Skip to content

Split GitHub integration into Cloud Security and Code Security; document permissions update for Code Security #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 3, 2025
Merged

Split GitHub integration into Cloud Security and Code Security; document permissions update for Code Security #38

merged 5 commits into from
Nov 3, 2025

Conversation

@ian-oneleet
Copy link
Contributor

@ian-oneleet ian-oneleet commented Oct 14, 2025
edited by coderabbitai bot
Loading

Problem

We need a permissions update for GitHub (Code Security) to enable PR checks.

Solution

Document it here.

I've also split out the two GitHub integrations for Cloud Security and Code Security, to match what we have on the platform. I left the slug as-is for Cloud Security to avoid breaking links.

Summary by CodeRabbit

  • Documentation
    • Added a new GitHub (Code Security) docs page with overview, setup path, required permissions, and an Updates note about upcoming CI check scanning on pull requests and permission changes.
    • Renamed GitHub to "GitHub (Cloud Security)", clarified scope (no repo content access), refined setup path and granular permissions, added monitored resources (branch protection rules, Dependabot alerts), preserved Common Issues, and improved formatting.

@vercel
Copy link

vercel bot commented Oct 14, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
oneleet-docs Ready Ready Preview Comment Nov 3, 2025 10:59pm

@coderabbitai
Copy link

coderabbitai bot commented Oct 14, 2025
edited
Loading

Walkthrough

Adds a new GitHub (Code Security) documentation page and renames/updates the existing GitHub page to GitHub (Cloud Security), refining setup text, permission scopes, monitored resources, adding a Common Issues entry, and noting an update (2025-11-03) about upcoming CI check support and permission changes.

Changes

Cohort / File(s) Summary of Changes
New integration doc: GitHub (Code Security)
pages/integrations/github-code-security.mdx		 Added MDX page describing the GitHub (Code Security) integration: setup path (Integrations > Add integration > GitHub (Code Security)), required permissions (Repository metadata — read, Repository contents — read, Repository checks — read/write, Repository pull requests — read/write), and an Updates entry dated 2025-11-03 describing forthcoming CI check support for Code Security on PRs and associated permission changes.
Renamed and expanded: GitHub (Cloud Security)
pages/integrations/github.mdx		 Retitled to “GitHub (Cloud Security)”; added intro clarifying scope (monitor config, user access, Dependabot vulnerabilities; no access to repo contents); updated setup path text; changed permission wording to granular repository/organization scopes (Repository administration, Repository Dependabot alerts, Repository metadata, Repository webhooks, Organization members, Organization webhooks); added monitored resources (branch protection rules, Dependabot alerts); added Common Issues entry about upgrading to GitHub Teams for private repos; retained Updates entries (2025-08-14, 2025-07-10); minor formatting adjustments.

Sequence Diagram(s)

sequenceDiagram
    participant User as GitHub User / PR
    participant GitHub as GitHub API
    participant Service as Cloud/Code Security Integration
    participant CI as CI checks

    rect rgb(235,245,255)
    Note over User,Service: New CI check support (2025-11-03)
    end

    User->>GitHub: Open PR / push commit
    GitHub->>Service: Webhook (pull_request / check_run) [requires Checks & PR scopes]
    alt CI check enabled
        Service->>CI: Trigger/validate Code Security check
        CI->>GitHub: Report check status
        GitHub->>Service: Check result callback
    else CI not used
        Service->>GitHub: Read PR metadata / contents (requires metadata/contents scopes)
    end
    Service->>User: Surface findings / statuses in UI
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Pay attention to permission wording and dates in pages/integrations/github-code-security.mdx.
  • Verify the new Common Issues text and monitored-resources list in pages/integrations/github.mdx.

Poem

Hop hop — a doc for Code and Cloud,
I tidy scopes and stamp them proud.
CI checks arrive with a careful tap,
Permissions shift, the statuses map.
Carrots, commits — I weave the clap. 🥕📘

Pre-merge checks and finishing touches

✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title directly and clearly summarizes the main changes: splitting GitHub integration into two types and documenting the permissions update for Code Security.
Description check ✅ Passed The description covers the problem, solution, and context but lacks the testing section from the template with checkboxes for unit/integration/manual tests.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch ian/github-code-security-update
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between dae67c1 and fabb783.

📒 Files selected for processing (1)
  • pages/integrations/github-code-security.mdx (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • pages/integrations/github-code-security.mdx

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Oct 14, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 4fb93c5 and 977cae1.

📒 Files selected for processing (2)
  • pages/integrations/github-code-security.mdx (1 hunks)
  • pages/integrations/github.mdx (1 hunks)
🧰 Additional context used
🪛 LanguageTool
pages/integrations/github.mdx

[grammar] ~17-~17: There might be a mistake here.
Context: ... on GitHub: - Repository administration - Repository Dependabot alerts - Repositor...

(QB_NEW_EN)

[grammar] ~18-~18: There might be a mistake here.
Context: ...istration - Repository Dependabot alerts - Repository metadata - Repository webhook...

(QB_NEW_EN)

[grammar] ~19-~19: There might be a mistake here.
Context: ... Dependabot alerts - Repository metadata - Repository webhooks - Organization admin...

(QB_NEW_EN)

[grammar] ~20-~20: There might be a mistake here.
Context: ...epository metadata - Repository webhooks - Organization administration - Organizati...

(QB_NEW_EN)

[grammar] ~21-~21: There might be a mistake here.
Context: ...y webhooks - Organization administration - Organization members - Organization webh...

(QB_NEW_EN)

[grammar] ~22-~22: There might be a mistake here.
Context: ...on administration - Organization members - Organization webhooks ### Which resourc...

(QB_NEW_EN)

[grammar] ~29-~29: There might be a mistake here.
Context: ...he following on GitHub: - Organizations - Repositories - Branch protection rules...

(QB_NEW_EN)

[grammar] ~30-~30: There might be a mistake here.
Context: ... GitHub: - Organizations - Repositories - Branch protection rules - Dependabot a...

(QB_NEW_EN)

[grammar] ~31-~31: There might be a mistake here.
Context: ...Repositories - Branch protection rules - Dependabot alerts ## Common Issues ###...

(QB_NEW_EN)

pages/integrations/github-code-security.mdx

[grammar] ~17-~17: There might be a mistake here.
Context: ...on GitHub: - Repository metadata (read) - Repository contents (read) - Repository ...

(QB_NEW_EN)

[grammar] ~18-~18: There might be a mistake here.
Context: ...data (read) - Repository contents (read) - Repository checks (read and write) - Rep...

(QB_NEW_EN)

[grammar] ~19-~19: There might be a mistake here.
Context: ...ad) - Repository checks (read and write) - Repository pull requests (read and write...

(QB_NEW_EN)

[grammar] ~32-~32: There might be a mistake here.
Context: ...ite access to Checks on repositories - Read and write access to **Pull requests...

(QB_NEW_EN)

@ian-oneleet ian-oneleet merged commit d50b99f into main Nov 3, 2025
4 checks passed
@ian-oneleet ian-oneleet deleted the ian/github-code-security-update branch November 3, 2025 23:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@scherroman scherroman scherroman approved these changes

@jnfrati jnfrati Awaiting requested review from jnfrati

@sbysb sbysb Awaiting requested review from sbysb

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ian-oneleet @scherroman