Overview

The NCM integration with GitHub (Gates/Deployment protection rules) provides users with a tool to ensure the quality and security of their dependencies. This integration catches issues early in the development process, reducing the risk of security vulnerabilities. This integration aims to configure NCM and its integration with GitHub through a new UI section in the accounts portal. This allows users to configure their repositories and check NCM's analysis of pull requests or deployments.

Configuration

Using the NCM GitHub application requires a NodeSource account, is possible to sign up for free here.

After installing the application, users would need to configure the application on the desired repositories to track the pull request and set the rules for deployments directly on GitHub.

NCM Operations

In the accounts portal, users can view the results of NCM's analysis for each action (Pull Request or Deployment) in their repositories. This section provides a summary of the analysis and a more detailed report.

To see the detailed report, click on "View Details" This will redirect users to the page where users can view the detailed report.

Deployment Approval

NCM validates every deployment flow configured in GitHub and approves or rejects it according to NCM's configured rules. If the deployment is rejected, NCM will provide a detailed report explaining the reasons for the rejection. Webhook events from GitHub will trigger NCM and analyze the deployment based on the configured rules for NCM.

NCM Pull Request Checks

NCM checks each pull request created in a repository with the NCM GitHub App installed. NCM will attach a report marking the pull request status green or red based on the issues found. The report will provide recommendations on how to fix them.

Security

The NCM App will have only read access to the repositories where it is installed and only read access to the pull requests and deployments in those repositories. This ensures it cannot access sensitive data or make unauthorized changes.