Skip to main content
This guide is for GitHub Enterprise Server customers with a custom domain. Standard GitHub.com organizations should use the GitHub.com guide instead.

Configure access

There are two ways to configure repository access for GitHub Enterprise Server:

GitHub App (recommended)

This will register a GitHub App on your server. You will be redirected to your instance to create it.
This flow must be completed by a GitHub organization owner.

Personal Access Token

Create a personal access token that can be used to access repositories for white-box pentests.
PR Reviews are not available with a PAT. Use GitHub App instead.

Configure GitHub App

1

Open Integrations page

In Hacktron, go to Integrations and click Connect under GitHub Enterprise Server.GitHub Enterprise Server
2

Initiate GitHub App installation

Enter your server base URL, e.g. https://github.example.com, and the organization name.
You must be an owner of the organization to install the GitHub App.
3

Sign in to your server (if required)

If GitHub prompts you to sign in, enter your GitHub login credentials as you normally would.
4

Register Hacktron as a new GitHub App

GitHub will prompt you to create a new GitHub App. Give it a descriptive name (hacktron-app by default).Create GitHub AppClick Create GitHub App. This will create a new GitHub App with the required permissions.
5

Install the GitHub App

Your browser will now redirect you to install the app you just registered.Install GitHub AppSelect the repositories you want to grant access to, then click Install.
Hacktron requests the following permissions:
  • Read access to code, members, and metadata
  • Read and write access to checks, issues, and pull requests
This is required for code review, issue management, and pull request generation. Hacktron does not retain any source code after each review is complete.

Configure Personal Access Token

1

Go to the Personal Access Tokens page

Go to http://<your-server>/settings/personal-access-tokens/new, or click on your avatar on the top right and select “Settings”, then “Developer settings”, then “Personal access tokens”.
2

Create a new personal access token

Give the token a descriptive name, e.g. “Hacktron”.Select the repositories you want to grant access to.
This can be changed later.
Select the following permissions:
  • Read-only access to code
  • Read-only access to metadata
This is required for running white-box pentests.
Click “Create token”.Copy the token and save it in a secure location.
3

Add the token to Hacktron

Go to the Integrations page in Hacktron and click Connect under GitHub Enterprise Server.Select the Personal Access Token option.Personal Access TokenEnter the token you created earlier.Click Connect.
That’s it! Hacktron will now run security reviews for every pull request in the selected repositories.