Customer Onboarding
The following steps are required in order to onboard a customer into Threatrix Hybrid, begin running scans and accessing that data through our API
Create your customer organization in Threatrix Hybrid
Add a GIthub Personal Access Token
Setup scanning
Customer merges PRs in Github
Scan data appears in Threatrix Hybrid
Let's get started!
Create an organization manually
A customer account must first be created within Threatix Hybrid before running scans or creating scan events. Customer accounts may be manually created or programmatically created through the API.
Access your Thrreatirx Hybrid instance through your browser at https://{YOUR_SERVER}/create-account
Access your Thrreatrix Hybrid instance through your browser at https://{YOUR_SERVER}/create-account
Enter the organization name and name of the Administrator.
Click "Sign Up" to create the account.
Create an organization with API
See API documentation for creating an organization
GitHub Personal Access Token
In order to run scans against repositories that are stored in Github, Threatrix must have permission to access those repositories. Your customer can grant those access permissions by providing a Personal Access Token created on GitHub.
A Personal Access Token is required for Threatrix to access the Github API to perform tasks including creating Github action workflows and pull requests.
While a standard user(human) can create a personal access token for use within Threatrix, we recommend that your customers create a separate account that will be used specifically for Threarix and/or other services which act as a bot within Github.
More details are available here: https://docs.github.com/en/get-started/learning-about-github/types-of-github-accounts
The customer-created personal access token must then be added to their account.
Add Github Personal Access token to Threatrix
Once your customer has provided you with a Github Personal Access Token(PAT), this token may be added to Threatrix manually or through the API
Manually adding Github Personal Access Token
Login as your customer
Navigate to Profile -> SCM Accounts Tab -> Add SCM Account
Under Github, add your customers PAT and select Save
Adding Github Personal Access Token through the API
See documentation for adding personal access tokens
Setup Scanning
Github repositories to be scanned should be provided by your customer and should include only repositories with source code.
Target repositories may be selected either manually or through the API.
Manual GitHub repository scanning setup
Log into the customer account that you created within your Threatrix Hybrid
Navigate to ThreatScanon the top menu
Select an account
From the repository list, select repositories to scanned
From the Branch drop down, select the branch to be scanned
Select either Execute Threat Scan OR from the Scan Event drop down, select an event type on which to run scans. The following event types are available:
Push: Run a scan whenever new code is pushed to the selected branch
Pull Request [Reccomended]: Run a new scan whenever a pull request is created for this branch
Manual: Allow users with the appropriate Github permissions to run the action manually from Github.
API GitHub repository scanning setup
See documentation for repository scanning setup through API.
Last updated