Connections
Connections to source code providers
Seamlessly connect your source code repositories to Ghost to automatically discover repositories for deep code analysis by the Exorcist security analysis engine.
Providers
Ghost supports the following source code providers:
After adding a connection, Ghost will automatically discover repositories and begin collection metadata within a few minutes.
GitHub
To add a GitHub connection, simply install the Ghost GitHub app.
To link a GitHub organization to a Ghost organization, you must login to Ghost using your GitHub account. If you don’t see your GitHub Connection, contact Ghost Support to have your accounts linked.
Permissions
The Ghost GitHub app requires the following permissions:
| Access | Resources |
|---|---|
Read | Code and metadata |
Connection
To install the Ghost GitHub app, you need to be an admin of a GitHub organization. If you are not a GitHub organization admin, you can request the Ghost GitHub app to be installed by an organization admin. Once the app installation is approved, the installation will complete automatically.
GitLab
To add a GitLab connection, first create a service account, then create a personal access token.
Permissions
The GitLab personal access token must have the following scope:
| Scope | Resources |
|---|---|
read_api | Read access to the scoped group |
Connection
To create the connection, go to Connections click the “New Connection” button.
Select “GitLab” and provide the following information:
- Group path: The path to your GitLab group. If your Gitlab URL is
https://gitlab.com/ghost/mygroup, the group path isghost/mygroup. - URL (optional): The URL of your GitLab instance. Only required if your GitLab instance is not hosted at
https://gitlab.com. - Personal Access Token: The personal access token to use for the service account.
Click the “Save connection” button to create the connection.
Bitbucket
To add a Bitbucket connection, first create a personal access token.
Permissions
The Bitbucket personal access token must have the following scope:
| Access | Resources |
|---|---|
Read | Projects |
Read | Repositories |
Connection
To create the connection, go to Connections click the “New Connection” button.
Select “Bitbucket” and provide the following information:
- Workspace ID: The ID of your Bitbucket workspace. If your Bitbucket URL is
https://bitbucket.org/ghost/myrepo, the workspace ID isghost. - Access Token: The personal access token to use for the service account.
Click the “Save connection” button to create the connection.
Azure DevOps
To add an Azure DevOps connection, first create a personal access token.
Permissions
The Azure DevOps personal access token must have the following scope:
| Access | Resources |
|---|---|
Read | Code |
Read | Project and Team |
Connection
To create the connection, go to Connections click the “New Connection” button.
Select “Azure DevOps” and provide the following information:
- Organization URL: The URL of your Azure DevOps organization. If your Azure DevOps URL is
https://dev.azure.com/ghost, the organization URL ishttps://dev.azure.com/ghost. - Personal Access Token: The personal access token to use for the service account.
Click the “Save connection” button to create the connection.
Deleting a connection
You can delete a connection by clicking the context menu () and selecting “Delete” in the Connections view. Deleting a connection will disable automatic discovery and scanning of repos, but will not delete any existing repos or findings.