Skip to main content

Configuring GitHub Integration (v8.6.0 to v8.9.0)


GitHub no longer supports basic authentication, which means that that a personal access token is now required. For additional information, refer to the relevant GitHub notice. For adding support for access tokens, it is recommended to upgrade to the latest CxSAST version.

As a prerequisite, you have to first install and configure Git (please refer to Installing and Configuring Git (up to v8.5.0)). You also need access to a GitHub account:


Refer to Adding SSH Key to GitHub and GitHub Webhooks for instructions on adding an SSH Key to GitHub and verifying that a webhook was created.

1. Proceed according to the steps for Setting a GIT Repository and Choosing a Branch to be scanned.

2. Select the GitHub Integration checkbox.


3. Enter the GitHub repository owner and collaborator credentials into the relevant User Name and Password fields.


  • The GitHub user with repository owner authorization is used for creating and using a GitHub WebHook (see GitHub Webhooks ).

  • The GitHub user with repository collaborator authorization is used to create commit comments.

4. Configure the Event threshold. A scan in Checkmarx CxSAST will be initiated only after this number of events has occurred, since the last triggered scan.


By default, the event threshold value is set to 5, because triggering a scan after fewer events may overload the system. If the user specifies a lower number, a warning message is displayed.

5. Click Validate Webhook Credentials to confirm that the authentication to the GitHub webhooks works correctly. A 'Server Connection Verified Successfully' message is displayed.

6. Click <OK> to complete the procedure.