Skip to content

GitHub

Use the AQtive Guard (AQG) AI-SPM GitHub integration to scan your GitHub repositories and ingest AI asset data to help you discover and secure hidden AI assets and usage across your organization.

Before you begin

Navigate to Data sources in the AQG main menu, then select the GitHub tile. Locate the following values:

  • aqg_instance - URL of your AQtive Guard instance.
  • aqg_client_id - Client ID for authentication.
  • aqg_client_secret - Authentication token to connect to AQtive Guard.

Tip

Extract the values for client_id and client_secret from the AQG token provided. The values follow each colon, not including the surrounding quotation marks.

GitHub integration deployment

Follow these steps to deploy the GitHub integration.

  1. Visit this page to install the AQG AI-SPM GitHub Action.
  2. Use the previously obtained values to configure the GitHub Action in your workflow.
  3. View your findings in the AQtive Guard AI-SPM Inventory and Issues tables.

Tip

We strongly recommend using GitHub secrets for aqg_client_id and aqg_client_secret. If you plan to use this GitHub Action across multiple repositories, define these secrets at the Organization level. Refer to Using secrets in GitHub Actions for details.

Data handling and privacy

AQG is committed to transparent data handling. When using the AI-SPM GitHub action, we retain a small code snippet surrounding each identified vulnerability to help you locate and resolve the issue faster. For full details on data retention and privacy measures, refer to How we manage your data.