We should add the ability to authenticate with the Github API via Github Application authentication to pull from private repos. The current process of using a PAT works but is not ideal for security teams.
This should add the following values to the config for authentication with corresponding environment variables:
Github App ID
Github App Installation ID
Github App Private Key - ideally this would be the private key string itself and not the file as that plays better with secret storage solutions
(Optional) Github App Private Key File - we could also offer the ability to use a key file instead of the key string but not necessary for this implementation
Describe the use case of this feature:
Using a PAT to authenticate with the Github API works well for single users but when using nuclei for a team – especially in an automation pipeline – the preferred way is to create a Github App and use it for authentication. This removes the complexity and degraded security of having to manage a "service account" user with it's own login credentials and PAT.
Please describe your feature request:
We should add the ability to authenticate with the Github API via Github Application authentication to pull from private repos. The current process of using a PAT works but is not ideal for security teams.
This should add the following values to the config for authentication with corresponding environment variables:
Describe the use case of this feature:
Using a PAT to authenticate with the Github API works well for single users but when using nuclei for a team – especially in an automation pipeline – the preferred way is to create a Github App and use it for authentication. This removes the complexity and degraded security of having to manage a "service account" user with it's own login credentials and PAT.