Skip to main content

GitHub Integration

Clipron AI provides seamless integration with GitHub, allowing you to analyze both public and private repositories directly from the platform. This guide covers setup, configuration, and best practices for GitHub integration.

Overview

Repository Analysis

Analyze entire repositories or specific branches with one click

Automated Scanning

Set up automated security scans on commits and pull requests

Private Repository Access

Securely access your private repositories with OAuth

CI/CD Integration

Integrate security analysis into your development workflow

Setting Up GitHub Integration

Step 1: Connect Your GitHub Account

1

Navigate to Integrations

Go to your Clipron AI dashboard and click on “Integrations” in the sidebar
2

Connect GitHub

Click the “Connect GitHub” button to start the OAuth flow
3

Authorize Clipron AI

You’ll be redirected to GitHub to authorize Clipron AI. Grant the following permissions:
  • Read access to your profile and email
  • Read access to your repositories (public and private)
  • Write access to commit statuses (for CI/CD integration)
4

Select Repositories

Choose which repositories Clipron AI can access:
  • All repositories: Grant access to all current and future repositories
  • Selected repositories: Choose specific repositories to analyze

Step 2: Repository Permissions

No additional setup required
  • Accessible with any GitHub account
  • Can be analyzed without OAuth connection
  • Limited to public repository analysis only
Requires GitHub OAuth connection
  • Must connect your GitHub account
  • Requires Pro subscription or higher
  • Full access to private repository content
Additional organization approval may be required
  • Organization owners may need to approve the integration
  • Some organizations have third-party app restrictions
  • Contact your organization admin if access is denied

Analyzing Repositories

Quick Repository Analysis

  1. Click “New Analysis” on your dashboard
  2. Select “GitHub Repository” tab
  3. Choose from your connected repositories
  4. Select branch (defaults to main/master)
  5. Choose analysis type and start scan

Advanced Repository Options

Analyze specific branches or commits
  • Default branch: Usually main or master
  • Feature branches: Analyze development branches
  • Specific commits: Analyze code at specific commit SHA
  • Pull requests: Analyze changes in pull requests
{
  "source_type": "github",
  "content": "https://github.com/username/repository",
  "branch": "feature/new-authentication",
  "commit": "abc123def456"
}
Focus analysis on specific directories
  • Include patterns: Only analyze matching paths
  • Exclude patterns: Skip certain directories or files
  • File type filtering: Analyze only specific file types
{
  "options": {
    "include_patterns": ["src/", "lib/"],
    "exclude_patterns": [
      "node_modules/",
      "*.test.js",
      "docs/",
      "*.md"
    ],
    "max_file_size": 1048576
  }
}
Control what gets analyzed
  • Production code only: Exclude tests and documentation
  • Include tests: Analyze test files for security issues
  • Configuration files: Include config files in analysis
  • Dependencies: Analyze third-party dependencies
{
  "options": {
    "include_tests": true,
    "include_config": true,
    "analyze_dependencies": false,
    "focus_areas": ["authentication", "data_validation"]
  }
}

Automated Security Scanning

GitHub Actions Integration

Create a GitHub Actions workflow to automatically scan your repository: 
name: Security Scan with Clipron AI

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v3
    
    - name: Run Clipron AI Security Scan
      uses: clipron/github-action@v1
      with:
        api-key: ${{ secrets.CLIPRON_API_KEY }}
        analysis-type: 'standard'
        fail-on-critical: true
        fail-on-high: false
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    
    - name: Upload Security Report
      uses: actions/upload-artifact@v3
      if: always()
      with:
        name: security-report
        path: clipron-security-report.json

Webhook Configuration

Set up webhooks to trigger analysis on repository events:
1

Configure Webhook in Clipron AI

  1. Go to SettingsWebhooks
  2. Click “Add GitHub Webhook”
  3. Select trigger events (push, pull_request, release)
  4. Copy the webhook URL
2

