feat(docs): add getting-started page (#8275)

Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>

docs/tutorials/github/getting-started-github.md

@@ -0,0 +1,209 @@
+# Getting Started with GitHub Authentication
+
+This guide explains how to set up authentication with GitHub for Prowler. The documentation covers credential retrieval processes for each supported authentication method.
+
+## Prerequisites
+
+- GitHub account
+- Token creation permissions (organization-level access requires admin permissions)
+
+## Authentication Methods
+
+### 1. Personal Access Token (PAT)
+
+Personal Access Tokens provide the simplest GitHub authentication method and support individual user authentication or testing scenarios.
+
+#### How to Create a Personal Access Token
+
+1. **Navigate to GitHub Settings**
+    - Open [GitHub](https://github.com) and sign in
+    - Click the profile picture in the top right corner
+    - Select "Settings" from the dropdown menu
+
+2. **Access Developer Settings**
+    - Scroll down the left sidebar
+    - Click "Developer settings"
+
+3. **Generate New Token**
+    - Click "Personal access tokens"
+    - Select "Tokens (classic)"
+    - Click "Generate new token"
+
+4. **Configure Token Permissions**
+    To enable Prowler functionality, configure the following scopes:
+    - `repo`: Full control of private repositories
+    - `read:org`: Read organization and team membership
+    - `read:user`: Read user profile data
+    - `read:discussion`: Read discussions
+    - `read:enterprise`: Read enterprise data (if applicable)
+
+5. **Copy and Store the Token**
+    - Copy the generated token immediately (GitHub displays tokens only once)
+    - Store tokens securely using environment variables
+
+#### How to Use Personal Access Tokens
+
+Choose one of the following methods:
+
+**Command-line flag:**
+
+```console
+prowler github --personal-access-token your_token_here
+```
+
+**Environment variable:**
+
+```console
+export GITHUB_PERSONAL_ACCESS_TOKEN="your_token_here"
+prowler github
+```
+
+### 2. OAuth App Token
+
+OAuth Apps enable applications to act on behalf of users with explicit consent.
+
+#### How to Create an OAuth App
+
+1. **Navigate to Developer Settings**
+    - Open GitHub Settings → Developer settings
+    - Click "OAuth Apps"
+
+2. **Register New Application**
+    - Click "New OAuth App"
+    - Complete the required fields:
+        - **Application name**: Descriptive application name
+        - **Homepage URL**: Application homepage
+        - **Authorization callback URL**: User redirection URL after authorization
+
+3. **Obtain Authorization Code**
+    - Request authorization code (replace `{app_id}` with the application ID):
+   ```
+   https://github.com/login/oauth/authorize?client_id={app_id}
+   ```
+
+4. **Exchange Code for Token**
+    - Exchange authorization code for access token (replace `{app_id}`, `{secret}`, and `{code}`):
+   ```
+   https://github.com/login/oauth/access_token?code={code}&client_id={app_id}&client_secret={secret}
+   ```
+
+#### How to Use OAuth Tokens
+
+Choose one of the following methods:
+
+**Command-line flag:**
+
+```console
+prowler github --oauth-app-token your_oauth_token
+```
+
+**Environment variable:**
+
+```console
+export GITHUB_OAUTH_APP_TOKEN="your_oauth_token"
+prowler github
+```
+
+### 3. GitHub App Credentials
+
+GitHub Apps provide the recommended integration method for accessing multiple repositories or organizations.
+
+#### How to Create a GitHub App
+
+1. **Navigate to Developer Settings**
+    - Open GitHub Settings → Developer settings
+    - Click "GitHub Apps"
+
+2. **Create New GitHub App**
+    - Click "New GitHub App"
+    - Complete the required fields:
+        - **GitHub App name**: Unique application name
+        - **Homepage URL**: Application homepage
+        - **Webhook URL**: Webhook payload URL (optional)
+        - **Permissions**: Application permission requirements
+
+3. **Configure Permissions**
+    To enable Prowler functionality, configure these permissions:
+    - **Repository permissions**:
+        - Contents (Read)
+        - Metadata (Read)
+        - Pull requests (Read)
+    - **Organization permissions**:
+        - Members (Read)
+        - Administration (Read)
+    - **Account permissions**:
+        - Email addresses (Read)
+
+4. **Generate Private Key**
+    - Scroll to the "Private keys" section after app creation
+    - Click "Generate a private key"
+    - Download the `.pem` file and store securely
+
+5. **Record App ID**
+    - Locate the App ID at the top of the GitHub App settings page
+
+#### How to Install the GitHub App
+
+1. **Install Application**
+    - Navigate to GitHub App settings
+    - Click "Install App" in the left sidebar
+    - Select the target account/organization
+    - Choose specific repositories or select "All repositories"
+
+#### How to Use GitHub App Credentials
+
+Choose one of the following methods:
+
+**Command-line flags:**
+
+```console
+prowler github --github-app-id your_app_id --github-app-key /path/to/private-key.pem
+```
+
+**Environment variables:**
+
+```console
+export GITHUB_APP_ID="your_app_id"
+export GITHUB_APP_KEY="private-key-content"
+prowler github
+```
+
+## Best Practices
+
+### Security Considerations
+
+Implement the following security measures:
+
+- **Secure Credential Storage**: Store credentials using environment variables instead of hardcoding tokens
+- **Secrets Management**: Use dedicated secrets management systems in production environments
+- **Regular Token Rotation**: Rotate tokens and keys regularly
+- **Least Privilege Principle**: Grant only minimum required permissions
+- **Permission Auditing**: Review and audit permissions regularly
+- **Token Expiration**: Set appropriate expiration times for tokens
+- **Usage Monitoring**: Monitor token usage and revoke unused tokens
+
+### Authentication Method Selection
+
+Choose the appropriate method based on use case:
+
+- **Personal Access Token**: Individual use, testing, or simple automation
+- **OAuth App Token**: Applications requiring user consent and delegation
+- **GitHub App**: Production integrations, especially for organizations
+
+## Troubleshooting Common Issues
+
+### Insufficient Permissions
+- Verify token/app has necessary scopes/permissions
+- Check organization restrictions on third-party applications
+
+### Token Expiration
+- Confirm token has not expired
+- Verify fine-grained tokens have correct resource access
+
+### Rate Limiting
+- GitHub implements API call rate limits
+- Consider GitHub Apps for higher rate limits
+
+### Organization Settings
+- Some organizations restrict third-party applications
+- Contact organization administrator if access is denied