Salesforce, Python, SQL, & other ways to put your data where you need it

Need event music? 🎸

Live and recorded jazz, pop, and meditative music for your virtual conference / Zoom wedding / yoga class / private party with quality sound and a smooth technical experience

GitHub App notes

12 Nov 2024 🔖 devops
💬 EN

Table of Contents

TODO

https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps

Explore the Checkmarx CLI

TODO: remove this from this article; irrelevant to GH in general

./cx.exe auth register `
    --roles ast-admin `
    --username exampleExample.com `
    --apikey (Read-Host -Prompt 'Enter APIkey' -AsSecureString)

It seems that we oughtta be able to get Checkmarx read-only (and maybe PR-write, though that seems optional if we do webhook #2) access by, instead of giving it a PAT SSH key, giving it an inhouse GHApp SSH key. I … I think that’d be the PEM file? Just hand that over to Checkmarx? All we gotta know how to do is destroy that SSH key if necessary.

That oughtta let Checkmarx’s side initiate a scan manually or when-webhook-awoken without trouble, I’d think.

And then we need a webhook in each direction, I think:

  1. For GH to tell Checkmarx to fire up a scan. (Though that could also perhaps just be done with a GH Action?)
  2. (only if we decide we want GH to fetch results & write to its own PR; Checkmarx not being able to write to PRs) – for Checkmarx’s scanner to know how to tell GH it just finished a scan and has results to write to it (or for GH to fetch and write to itself). (Wait. Can the scanner do that if it’s just using an SSH key rather than the company’s GH App?)

Known GitHub App IDs

https://github.com/organizations/YOUR_ORG_NAME_HERE/settings/installations

App public page URL format: https://github.com/apps/THE_APP_SLUG_HERE exists even for private ones, though it doesn’t show you much that’s useful.

https://github.com/apps/THE_APP_SLUG_HERE/installations/select_target gets you a list of all of your accounts & organizations into which you could install it (https://github.com/apps/THE_APP_SLUG_HERE/installations/new/permissions?target_id=YOUR_ORG_ID_HERE&target_type=Organization / https://github.com/apps/THE_APP_SLUG_HERE/installations/new/permissions?target_id=YOUR_USER_ID_HERE&target_type=User) or for which you could configure it by, say, attaching to even more “select” repositories (https://github.com/apps/THE_APP_SLUG_HERE/installations/SPECIFIC_INSTALLATION_ID_HERE)

gh api `
    -H "Accept: application/vnd.github+json" `
    -H "X-GitHub-Api-Version: 2022-11-28" /orgs/YOUR_ORG_NAME_HERE/installations `
| ConvertFrom-Json `
| Select-Object `
    -Property 'installations' `
    -ExpandProperty 'installations' `
| Select-Object `
    -Property @('app_id', 'app_slug')

Known OAuth App IDs

https://github.com/organizations/YOUR_ORG_NAME_HERE/settings/oauth_application_policy

https://github.com/orgs/YOUR_ORG_NAME_HERE/policies/applications/THE_ID_HERE/

  • Azure Data Factory: 815702
  • Azure Pipelines (OAuth): 193017
  • Checkmarx-AST-US POVs app: 2249790
--- ---