Clone GitHub Repo

git clone https://github.com/slauth-io/self-hosted
# copy config file
cp config.example.env config.env

Create random secrets

Please replace all the secrets in the config file config.env with random strings.

Create GitHub App

The slauth.io GitHub app is needed so the application can access your repository contents for scanning.

Follow the steps below to create it:

  1. Go to the settings page of the organisation/account where you want to create the app

  2. On the left side menu, expand developer settings and then click on GitHub Apps

    Untitled

  3. To create a new App, click on “New GitHub App” at the top of the page

  4. In this app we only require a couple of settings to be a certain way, everything else is optional and can by customised by you (e.g. name, description)

    1. Required 1: Set the “Homepage URL” to https://<your.slauth.domain>/accounts

    2. Required 2: Add a “Callback URL” to http://<your.slauth.domain>/dashboard/integrations/github-confirm

    3. Required 3: Check the “Request user authorization (OAuth) during installation” checkbox

    4. Required 4: In the “Repository Permissions” tab, add “read-only” to “Contents” and “Metadata”

      Untitled

    5. On the last step of the GitHub App creation, you’ll be able to select wether you want the app to be:

      1. available across GitHub Accounts/Organisations ( select this if you want to install the app on separate Accounts/Organisations )
      2. available only for the Account that owns the app.

  5. Click “Create GitHub App” at the bottom

Post-Creation Setup

After you’ve created the GitHub app you will need to copy some information specific to the app that you just created. This is what enables your deployment of Slauth to use that GitHub App.

  1. Go to the settings page of the organisation/account where you created the app

  2. On the left side menu, expand developer settings and then click on GitHub Apps

    Untitled

  3. Click the “Edit” button for your Slauth App

    Untitled

  4. In the General tab:

    1. Copy your App ID and set it to the GITHUB_APP_ID environment variable of your Slauth deployment

    2. Copy your Client ID and set it to the GITHUB_CLIENT_ID environment variable of your Slauth deployment

      Untitled

    3. Click on “Generate a new client secret”. Once the secret is created, copy it and set it to the GITHUB_CLIENT_SECRET environment variable of your Slauth deployment

    4. Scroll to the bottom of the settings page, click on “Generate a private key”. GitHub will automatically download the private key for you.

      1. Rename the key to gh-app-pk.pem
      2. Move the key in a directory called dev-secrets at the root of where you have the docker compose files for Slauth. This will ensure the private key is copied to the running container and used for your deployment.

    5. Set GITHUB_INSTALL_URL to https://github.com/apps/<your-app-name>/installations/new

AWS Integration (optional)

In order for Slauth to read your currently deployed AWS IAM policies, it assumes a read-only role that is created during the AWS Account integration process.

To assume this role, you will need to set the following environment variables:

  • Access keys of the user who will assume the role to read your IAM policies and identities.
  • AWS Account ID of that user.

The AWS Account ID is only required to add a principal statement in the CloudFormation template. This statement allows only identities from that specific AWS account to assume the role on the AWS account you will be integrating with on Slauth. This feature enables you to integrate with different AWS Accounts on your Slauth deployment.

AWS_ACCESS_KEY_ID=change-this-to-your-aws-credentials
AWS_SECRET_ACCESS_KEY=change-this-to-your-aws-credentials
AWS_ACCOUNT_ID=change-this-to-your-aws-account-id
AWS_DEFAULT_REGION=change-this-to-your-region

Code Storage

Whenever you import a repository into Slauth, the code will be stored in a minio bucket in your container. Set the following variables to give a name to the bucket where you want the code to be stored (by default it is code-imports):

AWS_CODE_IMPORT_BUCKET=code-imports

Install

Run install this will make sure all the required files are in place and the docker containers are running.

bash install.sh

Slauth is up and running!

You can now access the dashboard at http://localhost. You need to create a new account to get started.

How it worksSupport