Skip to content

Split GitHub integration into Cloud Security and Code Security; document permissions update for Code Security #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Split GitHub integration into Cloud Security and Code Security; document permissions update for Code Security #38

wants to merge 4 commits into from

Conversation

@ian-oneleet
Copy link
Contributor

@ian-oneleet ian-oneleet commented Oct 14, 2025
edited by coderabbitai bot
Loading

Problem

We need a permissions update for GitHub (Code Security) to enable PR checks.

Solution

Document it here.

I've also split out the two GitHub integrations for Cloud Security and Code Security, to match what we have on the platform. I left the slug as-is for Cloud Security to avoid breaking links.

Summary by CodeRabbit

  • Documentation
    • Added a new GitHub (Code Security) page with overview, setup path, required permissions, and an Updates note about upcoming CI check scanning on pull requests and associated permission changes.
    • Updated GitHub to "GitHub (Cloud Security)": clarified scope (no repo content access), renamed integration, refined setup path and permissions into granular repository/organization entries, added monitored resources (branch protection rules, Dependabot alerts), preserved Common Issues, and improved formatting.

@vercel
Copy link

vercel bot commented Oct 14, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
oneleet-docs Ready Ready Preview Comment Oct 14, 2025 5:24pm

@coderabbitai
Copy link

coderabbitai bot commented Oct 14, 2025
edited
Loading

Walkthrough

Adds a new GitHub (Code Security) documentation page and renames/updates the existing GitHub page to GitHub (Cloud Security), refining setup text, permission scopes, monitored resources, and adding dated Updates noting new permission requirements and upcoming CI check support.

Changes

Cohort / File(s) Summary of Changes
New integration doc: GitHub (Code Security)
pages/integrations/github-code-security.mdx		 Added a new MDX page with overview, setup path (Integrations > Add integration > GitHub (Code Security)), required permissions (repository metadata, contents (read); checks and pull requests (read/write)), and an Updates entry dated 2025-10-14 describing upcoming CI check support for Code Security and the associated permission changes.
Renamed and expanded: GitHub (Cloud Security)
pages/integrations/github.mdx		 Retitled to “GitHub (Cloud Security)”; added intro clarifying scope (monitor config, user access, Dependabot vulnerabilities; no access to repo contents); updated setup path text; changed permission wording to granular repository/organization scopes (Repository administration, Repository Dependabot alerts, Repository metadata, Repository webhooks, Organization members, Organization webhooks); added monitored resources (branch protection rules, Dependabot alerts); added Common Issues entry about upgrading to GitHub Teams; retained Updates entries (2025-08-14, 2025-07-10); minor formatting adjustments.

Sequence Diagram(s)

sequenceDiagram
    participant User as GitHub User/PR
    participant GitHub as GitHub API
    participant Service as Cloud/Code Security Integration
    participant CI as CI checks (on PR)

    rect rgb(230, 245, 255)
    Note over User,Service: New CI check support (2025-10-14)
    end

    User->>GitHub: Open PR / push commit
    GitHub->>Service: Webhook (pull_request / check_run) [requires Checks & PR scopes]
    alt CI check enabled
        Service->>CI: Trigger/validate Code Security check
        CI->>GitHub: Report check status
        GitHub->>Service: Check result callback
    else No CI check
        Service->>GitHub: Read PR metadata (requires metadata/contents scopes)
    end
    Service->>User: Surface findings / statuses in UI
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

Hop hop — a doc for Code and Cloud,
I tidy scopes and stamp them proud.
New CI checks tiptoe in a line,
Permissions set, the logs align.
Carrots, commits, I celebrate the sign. 🥕📘

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Description Check ⚠️ Warning The pull request description includes the required Problem and Solution sections from the repository template but omits the Testing section entirely, leaving no indication of unit, integration, or manual tests in accordance with the template. This missing section means the description does not fully match the specified template requirements. Please add a Testing section with the checklist for unit tests, integration tests, and manual tests to indicate which tests have been written or executed, so the description fully conforms to the repository’s template.
✅ Passed checks (2 passed)
Check name Status Explanation
Title Check ✅ Passed The title clearly summarizes the main changes by stating that the GitHub integration is split into Cloud Security and Code Security and that permissions documentation is updated for Code Security, making it specific and relevant to the changeset. It avoids vague language and directly reflects the two primary objectives of the pull request.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch ian/github-code-security-update
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 977cae1 and dae67c1.

📒 Files selected for processing (2)
  • pages/integrations/github-code-security.mdx (1 hunks)
  • pages/integrations/github.mdx (1 hunks)
🧰 Additional context used
🪛 LanguageTool
pages/integrations/github-code-security.mdx

[grammar] ~17-~17: There might be a mistake here.
Context: ...on GitHub: - Repository metadata (read) - Repository contents (read) - Repository ...

