In order to use CFA for one of your repositories you have to add it as a "project" in CFA. You can do this with the "Add Project" button in the top right of the dashboard. In order to add your repository to CFA you need have admin access to the repository on GitHub. If you don't have this access you should reach out to someone who does

Once you have added a project to CFA you should be able to configure whichever Requester and Responder you want to use. Check out those documentation pages for more information on what those are and how they work.

Audit Log

For each project you set up in CFA there will be a log of each incoming OTP request, whether it was responded to, and who responded to it each time along with appropriate timestamps for each event. In the unfortunate scenario where your CI environment is compromised this will help you quickly determine if you gave the compromised environment an OTP at any point.

Renaming a project

If you rename your repository on GitHub it is possible that CFA could get confused about incoming requests. We recommend that once you rename your repository on GitHub you head over to CFA and use the "Add Project" button to re-add the repository to CFA. This will simply cause the existing project to be aware of the new repository name, your existing configuration will not be affected.

Deleting a project

If you delete a project all information related to that is deleted and the project is marked as "de-activated" meaning all incoming OTP requests will be rejected. If you ever want to re-add that project you can do so but you will need to set up your Requester and Responder configuration again.

Last updated