Setup version control system

We take data security very seriously. Your code will sit on your premises and go to a model that you control, sitting in your cloud.

GitHub

Our platform requires access token to fetch repositories for scan. Github provides two kinds of access token:

  1. Fine-Grained Personal Access Token is recommended if the user is the Owner of the repository OR the user is Member of an Organisation which owns the repository.

  2. Classic Personal Access Token can be used for all use-cases but is recommended for users that are collaborators to repository that are to be scanned.

The type of token to be used on our platform depends on the type of affiliation the user has with the repository you want to scan. Please follow the instructions in order to generate a token with minimum required permissions.

Issuing a Fine-Grained Personal Access Token

If the repository is a part of an organisation, ensure that fine-grained access tokens are enabled for the organisation. You can follow the documentation on Github.

  • Fine-Grained Access Token can only be enabled by the admins of the organisation

  • Fine-Grained Access Tokens can only be associated to a single owner (username of organisation)

  1. Go to the fine-grained tokens page: github.com/settings/personal-access-tokens

  2. Click on Generate new token.

  3. Enter account credentials if asked.

  4. Add Token name. e.g. p0-scan-read-only

  5. Choose the Resource Owner

    1. If the you own the repository: Choose the username from the dropdown

    2. If the repository is owned by an organisation: Choose the organisation from the dropdown

  6. [Optional] Add a description

  7. [Optional but good practice] Add What is this token for?

    • This helps organization's administrators in understanding your request when they review it for approval.

  8. For Repository access, choose either between:

    1. [Recommended] Only select repositories: Select repositories that you want the tool to include in the scan.

    2. or All repositories: For all repositories you have access to (public and private)

  9. In Permissions, we require the following permissions at miniumum:

    1. Repository PermissionsContents: Read-Only and Metadata: Read-Only

    2. This ensures that the token has minimum required permissions to run a scan.

  10. Click on Generate token.

    1. Copy the token displayed on next page

    2. Note: You may have to click on Generate token and request access if you are issuing a token for an organisation and it requires approval. In this case, please ask an admin to approve the request. The token will be available once the request has been approved.

Issuing a Classic Personal Access Token
Issuing a Classic Personal Access Token

If the repository is a part of an organisation, ensure that personal access tokens (classic) are not restricted by organisation. You can follow the documentation on Github.

  1. Go to the classic tokens page: github.com/settings/tokens

  2. Click on Generate new token dropdown and choose Generate new token (classic)

  3. Add a note. e.g p0-scan-read-only

  4. Choose the expiration of the token from the dropdown

  5. Mark the Repo checkbox, it should auto-accept all of it sub-permissions: repo: status, repo_deployment, etc. This step is crucial so that the token has the minimum required permissions to run a scan.

  6. Click on Generate token and copy the token displayed on the next page.

Note: Any policy change about personal access tokens can only be performed by the admins of the organisation.

GitLab

The Access Tokens allow P0 to access the repositories in your account or organisation that we will run the scan on. As the P0 process is running in your cloud, no code leaves your premises and you can set policies around egress to ensure this. Gitlab provides three kinds of access tokens:

  1. Personal Access Token is recommended if the user is personally the owner of the repository or if you want to access all repositories accessible to user.

  2. Project Access token should be used when most of the repositories that are needed to be accessed are within a gitlab project.

  3. Group Access Token should be used when the repositories to be scanned are across different projects and a group has access to those projects.

The type of token to be used on our platform depends on the level of access required for scanning the intended repositories.

Issuing a Personal Access Token
  1. On the left sidebar, select your avatar.

  2. Select Edit profile.

  3. On the left sidebar, select Access tokens.

  4. Select Add new token.

  5. In Token name, enter a name for the token.

  6. [Optional] In Token description, enter a description for the token.

  7. In Expiration date, enter an expiration date for the token.

    • The token expires on that date at midnight UTC. A token with the expiration date of 2024-01-01 expires at 00:00:00 UTC on 2024-01-01.

    • If you do not enter an expiry date, the expiry date is automatically set to 365 days later than the current date.

    • By default, this date can be a maximum of 365 days later than the current date. In GitLab 17.6 or later, you can extend this limit to 400 days.

  8. Select the desired scopes.

    • Please select at least api, read_repository an read_api scopes for the token.

  9. Select Create personal access token.

Save the personal access token somewhere safe. After you leave the page, you no longer have access to the token.

Issuing a Classic Personal Access Token
Issuing a Project Access Token
  1. On the left sidebar, select Search or go to and find your project.

  2. Select Settings > Access tokens.

  3. Follow steps 3 to 9 in the Issuing Personal Access Token.

Issuing a Classic Personal Access Token
Issuing a Group Access Token
  1. On the left sidebar, select Search or go to and find your group.

  2. Select Settings > Access tokens.

  3. Follow steps 3 to 9 in the Issuing Personal Access Token.

Bitbucket

The Access Tokens allow P0 to access the repositories in your account or organisation that we will run the scan on. As the P0 process is running in your cloud, no code leaves your premises and you can set policies around egress to ensure this. There are three types of Access Token available for Bitbucket Cloud:

  1. Repository Access Tokens — Provides access to a single repository with the permissions specified at the time of creation.

  2. Project Access Tokens (Premium feature) — Provides access to a single project and the repositories in it. The access permissions (or scopes) are specified at the time of creation.

  3. Workspace Access Tokens (Premium feature) — Provides access to a single workspace and the repositories and projects in it. The access permissions (or scopes) are specified at the time of creation. Workspace Access Tokens can be used for accessing the repositories in a single workspace.

Issuing a Repository Access Token
  1. At bitbucket.org or at your on-prem deployment’s url, navigate to the target repository for the Access Token. This repository is the only one that the Repository Access Token can access.

  2. On the sidebar, select Repository Settings.

  3. On the sidebar, under Security, select Access tokens.

  4. Select Create Repository Access Token.

  5. Give the Repository Access Token a name, usually related to the app or task that will use the token.

  6. Select at least the permission Repo: read for it to work with p0. For detailed descriptions of each permission, see Repository Access Token permissions.

  7. Select the Create button. The page will display the Repository Access Token created dialog.

  8. Copy the generated token and either record or paste it into the app that requires access.

The token is only displayed once and can't be retrieved later. Rather than recovering or reusing a Repository Access Token, create a new token and consider revoking the old token.

Issuing a Classic Personal Access Token
Issuing a Project Access Token
  1. At bitbucket.org or at your on-prem deployment’s url, navigate to the target project for the Access Token. This project is the only one that the Project Access Token can access.

  2. On the sidebar, select Project settings.

  3. On the sidebar, under Security, select Access tokens.

  4. Select Create Project Access Token.

  5. Follow steps 5 to 9 from Issuing a Repository Access Token

Issuing a Classic Personal Access Token
Issuing a Workspace Access Token
  1. At bitbucket.org or at your on-prem deployment’s url, navigate to the target project for the Access Token. This project is the only one that the Project Access Token can access.

  2. On the sidebar, select Settings.

  3. On the sidebar, under Security, select Access tokens.

  4. Select Create Workspace Access Token.

  5. Follow steps 5 to 9 from Issuing a Repository Access Token

Contact us

If you are facing any trouble setting up your on-prem application, reach out to us at contact[at]p0[dot]inc

Contact us

If you are facing any trouble setting up your on-prem application, reach out to us at contact[at]p0[dot]inc

Contact us

If you are facing any trouble setting up your on-prem application, reach out to us at contact[at]p0[dot]inc

© 2024 p

0

. All rights reserved.

© 2024 p

0

. All rights reserved.

© 2024 p

0

. All rights reserved.