
  2. Verify you have access to the repository in GitHub
  3. Check if repository is private and permissions allow access
  4. Reconnect GitHub integration if issues persist
Permission Check:
# Verify you can access the repo
gh repo view owner/repo
Symptoms:
  • PR reviews not posting
  • Scans not running on push
  • Manual scans work but automatic don’t
Solutions:
  1. Check webhook configuration in GitHub repo settings
  2. Verify webhook URL: https://api.cloudgeni.ai/webhooks/github
  3. Review Recent Deliveries for errors
  4. Check webhook secret matches Cloudgeni configuration
  5. Test with Redeliver button on a recent delivery

GitLab

Symptoms:
  • OAuth redirect errors
  • “Invalid redirect URI” message
  • Can’t complete authorization
Solutions:
  1. Clear browser cookies and retry
  2. Verify GitLab account has required permissions
  3. For self-hosted: Check GitLab URL is correct
  4. Verify SSL certificate is valid (self-hosted)
  5. Check GitLab application settings allow Cloudgeni
Self-Hosted Requirements:
  • GitLab version 13.0 or later
  • HTTPS with valid certificate
  • Outbound access to api.cloudgeni.ai
Symptoms:
  • Empty project list
  • Missing groups
  • Partial project visibility
Solutions:
  1. Verify your GitLab role (need at least Maintainer)
  2. Check group/project visibility settings
  3. Refresh the integration connection
  4. For self-hosted: Verify API access is enabled
Symptoms:
  • MR comments not appearing
  • Push events not triggering scans
Solutions:
  1. Go to Project → Settings → Webhooks
  2. Verify webhook URL is correct
  3. Check SSL verification is enabled
  4. Review webhook logs for delivery status
  5. Ensure webhook secret token matches

Azure DevOps

Symptoms:
  • Microsoft login loop
  • “Consent required” errors
  • Organization not accessible
Solutions:
  1. Verify you have Project Administrator access
  2. Check organization allows third-party apps
  3. Clear Microsoft account cookies
  4. Try different browser or incognito mode
Organization Policy Check:
  1. Go to Azure DevOps Organization Settings
  2. Navigate to Policies
  3. Enable Third-party application access via OAuth
Symptoms:
  • PR comments not posting
  • No scan triggers on push
Solutions:
  1. Go to Project Settings → Service hooks
  2. Verify Cloudgeni subscription exists
  3. Check subscription is enabled
  4. Review history for delivery failures
  5. Test subscription with manual trigger

Cloud Account Connections

AWS

Symptoms:
  • “Access Denied” error
  • “Role cannot be assumed” message
  • Connection test failing
Solutions:
  1. Verify role ARN is correct
  2. Check trust policy includes Cloudgeni’s AWS account
  3. Verify external ID matches exactly
  4. Ensure role has required permissions
Trust Policy Example:
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": {
      "AWS": "arn:aws:iam::CLOUDGENI_ACCOUNT:root"
    },
    "Action": "sts:AssumeRole",
    "Condition": {
      "StringEquals": {
        "sts:ExternalId": "YOUR_EXTERNAL_ID"
      }
    }
  }]
}
Symptoms:
  • Empty resource inventory
  • Missing resource types
  • Partial discovery
Solutions:
  1. Verify IAM role has SecurityAudit policy attached
  2. Check all required regions are enabled
  3. Run a new discovery scan
  4. Review IAM policy for service-specific permissions
Required Permissions:
  • SecurityAudit managed policy (minimum)
  • Or custom policy with read-only access to required services
Symptoms:
  • Findings show “access denied”
  • Incomplete compliance results
  • Missing services in scan
Solutions:
  1. Add missing service permissions to IAM role
  2. Check service is enabled in AWS account
  3. Verify region-specific services are accessible
  4. Review scan logs for specific permission errors

Azure

Symptoms:
  • “Authentication failed” error
  • “Invalid credentials” message
  • Subscription not accessible
Solutions:
  1. Verify Tenant ID, Client ID, and Client Secret
  2. Check service principal hasn’t expired
  3. Verify app registration is in correct tenant
  4. Ensure subscription access is granted
Verification Steps:
# Test authentication
az login --service-principal \
  --username CLIENT_ID \
  --password CLIENT_SECRET \
  --tenant TENANT_ID

# List subscriptions
az account list
Symptoms:
  • Missing resources in inventory
  • Subscription not scanned
  • Partial resource visibility
Solutions:
  1. Verify service principal has Reader role on subscription
  2. Check all target subscriptions are configured
  3. Run new discovery scan
  4. Review Azure RBAC assignments
Required Role:
  • Reader role on subscription (minimum)
  • Additional roles for specific services if needed
Symptoms:
  • No security findings from Defender
  • Stale compliance data
  • Missing recommendations
Solutions:
  1. Verify Azure Defender is enabled on subscription
  2. Check Cloudgeni has access to Security Center API
  3. Add Security Reader role to service principal
  4. Wait for Defender to generate findings (can take 24h initially)

GCP

Symptoms:
  • “Invalid service account” error
  • JSON key not accepted
  • Project access denied
Solutions:
  1. Verify JSON key file is complete and valid
  2. Check service account exists in the project
  3. Ensure required APIs are enabled
  4. Verify service account email is correct
Required APIs:
gcloud services enable \
  cloudresourcemanager.googleapis.com \
  compute.googleapis.com \
  storage.googleapis.com \
  iam.googleapis.com
Symptoms:
  • Empty or partial resource list
  • Permission denied errors
  • Missing projects
Solutions:
  1. Grant Viewer role to service account
  2. Enable required APIs in each project
  3. For organization-wide: grant roles at org level
  4. Check project is not in a different organization

OCI

Symptoms:
  • “Authentication failed” error
  • Tenancy not accessible
  • API key rejected
Solutions:
  1. Verify User OCID is correct
  2. Check Tenancy OCID matches
  3. Ensure API key fingerprint is accurate
  4. Verify private key format (PEM)
  5. Check user has required policies
Required Policy:
Allow group CloudgeniGroup to inspect all-resources in tenancy
Allow group CloudgeniGroup to read all-resources in tenancy
Symptoms:
  • No compliance findings
  • CIS benchmark not available
  • Scan errors
Solutions:
  1. Verify Cloud Guard is enabled
  2. Check service connector permissions
  3. Ensure CIS benchmark recipes are active
  4. Review OCI audit logs for access issues

Network and Firewall Issues

Corporate Firewall

If your organization uses a firewall: Required Outbound Access:
DestinationPortPurpose
api.cloudgeni.ai443API communication
app.cloudgeni.ai443Dashboard access
*.cloudgeni.ai443All Cloudgeni services

Proxy Configuration

If you’re behind a proxy, webhooks may not work. Contact your network administrator to:
  1. Allow Cloudgeni webhook URLs
  2. Configure proxy exceptions for Cloudgeni domains

Getting Help

If connection issues persist:
  1. Check Status: status.cloudgeni.ai
  2. Collect Diagnostics:
    • Error messages
    • Timestamps
    • Account/resource identifiers
  3. Contact Support: support@cloudgeni.ai

GitHub Setup

GitHub integration guide

AWS Setup

AWS connection guide

Azure Setup

Azure connection guide

Common Issues

Other common problems