Add Webhook to GitHub

  1. Go to your repository settings on GitHub
  2. Click “Webhooks”“Add webhook”
  3. Paste the Clipron AI webhook URL
  4. Select “application/json” content type
  5. Choose events: Push, Pull requests, Releases
3

Test Webhook

  1. Make a test commit to your repository
  2. Check Clipron AI dashboard for automatic analysis
  3. Verify webhook delivery in GitHub settings

Repository Management

Connected Repositories

Manage your repository connections
  • View all connected repositories
  • See last analysis date and results
  • Check repository permissions
  • Update access settings
Navigate to DashboardRepositories to see:
{
  "repositories": [
    {
      "id": "repo_123",
      "name": "my-web-app",
      "full_name": "username/my-web-app",
      "private": true,
      "last_analysis": "2024-06-18T10:30:00Z",
      "last_score": 85,
      "auto_scan_enabled": true
    }
  ]
}
Configure per-repository settings
  • Auto-scan: Enable automatic scanning on commits
  • Scan schedule: Set up periodic scans
  • Notification preferences: Configure alerts
  • Analysis defaults: Set default analysis type
{
  "repository_settings": {
    "auto_scan_on_push": true,
    "auto_scan_on_pr": true,
    "default_analysis_type": "standard",
    "exclude_patterns": ["*.test.js", "docs/"],
    "notification_email": true,
    "slack_webhook": "https://hooks.slack.com/..."
  }
}
Control repository access
  • Revoke access: Remove Clipron AI access to specific repositories
  • Update permissions: Modify granted permissions
  • Organization approval: Handle organization-level permissions
To revoke access:
  1. Go to SettingsIntegrationsGitHub
  2. Click “Manage Repository Access”
  3. Uncheck repositories to revoke access
  4. Or revoke access entirely from GitHub settings

Best Practices

Security Considerations

Token Security

Protect your API tokens
  • Store API keys in GitHub Secrets
  • Use repository-specific tokens when possible
  • Rotate tokens regularly
  • Never commit tokens to code

Repository Permissions

Minimize access scope
  • Grant access only to repositories that need scanning
  • Use organization-level controls
  • Review permissions regularly
  • Monitor access logs

Performance Optimization

Optimize scan performance and costs
  • Use .clipronignore file to exclude unnecessary files
  • Scan only changed files in pull requests
  • Use appropriate analysis types for different scenarios
  • Schedule comprehensive scans during off-peak hours
Example .clipronignore:
# Dependencies
node_modules/
vendor/

# Build artifacts
dist/
build/
*.min.js
*.min.css

# Documentation
docs/
*.md

# Tests (optional)
**/*.test.js
**/*.spec.js
Integrate efficiently with your workflow
  • Use quick scans for pull request checks
  • Run comprehensive scans on main branch
  • Cache analysis results when possible
  • Set appropriate failure thresholds
# Different analysis types for different events
- name: Quick PR Scan
  if: github.event_name == 'pull_request'
  run: clipron-scan --type=mini --fail-on=critical

- name: Comprehensive Main Branch Scan
  if: github.ref == 'refs/heads/main'
  run: clipron-scan --type=ultra --fail-on=high

Troubleshooting

Common Issues

Solutions for access issues
  • Verify GitHub OAuth connection is active
  • Check repository permissions in GitHub settings
  • Ensure organization has approved third-party apps
  • Re-authorize Clipron AI if permissions changed
Debugging failed analyses
  • Check repository size limits (max 1GB)
  • Verify branch/commit exists
  • Review excluded patterns for over-exclusion
  • Check API rate limits and quotas
Fixing webhook problems
  • Verify webhook URL is correct
  • Check webhook secret configuration
  • Review GitHub webhook delivery logs
  • Test webhook manually from GitHub settings

Getting Help

Documentation

Check our troubleshooting guide for detailed solutions

Support

Contact [email protected] with your repository URL and error details
Integration Tip: Start with manual repository analysis to understand the results, then gradually implement automated scanning as you become comfortable with the platform.