GitHub Container Registry Integration
Checkmarx One provides an integration with GitHub Container Registry (GHCR), enabling you to automatically pull images from your private GitHub registry and scan them using the Checkmarx One Container Security scanner. We provide a convenient wizard on the Checkmarx One Integrations page that enables you to submit your GitHub credentials and create the integration.
Prerequisites
A Personal Access Token for the repository where the images are located, with permissions
read:packagesandrepo.Notice
In the GitHub portal go to Settings > Developer Settings > Personal Access Tokens and generate the token.
Limitations
The integration is not effective for scans run via the Checkmarx One CLI tool or associated plugins.
Setting up an Integration
To set up a GitHub Private Registry Integration:
Open the Integrations
page.Click on the GitHub tile under Private Registries for Containers, then click Start.
The GitHub Private Registry Integration wizard opens on the right side of the screen.
Name Your Account and optionally fill in the Description and Associate Tags fields, then click Next.
Under Username enter the Username for your GitHub account.
In the API Key field, enter the Personal Access Token for your GitHub registry (as described above in Prerequisites).
In the URL field, enter the URL for your GitHub account using the format
https://ghcr.io/<github-account>.Click Add Account.
Monitoring Integration Status
You can monitor the status of your GitHub integrations to see whether or not the integration is connected. Possible statuses are:
Pending - The integration was just set up and hasn't connected yet.
Connected - The integration is running and you are able to scan images in your GitHub registry.
Disconnected - Checkmarx One is not currently able to access your private GitHub registry.
To monitor the integration status:
Go to Integrations
> Inventory tab, and select Runtime & Cloud.Check the Status column for each of your integrations.
