Setting Up Your Policy
Learn how to set up your GitHub policy to detect credentials, secrets, and more sensitive data across your GitHub repos.
Your GitHub policy allows you to define what GitHub repos and organizations you are scanning, what violations you're looking for via your Detection Rule, and how you'd like to be alerted about Violations.

Set Your Scope

You have flexibility in terms of what you authorize Nightfall to scan. This could range from the entirety of multiple GitHub organizations, to specific GitHub repositories in your GitHub organization. This scope is configured during the authentication process with GitHub and you have the ability to change or revoke Nightfall privileges at any time. Click Edit in GitHub to do so. You'll need to be logged in to GitHub as the same user that initially integrated Nightfall with GitHub.

Set Your Detection Rule

Apply one of your detection rules to your GitHub policy to specify what you are looking to detect on GitHub. We recommend configuring and using a detection rule as follows to detect credentials & secrets:
Detector
Min Confidence
Min Findings
API Key
Likely
1
Cryptographic Key
Likely
1
Learn more about how to configure your Detection Rules and more generally how our detection engine works:

Set Your Alert Settings

You have the option to set up a specific Slack channel in which to send Violations, as well as the frequency with which you'd like to receive alerts. For your alert frequency, we recommend selecting "Only the first violation for a given secret" as this means you will receive a Slack notification only the first time a secret is detected.
You can also integrate with Jira to automate the creation of Jira tickets for Violation remediation, as well as send violations to a webhook URL in real-time, for example if you wish to integrate with a SIEM. Learn more about these integrations in the following articles: