Syncier Security Tower is a GitHub app that you grant access to certain repositories when installing it from the GitHub Marketplace. No other repositories can be read by Syncier Security Tower even if the current user has access to more repositories of the organization the app was installed to.
At first login, you must authorize Syncier Security Tower from a user perspective. We ask you to grant the following permissions in order to be able to use the app:
In order to login with your GitHub account we must know who you are.
The Syncier Security Tower app only works with repositories that it is installed to, and you have access to.
Syncier Security Tower will make changes in repositories and open up Pull Requests that are associated with your account.
You can check all permissions afterwards by visiting https://github.com/settings/applications.
First, you need to configure a cluster by adding a cluster configuration file in the
Also make sure, that the Syncier Security Tower GitHub App is installed in the repository where this file is located.
In case that a valid cluster configuration exists, then the GitHub account you use to access Syncier Security Tower could be lacking read permissions to this repository. The access of Syncier Security Tower users is limited to what they can see on GitHub.
Another reason could be, that the cluster is located in a different GitHub organization. To switch your active organization, use the drop-down menu at the upper right corner of the application.
When scanning for images in Kubernetes manifests, Syncier Security Tower only looks into directories which have been configured previously. Refer to the application configuration to see how to configure an application.
If you have added Risk Acceptances or allowed images via an annotation to a namespace, Syncier Security Tower must be able to find the namespace definitions in the GitOps repository. Make sure to add the location(s) of the namespace definitions to your cluster configuration.
Syncier Security Tower is a GitHub App that uses authentication and authorization of GitHub. A user sees exactly the same repositories that the user can access directly via Git or the GitHub website. However, these permissions are limited by the list of repositories Syncier Security Tower was granted access while installing the GitHub App in the organization or user account.
The template repository https://github.com/securitytower/cluster-template is an example for a single cluster repository. It contains best practices and some handy conventions we can recommend. You find them described in detail in its README.md.
Please have a look at our getting started guide to learn how to set up a own cluster repository that works well with Syncier Security Tower out of the box.