Seamlessly connect your source code repositories to Ghost to automatically discover repositories for deep code analysis by the Exorcist security analysis engine.

Providers

Ghost supports the following source code providers:

GitHub

GitLab

Bitbucket

Azure DevOps

After adding a connection, Ghost will automatically discover repositories and begin collection metadata within a few minutes.

GitHub

To add a GitHub connection, simply install the Ghost GitHub app.
To install the Ghost GitHub app, you must link your GitHub account to your Ghost account first. This is a one-time step that can be performed in the Settings view.
Permissions The Ghost GitHub app requires the following permissions:
AccessResources
ReadCode and metadata
Connection To install the Ghost GitHub app, you need to be an admin of a GitHub organization. If you are not a GitHub organization admin, you can request the Ghost GitHub app to be installed by an organization admin. Once the app installation is approved, the installation will complete automatically.

GitLab

To add a GitLab connection, first create a service account, then create a personal access token. Permissions The GitLab personal access token must have the following scope:
ScopeResources
read_apiRead access to the scoped group
Connection To create the connection, go to Connections click the “New Connection” button. Select “GitLab” and provide the following information:
  • Group path: The path to your GitLab group. If your Gitlab URL is https://gitlab.com/ghost/mygroup, the group path is ghost/mygroup.
  • URL (optional): The URL of your GitLab instance. Only required if your GitLab instance is not hosted at https://gitlab.com.
  • Personal Access Token: The personal access token to use for the service account.
Click the “Save connection” button to create the connection.

Bitbucket

To add a Bitbucket connection, first create a personal access token. Permissions The Bitbucket personal access token must have the following scope:
AccessResources
ReadProjects
ReadRepositories
Connection To create the connection, go to Connections click the “New Connection” button. Select “Bitbucket” and provide the following information:
  • Workspace ID: The ID of your Bitbucket workspace. If your Bitbucket URL is https://bitbucket.org/ghost/myrepo, the workspace ID is ghost.
  • Access Token: The personal access token to use for the service account.
Click the “Save connection” button to create the connection.

Azure DevOps

To add an Azure DevOps connection, first create a personal access token. Permissions The Azure DevOps personal access token must have the following scope:
AccessResources
ReadCode
ReadProject and Team
Connection To create the connection, go to Connections click the “New Connection” button. Select “Azure DevOps” and provide the following information:
  • Organization URL: The URL of your Azure DevOps organization. If your Azure DevOps URL is https://dev.azure.com/ghost, the organization URL is https://dev.azure.com/ghost.
  • Personal Access Token: The personal access token to use for the service account.
Click the “Save connection” button to create the connection.

Deleting a connection

You can delete a connection by clicking the context menu () and selecting “Delete” in the Connections view. Deleting a connection will disable automatic discovery and scanning of repos, but will not delete any existing repos or findings.