GitHub provides the tools for security.
CloudSploit helps you use them correctly.

Detect Risks Across GitHub Repos and Organizations

GitHub repositories are the holy grail of your organization's sensitive data. CloudSploit helps audit your GitHub accounts and repositories to ensure compliance with best practices and monitors for suspicious activity.

  • Repository Permissions and Settings
  • User Access Controls and Login Policies
  • Source Code Visibility
  • + much more ...
Get Started

Generate Comprehensive GitHub Security Reports

CloudSploit's security reports highlight security misconfigurations and potential threats in your GitHub accounts, along with detailed remediation steps and links to official GitHub documentation.

Get Started

How It Works

  • 1
    Install our GitHub application
    The CloudSploit GitHub application enables access to your GitHub configuration.
  • 2
    Give the role read-only permissions
    CloudSploit never requires write access to your account. Simply use the built-in GitHub read-only policies.
  • 3
    Connect the account to CloudSploit
    It only takes 1-2 minutes to connect your GitHub account to CloudSploit and begin scanning.
  • 4
    Begin scanning
    You can initiate on-demand scans immediately or enable continuous, background scanning.

Frequently Asked Questions

Our support team can answer any other questions that our help page can't.
What GitHub services are supported?

CloudSploit supports auditing repositories, users, organizations, and activity on both GitHub and GitHub enterprise (assuming the API is publicly accessible).

What kinds of configurations are checked?

CloudSploit looks for security-related configurations including user access control, repository configuration, SSH and deploy key settings, and much more.

Can I write custom checks?

Yes. CloudSploit supports custom plugins, enabling you to create your own checks. All checks use the GitHub API, so your options are nearly limitless.

Can I limit what GitHub services are scanned?

Yes. You can suppress any test or resource, allowing you to customize the results in your reports.

How much do GitHub account connections cost?

During the beta period, all GitHub connections to CloudSploit are free. After the beta, standard pricing per-organization will apply.

Is CloudSploit's connection to GitHub secure?

Yes. CloudSploit uses a GitHub token with read-only access which provides secure access to your GitHub resource metadata.

Ready to test your security?

Get Started Now