Skip to main content
GitHub CI/CD Integration

Setting up Privado's GitHub CI/CD integration on Privado Cloud

N
Written by Nikhil Kukade
Updated over 2 months ago

Overview

Privado supports implementing Privado's full platform via a CI/CD integration with GitHub. Implementing Privado via CI/CD enables all core features including data mapping, assessments, and privacy issue detection.

The key difference is privacy issues can be detected and potentially blocked when new code goes through the continuous deployment process before it goes live. Integrating Privado via SCM (source code management) enables similar issue detection and blocking except that it occurs when new code submitted for a pull request. Pull requests are code reviews that occur before the continuous deployment process.

When you enable the GitHub CI/CD integration on a repository, four things will happen:

  1. Privado will trigger scan on every pull request creation and when code is committed to that branch

  2. A pull request comment will be created when the scan is completed with summary information about the scan results

  3. Annotations will be made on the lines of code where privacy issues were detected.

  4. If any code that triggers a violation is merged into the main branch, and Issue will be created in the Privado app

Keep reading below to learn how to set up the integration.

Setup

Navigate to the Repositories page, and click manage in the top right corner of the screen. You will see an option to manage repositories or manage PR integration. Choose "Manage PR Integration".

Note: Permission Changes

Before you can enable the integration on any repositories, you'll need to approve updated permissions for the Privado GitHub app. You will see a popup that gives a brief overview of the integration and explains the permission changes required.

Because the integration makes automated comments on pull requests, the read and write permissions for pull requests are required. We do no push any code or modify pull requests in any way other than creating a comment on the pull request and creating GitHub Annotations on any lines that contain a violation of your configured policies.

Adding Repositories

After you update the permissions and click "Continue", you'll see a list of your repositories in a table with a checkbox in each row. Select the repositories you want to integrate and click "Enable Integration" in the top right corner of the screen.

Once you click "Enable Integration" system will prompt to confirm your choice. Click "Enable and Continue".

You will see a success message in the top right corner of your screen once the integration is complete.


Next Steps

Scanning Repositories

Now that you've configured the integration on some repositories, scans will start running automatically on every pull request created against an integrated repository. You will see the Privado scan running as part of the merge compatibility checks when a pull request is first created and when new code is pushed to the pull request.

Pull Request Comments and Annotations

Comments

When a scan is completed, the Privado GitHub app will post a comment to the pull request that summarises the results of the scan. It will identify any new data entities or policy violations detected by the scan (for more on policy violations, see our Issue documentation).

Annotations

In addition to the PR comment, annotations will be created on each line of code where a new data entity was detected or where a violation occurred. This makes it easy for developers to see exactly where the problem lies, enabling them to self-remediate privacy issues. You can easily view these in the "Files changed" tab of your repository.

Annotations are also visible in the "Checks" tab, where you can find any other merge compatibility checks that have occurred.

Issues

Issues are created in the Privado app when a Privado scan on the main branch of a repository detects a new data entity or detects policy violation. This can happen if a violation was detected in a pull request but was not remediated by a developer before it was merged into the main branch (a scan is run on the main branch immediately after every pull request is merged, and is compared against the previous main branch scan to detect any violations). For more information on Issues, see our Issues documentation.

Did this answer your question?