Install and configure the App Service

  • Ensure requirements are satisfied on linux system, especially docker support and https inbound / outbound connectivity
  • Download / clone the ThreatWorx GitHub App repository

git clone https://github.com/threatworx/github_app.git

  • Run the setup.sh script to create self signed certificates

cd github_app ./setup.sh

If you have ssl certificates, copy them to the config directory and edit the uwsgi.ini to use your certificates

[uwsgi]
...
https = =0,/opt/tw_github_app/config/my.cert,/opt/tw_github_app/config/my.key,...
...
  • Start the app service by running the docker compose or the docker-compose command

docker compose up -d

  • Point a browser to https://linux-system to configure the app service

The browser will complain about the self signed certificate if are using one

Please be sure to replace it with an appropriate ssl certificate

  • Provide required details of your ThreatWorx subscription on the form
  • Select required options for app service and click Configure

These options can be changed later by editing the ./config/config.ini file

  • On the next page provide the name of your GitHub organization where this app will be deployed and click Deploy

If you are signed on to your enterprise GitHub account, the app will be available for installation in your Github Organization

  • Follow instructions here to install the app for appropriate Github organizations

If you are using self-signed certificates, make sure the SSL verification is disabled for Webhooks

  • Once the app is installed for an organization, select repositories as required to be scanned

App will initially do a complete dependency vulnerability scan for all selected repositories

After that, any commits will trigger a rescan of the change that is committed

If the PR workflow is enabled, each PR will be scanned and new vulnerabilities or code issues will be posted to the PR comments