Skip to main content
Seamlessly connect your source code repositories to Ghost to automatically discover repositories for deep code analysis by the Exorcist security analysis engine.

Providers

Ghost supports the following source code providers:

GitHub

GitLab

Bitbucket

Azure DevOps

After adding a connection, Ghost will automatically discover repositories and begin collection metadata within a few minutes.

GitHub

To install the Ghost GitHub app, you must link your GitHub account to your Ghost account first. This is a one-time step that can be performed in the Settings view under Linked Accounts.
To add a GitHub connection, install the Ghost GitHub app and choose which repositiories to grant access to the Ghost Platform.  Permissions The Ghost GitHub app requires the following permissions:
AccessResources
ReadCode and metadata
Read + WritePull requests
Read + WriteCheck statuses
Read + WriteCommit statuses
 Connection To install the Ghost GitHub app, you need to be an admin of a GitHub organization. If you are not a GitHub organization admin, you can request the Ghost GitHub app to be installed by an organization admin. Once the app installation is approved, the installation will complete automatically.

GitLab

To add a GitLab connection, first create a service account, then create a personal access token.  Permissions The GitLab access token must have the role reporter or higher with the following scopes assigned:
ScopeResources
read_apiRead access to the scoped group API
read_repositoryRead access to the projects
 Connection To create the connection, go to Connections click the “New Connection” button. Select “GitLab” and provide the following information:
  • Group path: The path to your GitLab group. If your Gitlab URL is https://gitlab.com/ghost/mygroup, the group path is ghost/mygroup.
  • URL (optional): The URL of your GitLab instance. Only required if your GitLab instance is not hosted at https://gitlab.com.
  • Personal Access Token: The personal access token to use for the service account.
Click the “Save connection” button to create the connection.

Bitbucket

To add a Bitbucket connection, first create a personal access token.  Permissions The Bitbucket personal access token must have the following scope:
AccessResources
ReadProjects
ReadRepositories
 Connection To create the connection, go to Connections click the “New Connection” button. Select “Bitbucket” and provide the following information:
  • Workspace ID: The ID of your Bitbucket workspace. If your Bitbucket URL is https://bitbucket.org/ghost/myrepo, the workspace ID is ghost.
  • Access Token: The personal access token to use for the service account.
Click the “Save connection” button to create the connection.

Azure DevOps

To add an Azure DevOps connection, first create a personal access token.  Permissions The Azure DevOps personal access token must have the following scope:
AccessResources
ReadCode
ReadProject and Team
 Connection To create the connection, go to Connections click the “New Connection” button. Select “Azure DevOps” and provide the following information:
  • Organization URL: The URL of your Azure DevOps organization. If your Azure DevOps URL is https://dev.azure.com/ghost, the organization URL is https://dev.azure.com/ghost.
  • Personal Access Token: The personal access token to use for the service account.
Click the “Save connection” button to create the connection.

Deleting a connection

You can delete a connection by clicking the context menu () and selecting “Delete” in the Connections view. Deleting a connection will disable automatic discovery and scanning of repos, but will not delete any existing repos or findings.