GitHub: Aggregate Org Repositories and Correlate to Users

Hello IDN Community,

Looking for some help or guidance from the community for V3 Rest API GET calls with SailPoint > GitHub.

The Issue:

We are trying to enhance our GitHub User Review process, we want to run GET calls to pull the Org repositories users have access to (and if possible, their level of access within each repository).

We are running into the issue where we can either get a list of Org repo’s (but no user information) OR only public repo’s a user has access to (not private org repos)

Current State:

For context, we don’t use automation tools, we purely just run read-only GET calls for the purpose of user access reviews.

We are only able to run GET calls to obtain Org users membership (Member or Admin).

Discussion:

We have been working with SailPoint expert services to try and figure out a workaround via: GitHub REST API - GitHub Docs but have had no luck. What we are trying to do might not be possible due to the nature of how GitHub provisions access. Anyone with advice/guidance on this topic would be greatly appreciated.

Thank you,
Sean

Hi Sean,

Have you given the GitHub GraphQL APIs a try? I’ve done something similar on IdentityIQ before and recall the inflexibility with REST APIs there. A lot of my problems were solved with a switch to GraphQL, and there’s a way you can work with them through before and after operation rules. It will be slightly more customized than a straight-forward REST API approach, but try and play around with GraphQL to see if the response has everything you need. The key would be in getting your search query right.

Thank you Sushant, haven’t gone down the GraphQL API path yet - appreciate your input. Will dig around and see if we can achieve our goals via this method.

Cheers