Connections

Faros authenticates to sources using Connections. Connections can be created when creating a source, or from the Connections page. The page allows you to manage all of your existing connections and see when they were last modified. If a connection is edited, all sources using it to authenticate will pick up the changes. Similarly, if you choose to delete a connection all sources using it will stop pulling data. It is also possible to create different connections for a given scope with different permissions.

35083508

To create a new connection, first provide a unique name and source type.

928928

Depending on the source you are connecting, additional fields will appear. Certain sources require a specific set of permissions before Faros can authenticate to them. To find out if certain permissions are required, hover over the help icon next to the API key or token input. For some of these connections, Faros will check if your tokens are correctly scoped. You can skip these checks by toggling the validation functionality off.

19241924

Once you have created a connection, all future sources can use it to authenticate.

API token requirements

Faros uses API tokens to periodically pull metadata; define token expiration according to your company policy and automation.

Source

Token requirements

GitHub

Provide GitHub API token with read permissions: repo, read:org, read:user

GitHub Enterprise

Provide GitHub API token with read permissions: repo, read:packages, read:org, read:discussion, read:user, user:email, read:enterprise

GitLab, GitLab CE/EE

Provide GitLab personal access token token with read permissions: read_api

Bitbucket

VCS: Provide Bitbucket "App Password" with read permissions: Pull Requests : read, Issues: read, Workspace membership :read, Projects: read, Repositories: read

CICD: Provide Bitbucket "App Password" with read permissions: Pipelines: read, Repositories, read

Buildkite

Provide Buildkite API access token with the following read permissions: Organization Access, Read Organizations, Read Pipelines, Read Builds, GraphQL API Access

CodeDeploy

Provide valid AWS credentials with the following permissions: codedeploy:ListDeployments, codedeploy:BatchGetDeployments

Docker Registry

Provide a docker token with the scope read_api

Sentry

Provide a Sentry token with scope org:read, project:read.

Jira Cloud, Jira Server/DC

The integration user needs application access to Jira, the 'Browse Users' global permission, and the 'Browse Project' and 'View Development Tools' permissions for each project

PagerDuty

Create a Read Only API key by navigating to https://.pagerduty.com/api_keys (instructions)

ServiceNow

Integration user should have the roles: sn_incident_read, cmdb_query_builder_read (details on roles)

Opsgenie

Create an API key with "Read" and "Configuration access" rights. See the documentation

BambooHR

Create an API key with a user that has an access level with 'View Only' permissions for the following fields on all employees: Basic Info -> First Name, Last Name; Address -> all fields; Contact -> Work Email; Hire Date; Job Information -> Job Title, Reporting to, Department

Phabricator

Create a Conduit API token with either a bot user or a regular user with visibility into the desired projects and repositories.

SonarCloud

Create an API key with a user that has 'Browse' permissions for each project. See the documentation

other connections

Please reach out to [email protected] with questions.


Did this page help you?