ox security and git

Streamlining DevOps: How to Integrate OX with GitHub for Enhanced ASPM

Did you know that the OX Active ASPM platform integrates with GitHub? This combination of capabilities provides users with the benefits of GitHub’s developer-focused features plus assurance that their entire software development lifecycle is protected from start to finish. GitHub’s platform — known for source control and issue tracking — can be easily connected to the OX Active ASPM Platform so that DevOps and AppSec teams can see, understand, and fix any software security issues, at any stage of the process, and across all development environments. With this integration, users benefit from GitHub-focused insights correlated with OX’s full attack surface information, holistic risk prioritization, and no- or low-code vulnerability management workflows. Further, developers can now embed security checks directly into their GitHub DevOps workflows to streamline processes and maintain strong security standards.

In this blog post, we’ll cover how OX’s integration with GitHub takes application security posture management to the next level, allowing developers to perform comprehensive security assessments within their GitHub environment.

Understanding GitHub’s Role in DevOps

GitHub has long served as a powerhouse for DevOps, providing developers with an efficient, centralized platform for version control, collaboration, and seamless CI/CD integration in the GitHub ecosystem. As software development has evolved, GitHub has advanced as well, helping developers more easily manage security vulnerabilities within their code. GitHub brings functionality like CodeQL-based code scanning, secret scanning, and dependency review into the GitHub environment, which allows developers to catch potential vulnerabilities in the codebase early on, without disrupting their workflows.

However, while GitHub is effective at a code level, organizations aiming for a comprehensive approach to application security posture management (ASPM) need additional tools that cover the entire software supply chain, from code to cloud, and across all development environments and tools. This is where OX Security adds significant value, enhancing the security capabilities of GitHub by addressing broader security challenges that extend beyond code and build-level protection.

The Advantage of Connecting OX with GitHub 

The integration of OX Security with GitHub takes DevOps to the next level by combining the developer-friendly security of GitHub with OX’s holistic software supply chain security. Here’s how OX enhances GitHub’s security framework:

  • End-to-End Visibility and Coverage: GitHub provides insights into code and dependencies, but OX expands this view by adding visibility across the entire software supply chain, inclusive of all repository types. With OX’s Pipeline Bill of Materials (PBOM) and OSC&R Framework, all security issues are mapped to potential attack paths, giving teams the clarity they need to prioritize high-risk vulnerabilities effectively.
  • Consolidated Security Management: While GitHub displays security alerts within pull requests, OX provides centralized issue management with clear prioritization based on context. This reduces noise and helps developers focus on what matters most without sifting through false positives or dealing with fragmented alerts.
  • No-Code Workflow Automation: By integrating OX’s no-code security workflows, organizations can automate security tasks across the CI/CD pipeline. This approach complements GitHub’s capabilities, reducing the need for manual coding, and minimizing the potential for human error.

How to Connect Your GitHub with OX

There are 3 authorization options available for GitHub:

  • OX GitHub App (default)
  • GitHub Identity Provider
  • GitHub Access Token

Connection options

  • OX GitHub app (default) — click Connect under the “GitHub App” tab and follow the prompts.
  • Identity Provider — click Connect under the “Identity Provider” tab and follow the instructions from GitHub on the screen.
  • Token click Connect under the “Token” tab and follow the instructions.
  • Enter the GitHub host URL

Note: By default, OX enters the GitHub SaaS URL (https://api.github.com). 

If you use a self-hosted git installation (GitHub Enterprise Server), replace it with your local GitHub URL.

  • Follow the instructions for generating a GitHub access token and paste it into the Token field.
  • Click Connect

Setting Up Repositories for Scanning

After establishing connectivity between GitHub and OX, you’ll have the ability to view all your repositories. You can select which ones you want OX to scan for security issues here.

From the displayed list, select the repositories you want OX to monitor and protect.

  • By default, all detected repositories are selected. You can check/uncheck options according to your preference.
  • Check the Monitor all newly created repos option if you want OX to begin monitoring any future repos automatically upon their creation.

You can view a step-by-step guide here.

The Outcome

By integrating OX with GitHub, developers can boost application security without interrupting DevOps workflows. This powerful integration automates essential security checks and ensures potential vulnerabilities are detected and managed early, laying the groundwork for safer, smoother software deployment.

While GitHub stands out as a multi-functional DevOps tool that provides a Git repository manager to support issue-tracking, streamline development processes, and ensure high-quality output within Git environments, OX empowers organizations to improve their AppSec maturity level and simplify operations by converging Application Security Testing (AST) tools, Software Supply Chain Security (SSCS), Application Security Posture Management (ASPM), and Application Detection and Response (ADR) into a single, cohesive platform. 

Together, the integration of GitHub and OX delivers full-spectrum visibility and control over the software supply chain, eliminating visibility gaps and the need for additional tools, while bringing developers and security teams closer together to deploy software on time and securely.

Dashboard1170

Take a Product Tour

  • Get Full Visibility
  • Focus on What Matters
  • Mitigate Risk at Scale
Take a Tour

Getting started is easy

Bake security into your software pipeline. A single API integration is all you need to get started. No credit card required.