GitHub Application

Integrating Bridgecrew with GitHub

In this section, you’ll add a GitHub integration to generate code comments and set up for automated pull requests (PRs) in the next section. This integration also provides native and automated scanning of incoming commits and pull requests.

Head back to the Bridgecrew Integrations tab and select GitHub under the Source Control section and “Authorize on GitHub Marketplace”:

Authorize Github Bridgecrew Integration

Choose which accounts and repositories to grant the Bridgecrew GitHub integration access to:

Grant repo access

Once you’ve connected Bridgecrew to your TerraGoat demo repository, Bridgecrew will scan your Terraform templates directly from GitHub again and bring the results into Bridgecrew.

Head over to the Projects tab and find the TerraGoat repository:

Bridgecrew Projects page

You will now see the same violation alerting from multiple sources. Although this may seem redundant, it’s actually an important feature for tracking security posture at multiple steps in the DevOps lifecycle.

You’re all set!

Now head over to your forked TerraGoat repository in GitHub to kick off a pull request to make sure it’s working.