> For the complete documentation index, see [llms.txt](https://knowledgebase.autorabit.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://knowledgebase.autorabit.com/product-guides/codescan/getting-started/using-codescan/adding-projects-to-codescan/add-a-project-to-codescan-from-github-enterprise.md). # Add a Project to CodeScan from GitHub Enterprise CodeScan supports the GitHub App authentication flow across all supported GitHub editions. This article covers the supported editions, the end-to-end authentication flow, and known limitations. ## Supported GitHub Editions


GitHub Edition	Should GitHub App be created manually?	Authentication Flow	Guide
GitHub.com (Free / Pro / Team)	No	GitHub App authorization and installation are managed by CodeScan.	Follow these steps
GitHub.com (GitHub Enterprise Cloud) (GHEC)	No	GitHub App authorization and installation are managed by CodeScan.	Follow these steps
GitHub Enterprise Server (GHES) — Self-Hosted	Yes	User should create and configure the GitHub App; GitHub App details to be added in ALM Connections by a CodeScan Admin.	Follow these steps

{% hint style="info" %} "GitHub Enterprise Cloud" is the SaaS offering hosted by GitHub. "GitHub Enterprise Server" is the on-premises / self-hosted appliance. {% endhint %} ## GitHub Enterprise Cloud Flow ### Step-by-Step guide When attaching a GitHub repository to an analysis project for the first time: 1. Select GitHub as the source in CodeScan (Add Analysis Project → GitHub):

2. CodeScan will redirect the user back to GitHub. 3. On the "Authorize & Install CodeScan GitHub App" screen, pick the account or organization that owns the repository:

3. This authorizes and installs the CodeScan GitHub App on the chosen account or organization. 4. GitHub will redirect the user back to CodeScan. 5. Repositories from the selected account/organization are now available for analysis. {% hint style="info" %} Please make sure to choose the correct account or organization on the first install. {% endhint %} ### Organization Permission Behavior Based on the user's permissions, there are two possible scenarios. #### **Scenario 1: You're an Organization Owner/Admin** If the user attaching the analysis is a CodeScan Admin + GitHub Organization Owner (or has app-install rights enabled by the owner): * The GitHub App installation is approved instantly. * Authentication completes successfully. * Organization repositories become available in CodeScan immediately after authorization. #### **Scenario 2: You're an Organization Member (Non-Owner)** If the user attaching the analysis is an organization member and does not have permission to install GitHub Apps: 1. On the install screen, GitHub offers a Request option instead of Install. 2. The user submits the installation request. 3. GitHub sends an email notification to the Organization Owner(s). 4. The Organization Owner must approve the request from either email or manually via\ GitHub → Organization Settings → GitHub Apps → Pending requests. 5. After approval, the user should attempt to attach the project again. The authentication completes automatically then and the organization's repositories become available in CodeScan. {% hint style="info" %} Approval is required only once per organization. Once the CodeScan GitHub App is installed on an organization, subsequent users from that organization will not need any further approval; authentication is seamless for them. {% endhint %} #### Pending Approval / Rejected Scenarios If a user retries the GitHub authentication flow while their installation request is still awaiting approval (or has been rejected), the following message will be displayed:

This means that your installation request has already been submitted and is waiting for your organization's owner approval. Because you are a member of the organization (not an owner), the request was sent. To follow up, you can connect with the owner of your organization and ask them to approve it under **GitHub → Organization Settings → GitHub Apps → Pending requests**. Once approved, return to CodeScan and click **Add Analysis Project** again. You should be able to connect project successfully now. This message appears when: * The Organization Owner has not yet approved the pending request. * The user retries authentication before approval is granted. * The Organization Owner has rejected the installation request. ## GitHub Enterprise Server (Self-Hosted) Flow (GHES) For GitHub Enterprise Server (GHES), a GitHub App should be created on the GHES instance and connected to CodeScan via an ALM Connections. ### Step-by-Step guide Before attaching a project in CodeScan, you should: * Create a dedicated GitHub App on your GHES instance. * Configure the GitHub App with the required permissions, events, and callback URL 1. **Creating the GitHub App on GHES.** On your GHES instance, navigate to Settings → Developer settings → GitHub Apps → New GitHub App, and create the App with the permissions listed here: [GitHub Authentication using GitHub Apps (CodeScan) | AutoRABIT Knowledge Base](https://knowledgebase.autorabit.com/product-guides/codescan/getting-started/using-codescan/adding-projects-to-codescan/enterprise-git-connections/github-authentication-using-oauth-codescan) 2. **Add the ALM Connection in CodeScan.** Navigate to CodeScan → Administration → ALM Integrations → GitHub Enterprise Server → Add Connection, and paste in the App ID, Client ID, Client Secret from the GitHub App you created in Step 1, along with your GHES base URL. 3. **Authenticate and analyze repositories.** Users in your GHES organizations can now navigate to **Add Analysis Project** → **GitHub** and follow the same authentication flow described for GitHub Enterprise Cloud above. ## Known limitations ### Repository Visibility limitation {% hint style="info" %} This section can be skipped unless your organization has enabled the 'Allow repository admins to install GitHub Apps' setting. {% endhint %} For an organization member to attach a GitHub analysis project, they must have repository admin access on GitHub. This is a GitHub permission requirement. If your GitHub organization has enabled **Allow repository admins to install GitHub Apps** **for their repositories**, Repository admins can directly install the CodeScan GitHub App on the specific repositories they manage.

However, due to a GitHub limitation, repositories outside their administration are not visible during install and remain inaccessible until the Organization Owner explicitly grants access.

--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://knowledgebase.autorabit.com/product-guides/codescan/getting-started/using-codescan/adding-projects-to-codescan/add-a-project-to-codescan-from-github-enterprise.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.