How to connect your first Github repo

Trace-AI works by scanning your code repositories to generate SBOMs (Software Bills of Materials) and highlight risks in your dependencies. Connecting your first repository takes just a few minutes.

• Go to your Trace-AI dashboard and click Go to Integration, or Home > Integration

• Select Your SCM Provider / Development Tools:

• GitHub

• GitLab

• Bitbucket

• Click Connect on the required integration box. In this case, we're choosing Github. 

• Once you click Connect, it redirects you to Github app installation page.

• In Github app installation page, you can see organization account (Shown as your Organization name) / your own Account (Shown as your GitHub username)
• Click configure in any one account, where you want to enable Trace-Ai

• Choose option All Repositories or Only select Repositories
• if you chosen Only select Repositories select repositories where you allow Zerberus to access, then Click Save in GitHub platform.
• After clicking save
• if your a privileged user able to go to next step and select repo
• else wait for administrator to approve the app and share the github installation id. Post you received the installation id select Enter Installation ID and enter installation id, then go to next step

• After authorisation, you’ll see a list of repositories available under your account or organisation.

• Choose the repositories you want Trace-AI to monitor.

• You can add or remove repositories later from the same screen.

3. Configure Branches

• The next step is to select branches to monitor in selected repositories

• It is optional to enable Build Failure on Vulnerabilities, else click on Finish Setup button.

• On enabling Build Failure on Vulnerabilities, organizations can identify the vulnerabilities before it breaks in production/live environment.
• Setup values for each vulnerability severity types (High, Medium, Low)
• Setup threshold to break the build if it exceeds.

• Formula: (High × Weight) + (Medium × Weight) + (Low × Weight) > threshold

• • Case 1: If we identify alteast one "Critical" vulnerability, we will break the build. 
  • Case 2 : If it breaches the configured threshold, we will break the build.

• Click on Finish Setup button.

• Once clicked Finish Setup, Trace-AI will automatically run an initial scan.

• You will be automatically redirected to Home > Trace-Ai > Dashboard

5. View Results

• There results will appear in dashboard with details of vulnerabilities severity, SBOM details, dependencies, latest SBOM, Download latest SBOM, and any immediate alerts.
• Integration was successful—you can view the results below. (image used as an example)

• The scan is in progress if the status indicates "In Progress."

• Also you can view in GitHub on Repositories > Actions tab. If the action is not completed wait for few minutes until it completes. Refresh the page or go to app.zerberus.ai and go to Home > Trace-Ai > Dashboard.
• There results will appear in dashboard with details of vulnerabilities severity, SBOM details, dependencies, latest SBOM, Download latest SBOM, and any immediate alerts.
• if your github action failed contact [email protected]

• Explore Trace-Ai Dashboard

• Inviting Users and Managing Permissions — bring your team into the workflow.