# GitHub Enterprise Servers

{% hint style="info" %}
**GHES support is disabled by default. Customers need to** [**contact us**](https://www.stepsecurity.io/contact) **to have it enabled for their tenant**
{% endhint %}

The GitHub Enterprise Servers page enables administrators to connect, configure, and manage multiple GitHub Enterprise Server (GHES) instances within their organization. 

## GitHub Enterprise Server Deployment Instructions

### **Step 1: Choose a Connectivity Model**

To allow StepSecurity to access your GHES instance, select one of the following connectivity options:

#### **Option 1: Allowlisting StepSecurity Outbound IPs**

* If your GHES instance is internet-routable and does not restrict inbound traffic, no additional configuration is required.
* If your GHES instance does have ingress IP restrictions, you can allowlist StepSecurity’s fixed outbound IP addresses:

```
44.238.197.212
44.233.243.208
```

#### **Option 2: StepSecurity Broker**

* If your GHES instance resides in an air-gapped or internal-only environment, use the StepSecurity Broker.
* The Broker is provided as a Kubernetes Helm chart that runs as a pod in your environment, enabling secure, outbound-only communication with the StepSecurity platform.

| Your Setup                                       | Recommended Option                    |
| ------------------------------------------------ | ------------------------------------- |
| GHES is internet-accessible with no restrictions | Option 1                              |
| GHES is internet-accessible with IP allowlist    | Option 1 (allowlist StepSecurity IPs) |
| GHES is air-gapped or internal only              | Option 2                              |

{% hint style="info" %}
**Complete this section only if you selected Option 2**
{% endhint %}

**StepSecurity Broker Deployment (Optional)**

The StepSecurity Broker enables the StepSecurity platform to make GitHub API calls on private GHES endpoints.

1. **Select a Kubernetes Cluster**

* Choose a cluster where the Broker resources will be created.
* Ensure the cluster can:
  * Successfully make API calls to your GHES endpoint, and
  * Reach the StepSecurity platform over the internet.

2. **Deploy the Helm Chart**

* The Helm deployment instructions are available in your StepSecurity tenant dashboard.
* Go to Resources → GitHub Servers → Broker → Add Broker.
* Deploy the provided Helm chart on your selected Kubernetes cluster.

<figure><img src="https://754495266-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQJRZY4cfEeY3I7DXTOCp%2Fuploads%2FQCYuNhoiqghgZg5VPgMa%2Fluckk.avif?alt=media&#x26;token=61109a9d-4689-4b92-b9ee-7a515a2be754" alt=""><figcaption></figcaption></figure>

3. **Verify the Deployment**

* The deployment typically completes within one minute.
* Run the following command to confirm the status:

```
kubectl get pods -n [namespace]
```

* Once deployed, the active Broker instance will appear under Resources → GitHub Servers → Brokers.

<figure><img src="https://754495266-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQJRZY4cfEeY3I7DXTOCp%2Fuploads%2F33uW352rNNXu6Jdijqh4%2FA%20screenshot%20of%20a%20computer%20%20AI-generated%20content%20may%20be%20incorrect.?alt=media&#x26;token=c5cb1b2b-0cf3-4ecd-bef8-3cfedb31abef" alt=""><figcaption></figcaption></figure>

### Step 2: Onboard StepSecurity on Your GHES Instance

* Go to Resources → GitHub Servers → Add GitHub Server in your StepSecurity tenant portal.
* Provide the required GHES details.
* If using the StepSecurity Broker, check **Use Broker** and enter the Broker label you configured earlier.

  If not, leave the option unchecked.

<figure><img src="https://754495266-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQJRZY4cfEeY3I7DXTOCp%2Fuploads%2FiRLKF79XQzLpmnrqyWUV%2FA%20screenshot%20of%20a%20computer%20%20AI-generated%20content%20may%20be%20incorrect.?alt=media&#x26;token=a1aa11ec-502a-4b67-8949-26cb524885ff" alt=""><figcaption></figcaption></figure>

* Click Add Server.
* You’ll be redirected to your GHES instance to complete the GitHub App manifest installation.

<figure><img src="https://754495266-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQJRZY4cfEeY3I7DXTOCp%2Fuploads%2FyEhbUqsfQO6UsO5qciam%2FA%20screenshot%20of%20a%20computer%20%20AI-generated%20content%20may%20be%20incorrect.?alt=media&#x26;token=09254c1a-09d6-4690-91d7-abef107f7e0c" alt=""><figcaption></figcaption></figure>

Once the StepSecurity GitHub App is successfully created on your GHES instance, you’ll be redirected back to your StepSecurity tenant portal.

#### Step 3: Install the StepSecurity GitHub App on Organizations

* After the App manifest is deployed, click Visit App in your StepSecurity portal.

<figure><img src="https://754495266-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQJRZY4cfEeY3I7DXTOCp%2Fuploads%2FK27ytoKiHjF3Fn723Jap%2FA%20screenshot%20of%20a%20computer%20%20AI-generated%20content%20may%20be%20incorrect.?alt=media&#x26;token=3986151f-2de0-40fb-ade3-ae3ad0f06929" alt=""><figcaption></figcaption></figure>

* This will take you to the GitHub App page in your GHES. Click on Install / Configure.

<figure><img src="https://754495266-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQJRZY4cfEeY3I7DXTOCp%2Fuploads%2F7fA9D1KKiV3vNR17FFGR%2FA%20screenshot%20of%20a%20computer%20%20AI-generated%20content%20may%20be%20incorrect.?alt=media&#x26;token=72f5e19f-727f-4603-a703-e80b203a2eee" alt=""><figcaption></figcaption></figure>

* Select the GitHub organization where you want to install the StepSecurity App.

<figure><img src="https://754495266-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQJRZY4cfEeY3I7DXTOCp%2Fuploads%2FFJbAWXdjZJL1EU4NBMJz%2FA%20screenshot%20of%20a%20computer%20%20AI-generated%20content%20may%20be%20incorrect.?alt=media&#x26;token=bc367425-5b1a-4a6c-9788-4698e07e92cb" alt=""><figcaption></figcaption></figure>

* Repeat this process for each additional organization as needed.

#### Step 4: Access the StepSecurity Dashboard

Once the StepSecurity GitHub App is installed:

* Go to Resources → GitHub Servers → Servers.
* Click the organization link under the Organization column to open its dashboard.

<figure><img src="https://754495266-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQJRZY4cfEeY3I7DXTOCp%2Fuploads%2Foz4UwV6FEe9JEAw7lB7s%2FA%20screenshot%20of%20a%20computer%20%20AI-generated%20content%20may%20be%20incorrect.?alt=media&#x26;token=27c09d35-2208-442e-9882-69b86ae0ddf3" alt=""><figcaption></figcaption></figure>

* It may take up to 5 minutes for the organization to appear in the dashboard after initial installation.

<figure><img src="https://754495266-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FQJRZY4cfEeY3I7DXTOCp%2Fuploads%2F65yAadkg6tgbVE188d2H%2FA%20screenshot%20of%20a%20computer%20%20AI-generated%20content%20may%20be%20incorrect.?alt=media&#x26;token=c2fd3d6d-2f47-49dc-a280-977a9661ea8a" alt=""><figcaption></figcaption></figure>

#### Need Help?

If you encounter any issues during setup or deployment, contact your StepSecurity representative for assistance.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.stepsecurity.io/admin-console/resources/github-enterprise-servers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.