GitHub Integration

MergeBase provides a Github app (CodeGreen App) to seamlessly integrate code from designated GitHub repositories into MergeBase for comprehensive scanning. Additionally, it enables near real-time scanning of submitted commits. It scans build files from your Github repositories and integrates the results directly to the MergeBase dashboard for your centralized view.

Integrating Github Code Repositories with MergeBase

First, on the MergeBase dashboard home page illustrated above, click on the 1 “Onboarding” button on the left, followed by 2 “Import a Repository” button.

Then click the “Install MergeBase GitHub App” button.

You will then be redirected to the GitHub website.

• If you haven’t logged into GitHub, you'll encounter the login page to authenticate your credentials.
• For users with multiple GitHub accounts, an account selection page will appear, as shown above.
• Otherwise, you will proceed to the "Install & Authorize" page as depicted below.

Upon reviewing the list of permissions, click the “Install & Authorize” button.

After being redirected back to the MergeBase, the authorized repositories will be listed on the page. You can select repositories for scanning as needed. If multiple GitHub accounts have been integrated, they will all be visible on this page.

Managing Your GitHub Integration

You can utilize the search function to find repositories. Selected repositories that do not match the search keywords will also appear in the search results.

Upon clicking the “Save and Scan” button, The checklist’s selection status will be saved for further actions. The selected repositories will be scanned immediately and asyncronously. The popped-up modal window will display the scanning progress of each repository. When all scans are completed, the “Go to Overview” button will become enabled. Clicking it will allow you to navigate to the overview page where the scan results are displayed.

A current limitation of the integration is that it will only scan the default branch of the repository (generally, the “main” branch).

• Please note that the scanning process might take some time, so it’s advisable not to select too many repositories at one time.

• There are some specific cases related to programming languages of the repository where scanning is unavailable:

  The repository requires compilation:

  C/C++
  
  DotNet
  

  The repository requires lock files:

  NPM (JavaScript): package-lock.json
  
  Yarn (JavaScript): package-lock.json
  
  Gem (Ruby): Gemfile.lock
  
  Composer (PHP): composer.lock
  

If the “All commits and pull requests” checkbox is selected, scans will be initiated for new commits and pull requests.

• Please note that it involves scanning with a 10-minute interval instead of a real time scanning.

Opting for "Daily (On change only)" will trigger daily scanning whenever there are new code changes.

To delete an installation, click the “Delete the installation” button corresponding to the specific GitHub account. Subsequently, both the installation within MergeBase and the corresponding installation on GitHub will be erased.

• Please note that, if the installation is directly removed from GitHub, the corresponding installation will also be eliminated the next time you log in to MergeBase and navigate to the settings page.

If you want to access this page directly, proceed to the 1 “Settings” page in the left hand navigation as illustrated below, and then access the 2 “GitHub Integration” tab along the top.