This article explains how to configure the App Activities integration for GitHub.
App Activities provides you with an API-based solution for out-of-band visibility of all activity made by any user in a connected SaaS application. To provide App Activities with visibility of data within an app, you need to set up an integration with the required application. Once you create the integration, if a field has changed or expired, you can edit it from the Resources >Integrations > Integrated Apps page. For more information, see What is Application Control via API with App Activities.
To configure the App Activities integration, you need to:
-
Configure the integration within the SaaS application
-
Create the API connector in the CMA
A CASB license is required for App Activities. This license includes app and data control and App Activities via API. For more about purchasing a CASB license, please contact your Cato representative.
After creating this connector, you can view and monitor activity in your GitHub environment. For example,
-
User logins
-
Cloning of repositories
-
Commits
-
Pull requests
-
Modification of repos/organization settings
-
Alerts of code/vulnerability scans
This helps you identify and respond to suspicious activity, and you can receive alerts for these activities:
-
Code security scans
-
Vulnerability (Dependabot) scans
-
Secret scans
To configure the GitHub integration, create a new Personal access token.
-
You must have purchased a GitHub Enterprise license
-
These scopes (permissions) are provided:
-
User - read:user
-
Audit_log - read:audit_log
-
Org - read:org
-
Enterprise - read:enterprise
-
Repository - security_events:read
-
Note
Note: From March 2026, the GitHub connector can collect security events for auditing and cross-platform correlation. If you created this connector before March 2026, you need to regenerate the access token, with the additional security_events:read scope and add the new token into the CMA.
To regenerate the access token, in the GitHub Developer Center, select the existing token used for the Cato integration. Click Regenerate token, and under the Repository section, ensure the security_events:read is selected. Click Regenerate token to apply the changes. Follow Step 2 below to add the new token to the CMA.
In the GitHub Developer Center, identify the access token to enter into the CMA.
To configure the GitHub integration:
-
In the GitHub Developer Center, navigate to Personal access tokens > Tokens (classic).
-
Click Generate new token.
-
Set the token expiration date.
We recommend setting the expiration date to the maximum allowable period of 1 year.
-
Add the scopes listed above.
-
Click Generate token.
-
Copy and save the new access token so they can be added into the CMA.
-
Navigate to Settings > Enterprises.
-
Click on the name of your enterprise.
The login page of your enterprise is displayed.
-
Copy and save the last segment of the URL so it can be added into the CMA. For example, in the URL
https://github.com/enterprises/cato, copy and savecato.
After you have set up an integration with the required application, add the details in the CMA.
To create the API connector in the CMA:
-
From the navigation menu, click Resources > Integrations.
-
Click the Configured Integrations tab.
-
Click New.
The New Integration panel opens.
-
Select the SaaS Application you want to add.
-
In the Capability drop down select App Activities.
-
Add the details created during step one.
-
Click Save.
-
The app is visible on the Integrated Apps table with a Connected status.
After connecting your APIs, you can track the App activities in the Cloud Activities dashboard. Data may take a few minutes to appear.
0 comments
Article is closed for comments.