Nightfall
HomeLoginDeveloper PlatformContact Us
Search…
Introduction
Why Cloud DLP?
Product Updates
Operationalizing DLP
Informing & Coaching Business Users
Running Historical Scans
Alert Management Guiding Principles
Integrating with Security Tools
Detection Engine
Getting Started
How Detection Works
Detectors
Detection Engine FAQs
Evaluating Detection
Nightfall for Slack
Nightfall for Slack: Demo Video
Getting Started
Alert Management
Remediation Guide
Nightfall for Slack Overview
FAQs
Nightfall for GitHub
Real-Time Scanning
Installation Instructions
Setting Up Your Policy
Reviewing Violations
Historical Scanning
Nightfall for GitHub Overview
Radar API Reference
Exporting Reports & Results
Integrating Webhook Endpoints
Integrating with Jira
Remediation Guide
Managed Services
FAQs
NIGHTFALL FOR GOOGLE DRIVE
Getting Started
Alert Management
Nightfall for Google Drive Overview
Remediation Guide
Historical Scanning
Demo Walkthrough Video
Nightfall for Confluence
Getting Started
Real Time Scanning
Alert Management
Remediation Guide
Nightfall for Jira
Nightfall for Jira Overview
Jira Remediation Guide
Getting Started
Account Management
User Administration
Authentication Options
Compliance
SOC 2 Compliance
HIPAA Compliance
PCI Compliance
Resources
FAQs
Login to Nightfall
Developer Platform
Platform Status
Contact Us
Powered By GitBook
Setting Up Your Policy
Learn how to set up your GitHub policy to detect credentials, secrets, and more sensitive data across your GitHub repos.
Your GitHub policy allows you to define what GitHub repos and organizations you are scanning, what violations you're looking for via your Detection Rule, and how you'd like to be alerted about Violations.

Set Your Scope

You have flexibility in terms of what you authorize Nightfall to scan. This could range from the entirety of multiple GitHub organizations, to specific GitHub repositories in your GitHub organization. This scope is configured during the authentication process with GitHub and you have the ability to change or revoke Nightfall privileges at any time. Click Edit in GitHub to do so. You'll need to be logged in to GitHub as the same user that initially integrated Nightfall with GitHub.

Set Your Detection Rule

Apply one of your detection rules to your GitHub policy to specify what you are looking to detect on GitHub. We recommend configuring and using a detection rule as follows to detect credentials & secrets:
Detector
Min Confidence
Min Findings
API Key
Likely
1
Cryptographic Key
Likely
1
Learn more about how to configure your Detection Rules and more generally how our detection engine works:

Set Your Alert Settings

You have the option to set up a specific Slack channel in which to send Violations, as well as the frequency with which you'd like to receive alerts. For your alert frequency, we recommend selecting "Only the first violation for a given secret" as this means you will receive a Slack notification only the first time a secret is detected.
You can also integrate with Jira to automate the creation of Jira tickets for Violation remediation, as well as send violations to a webhook URL in real-time, for example if you wish to integrate with a SIEM. Learn more about these integrations in the following articles:
Previous
Installation Instructions
Next
Reviewing Violations
Last modified 10mo ago
Copy link
Contents
Set Your Scope
Set Your Detection Rule
Set Your Alert Settings