Skip to main content

GitHub proof types

Note

Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance meeting the requirements to integrate with Hyperproof and collect the proof you need.

When you create a Hypersync between Hyperproof and GitHub, you can automatically collect proof based on:

  • Branch Protection

    • Requires admin access to the repo in addition to either write or maintain roles

  • Commits

  • Commit Details

  • External Repository Members

    • Requires push access to the repo

  • Issue Details

  • Member Repository Access

    • Requires admin access to the repo

  • List of Issues

  • Organization Members

  • Pull Requests

  • Repository Admins

    • Requires admin access to the repo

  • Repository Members

    • Requires push access to the repo

  • Repository Workflows

    • Requires admin access to the repo in addition to either write or maintain roles

  • Team Members

Additional documentation

Note

You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need. Additionally, you can create multiple Hypersyncs for a single control or label.

Tip

If you accidentally click Authorize Hyperproof during the connection process, and your organization doesn’t have a green check next to it, go to your GitHub settings and revoke permissions for Hyperproof. Once the permissions are revoked, follow the steps to reconnect Hyperproof to GitHub.

Requesting organizational approval for using third-party apps in GitHub

If your organization is using a service account to connect GitHub to Hyperproof, and the account has restricted third-party apps, you’ll need to request approval for Hyperproof.

Once the request is approved by the organization’s owner, the GitHub organization should appear in the Owner drop-down menu within the Set up Hypersync window.

This process generates an auth token that is tied to the GitHub organizations you select. Users can only see the organizations selected during this process and the list of organizations can't be changed once the auth token is created. To modify the list of organizations, you must revoke Hyperproof's app access and reconfigure the approval for using Hyperproof. See GitHub troubleshooting.

  1. Log in to GitHub with the service account.

  2. In the upper-right corner of any page, click your profile photo, then click Settings.

  3. From the left menu, below Integrations, click Applications.

  4. Select the Authorized OAuth Apps tab.

  5. In the list of applications, click Hyperproof.

  6. Below Organization access, click Request for each organization that needs authorization.

    Note

    Once the approval is in place, the list of organizations can't be updated. Revoke access and reconfigure the approval for Hyperproof.

  7. Click Request approval from owners.

Full instructions can be found in the GitHub documentation.

A note about using 2FA with the GitHub Hypersync

If you experience an issue with establishing a service account connection to the GitHub Hypersync, it's more than likely due to having 2FA (Two-Factor Authentication) configured for your GitHub instance.

It is possible to create a service account in GitHub with 2FA. Refer to this GitHub article for more information. For reference, Hyperproof uses Bitwarden’s TOTP key generator for similar 2FA scenarios.

In this section: