Integrations

GitHub Enterprise Server

GitHub Enterprise Server Integration

Pensar Console supports integration with self-hosted GitHub Enterprise Server instances, allowing you to scan and secure repositories hosted on your own infrastructure.

Prerequisites

Before configuring the GitHub Enterprise Server integration, you’ll need:

  1. Administrator access to your GitHub Enterprise Server instance
  2. A GitHub App created on your Enterprise Server
  3. The following credentials from your GitHub App:
    • App ID
    • Client ID
    • Client Secret
    • Private Key (PEM format)

Creating a GitHub App

To create a GitHub App on your GitHub Enterprise Server:

  1. Navigate to your GitHub Enterprise Server’s settings

  2. Go to Developer SettingsGitHub AppsNew GitHub App

  3. Fill in the Basic information:

    • GitHub App name: Pensar (or your preferred name)
    • Homepage URL: https://console.pensar.dev

  4. Configure Post installation settings:

    • Setup URL: https://console.pensar.dev/integrations/github/enterprise/redirect
    • ✅ Check Redirect on update - This ensures users are redirected when the installation is modified

The Setup URL uses the dedicated Enterprise redirect endpoint to ensure the installation is correctly saved to your Enterprise Server configuration.

  1. Configure Webhook (optional):

    • Uncheck Active if you don’t need webhooks, or
    • Set Webhook URL to your preferred endpoint if you want to receive events

  2. Set the following Repository permissions:

    • Contents: Read & Write
    • Pull requests: Read & Write
    • Checks: Read & Write
    • Actions: Read & Write

  3. Under Where can this GitHub App be installed?, select the appropriate option for your organization

  4. Click Create GitHub App

  5. After creation, note down these values from the app settings page:

    • App ID - displayed at the top of the page
    • Client ID - displayed below the App ID
    • Click Generate a new client secret and save it securely
    • Scroll to Private keys and click Generate a private key - download the PEM file

Configuring in Pensar Console

  1. Navigate to SettingsIntegrations in your Pensar Console workspace

  2. Expand the GitHub section

  3. Scroll down to GitHub Enterprise Server

  4. Enter your configuration:

    • Server Hostname: Your GitHub Enterprise Server hostname (e.g., github.yourcompany.com)
    • App ID: The App ID from your GitHub App
    • Client ID: The Client ID from your GitHub App
    • Client Secret: The Client Secret you generated
    • Private Key: Paste the contents of the PEM file

  5. Click Save Configuration

The Client Secret and Private Key are encrypted before being stored and are never exposed in plain text.

Installing the App

After configuring the integration, you need to install the GitHub App on your organization or repositories:

  1. Navigate to IntegrationsGitHub in Pensar Console (or click the link from Settings)
  2. Select the Enterprise Server tab
  3. Click Install Enterprise App
  4. A popup will open to the Pensar app installation page on your Enterprise Server
  5. Select the organization or user account where you want to install the app
  6. Choose to install on all repositories or select specific ones
  7. Click Install
  8. You’ll be automatically redirected back to Pensar Console and the installation will be saved

The installation process uses the same flow as GitHub Cloud. Make sure your GitHub App’s Setup URL is set to https://console.pensar.dev/integrations/github/enterprise/redirect and Redirect on update is enabled.

Adding Repositories

After the app is installed:

  1. Go to ProjectsNew Project in Pensar Console
  2. Your GitHub Enterprise Server repositories will appear in the repository list
  3. Select a repository and configure your project settings
  4. Start scanning!

Troubleshooting

Connection Issues

If you’re experiencing connection issues:

  1. Verify your GitHub Enterprise Server is accessible from the internet (or configure appropriate network access)
  2. Ensure the hostname is correct and doesn’t include https://
  3. Check that your GitHub App credentials are correct

Permission Errors

If you see permission errors when scanning:

  1. Verify the GitHub App has the required permissions listed above
  2. Ensure the app is installed on the repository you’re trying to scan
  3. Check that the installation hasn’t been suspended

Certificate Issues

If you’re using a self-signed certificate:

Contact Pensar support to discuss options for connecting to GitHub Enterprise Servers with custom certificates.

Security Considerations

  • All sensitive credentials (Private Key, Client Secret) are encrypted using AES-256-GCM before storage
  • Communication with your GitHub Enterprise Server uses HTTPS
  • Access tokens are short-lived and refreshed automatically

Need Help?

If you encounter issues setting up your GitHub Enterprise Server integration, please contact our support team at team@pensarai.com.