(QB_NEW_EN)

[grammar] ~18-~18: There might be a mistake here.
Context: ...data (read) - Repository contents (read) - Repository checks (read and write) - Rep...

(QB_NEW_EN)

[grammar] ~19-~19: There might be a mistake here.
Context: ...ad) - Repository checks (read and write) - Repository pull requests (read and write...

(QB_NEW_EN)

[grammar] ~32-~32: There might be a mistake here.
Context: ...ite access to Checks on repositories - Read and write access to **Pull requests...

(QB_NEW_EN)

pages/integrations/github.mdx

[grammar] ~17-~17: There might be a mistake here.
Context: ... on GitHub: - Repository administration - Repository Dependabot alerts - Repositor...

(QB_NEW_EN)

[grammar] ~18-~18: There might be a mistake here.
Context: ...istration - Repository Dependabot alerts - Repository metadata - Repository webhook...

(QB_NEW_EN)

[grammar] ~19-~19: There might be a mistake here.
Context: ... Dependabot alerts - Repository metadata - Repository webhooks - Organization admin...

(QB_NEW_EN)

[grammar] ~20-~20: There might be a mistake here.
Context: ...epository metadata - Repository webhooks - Organization administration - Organizati...

(QB_NEW_EN)

[grammar] ~21-~21: There might be a mistake here.
Context: ...y webhooks - Organization administration - Organization members - Organization webh...

(QB_NEW_EN)

[grammar] ~22-~22: There might be a mistake here.
Context: ...on administration - Organization members - Organization webhooks ### Which resourc...

(QB_NEW_EN)

[grammar] ~29-~29: There might be a mistake here.
Context: ...he following on GitHub: - Organizations - Repositories - Branch protection rules...

(QB_NEW_EN)

[grammar] ~30-~30: There might be a mistake here.
Context: ... GitHub: - Organizations - Repositories - Branch protection rules - Dependabot a...

(QB_NEW_EN)

[grammar] ~31-~31: There might be a mistake here.
Context: ...Repositories - Branch protection rules - Dependabot alerts ## Common Issues ###...

(QB_NEW_EN)

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Oct 14, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 4fb93c5 and 977cae1.

📒 Files selected for processing (2)
  • pages/integrations/github-code-security.mdx (1 hunks)
  • pages/integrations/github.mdx (1 hunks)
🧰 Additional context used
🪛 LanguageTool
pages/integrations/github.mdx

[grammar] ~17-~17: There might be a mistake here.
Context: ... on GitHub: - Repository administration - Repository Dependabot alerts - Repositor...

(QB_NEW_EN)

[grammar] ~18-~18: There might be a mistake here.
Context: ...istration - Repository Dependabot alerts - Repository metadata - Repository webhook...

(QB_NEW_EN)

[grammar] ~19-~19: There might be a mistake here.
Context: ... Dependabot alerts - Repository metadata - Repository webhooks - Organization admin...

(QB_NEW_EN)

[grammar] ~20-~20: There might be a mistake here.
Context: ...epository metadata - Repository webhooks - Organization administration - Organizati...

(QB_NEW_EN)

[grammar] ~21-~21: There might be a mistake here.
Context: ...y webhooks - Organization administration - Organization members - Organization webh...

(QB_NEW_EN)

[grammar] ~22-~22: There might be a mistake here.
Context: ...on administration - Organization members - Organization webhooks ### Which resourc...

(QB_NEW_EN)

[grammar] ~29-~29: There might be a mistake here.
Context: ...he following on GitHub: - Organizations - Repositories - Branch protection rules...

(QB_NEW_EN)

[grammar] ~30-~30: There might be a mistake here.
Context: ... GitHub: - Organizations - Repositories - Branch protection rules - Dependabot a...

(QB_NEW_EN)

[grammar] ~31-~31: There might be a mistake here.
Context: ...Repositories - Branch protection rules - Dependabot alerts ## Common Issues ###...

(QB_NEW_EN)

pages/integrations/github-code-security.mdx

[grammar] ~17-~17: There might be a mistake here.
Context: ...on GitHub: - Repository metadata (read) - Repository contents (read) - Repository ...

(QB_NEW_EN)

[grammar] ~18-~18: There might be a mistake here.
Context: ...data (read) - Repository contents (read) - Repository checks (read and write) - Rep...

(QB_NEW_EN)

[grammar] ~19-~19: There might be a mistake here.
Context: ...ad) - Repository checks (read and write) - Repository pull requests (read and write...

(QB_NEW_EN)

[grammar] ~32-~32: There might be a mistake here.
Context: ...ite access to Checks on repositories - Read and write access to **Pull requests...

(QB_NEW_EN)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@scherroman scherroman scherroman approved these changes

@jnfrati jnfrati Awaiting requested review from jnfrati

@sbysb sbysb Awaiting requested review from sbysb

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ian-oneleet @scherroman