Source Code dashboard reference

Updated

Overview

The Source Code dashboard highlights GitHub activity in your environment, including source code files pushed from trusted repositories to potentially risky destinations.

The Source Code dashboard

To view the Source Code dashboard:

  1. Sign in to the Incydr console as a user with one of the following roles: Customer Cloud Admin, Insider Risk Admin, Insider Risk Analyst, or Insider Risk Read Only.
  2. Select Dashboards > Source Code

Source code dashboard

Item Description
a Authenticate GitHub

Click to add or update a GitHub personal access token.

A token enables more details on this dashboard, including repo type, description, and license details. Without a token, some repositories may not show all details and will be categorized as Unknown.

See Access token below for more details.
b Date picker

Click to select the date range for all data displayed on the dashboard.
c Top users with risky Git activity

Lists users who have pushed code to repositories not on your list of trusted activity.

Click the search icon Search icon to view events in Forensic Search.

Click the view details icon View details icon for more details about the user and the source repositories of these events.
d Repository destinations

Shows Git activity based on repository ownership and privacy settings. Click the search icon Search icon next to any item to view those events in Forensic Search.

See Repository types below for descriptions of each type.
e Files exfiltrated from trusted repositories to potentially risky destinations

Displays files acquired from trusted repositories and sent to potentially risky destinations. If a destination listed here does not represent risk, you can optionally click the trust shield icon Add trust icon to add it to your list of Trusted activity.
f Top active untrusted repos

Lists the most commonly-used repositories not on your list of Trusted activity. Repos with a lot of activity may indicate they're commonly used for corporate-approved tasks.

For publicly accessible repositories, click the Repository value to view it in GitHub. (Private repositories do not include links.)

Click the trust shield icon Add trust icon to add the repo to your list of Trusted activity, or click the search icon Search icon to investigate in more detail.
g Event totals by repo type

Shows total events counts for each repository, organized by repository type. Click View details for more information about each repository.

Access token

Requires the Customer Cloud Admin or Security Administrator role

Providing a GitHub personal access token with read access to your organization’s repositories enables more details on this dashboard, including repo type, description, and license details. Without a token, some repositories may not show all details and will be categorized as Unknown.

Follow these steps to create a token in GitHub and apply it to the Source Code dashboard.

From GitHub:

  1. Sign in to GitHub as a user with read access to your organization's repositories.
  2. From the profile menu in the upper-right, select Settings.
  3. From the menu on the left, select Developer settings.
  4. Select Personal access tokens > Fine-grained tokens.
  5. Select Generate new token.
  6. Enter a token name and description.
  7. Select the expiration date. Set a date that matches your organization's policies for token duration, and make sure to renew and apply a new token before it expires.
  8. In the Repository access section, select All repositories.
  9. In the Permissions section, click to expand Repository permissions, and grant Read-only access for Metadata
  10. Click Generate token.
    GitHub displays the token.
  11. Copy the token to your clipboard.

From Incydr:

  1. Sign in to the Incydr console as a user with the Customer Cloud Admin, Insider Risk Admin, or Security Administrator role.
  2. Select Dashboards > Source Code
  3. Click Authenticate GitHub.
  4. Paste the token and click Save.

Token considerations

  • The token applies to all authorized Incydr users in your organization. 
  • While there are a variety of options to authenticate with GitHub, the Source Code dashboard uses personal access tokens. Personal access tokens are available to all users and do not require GitHub enterprise licenses or additional management. See GitHub Docs for complete details about personal access tokens
  • Personal access tokens allow for very fine-grained permissions, but the Source Code dashboard only requires permission to read / list private repositories. Tokens do not require write access or administrative capabilities (such as pull requests or issue/user management).

Repository types

  • Organization - Public: Owned by an organization and available to the public. May be open source.
  • Organization - Private: Owned by an organization and only available to authorized users.
  • Personal - Public: Owned by an individual user and available to the public.
  • Personal - Private: Owned by an individual user and only available to authorized users.
  • Trusted - Public: Repositories included in your list of Trusted activity that are available to the public.
  • Trusted - Private: Repositories included in your list of Trusted activity that are only available to authorized users.
  • Unknown - Private: Ownership details are not available. This can occur if you do not have permission to view the repo, or if it has been deleted.

Related topics

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.