Integrating Invicti Enterprise with GitHub
GitHub is a web-based hosting service for version control. GitHub is mostly used for code, but it has an issue tracking feature with labels, milestones, assignees, and a search engine. Every issue is referenced in a card, which can then be dropped into a repository, used to track the progress of the bug, discuss fixes, and assign relevant tasks to team members.
This article explains how to configure Invicti Enterprise to send a detected vulnerability to GitHub.
How to integrate Invicti Enterprise with GitHub
- Log in to Invicti Enterprise.
- Select Integrations > New Integration from the left-side menu.
- Select GitHub from the Issue Tracking Systems section.
- Enter a Name for the integration. This is the name of the configuration that will be shown in menus.
- In the Mandatory section, complete the connection details:
- Server URL: Enter the GitHub server's project URL. The SSL certificate of the URL must be verified.
- Repository: Enter the GiHub repository name that includes the issue.
- Username: Enter the GitHub username of the user.
- Access Token: Enter the personalized access token of the user that is used for authorization.
- Title Format: Enter the string to use for the format of the vulnerability title.
- In the Optional section, complete as required:
- Labels: These are the issue labels. Separate labels with a comma (,).
- Assignee: This is the user to whom issues will be assigned.
- Organization: This is the organization name in GitHub. All issues will be sent to that organization's repository.
- Click Create Sample Issue to confirm that Invicti Enterprise can connect to the configured system.
- A confirmation message is displayed to confirm that the sample issue has been successfully created.
- In the confirmation message, select the issue number link to open the issue in your default browser.
- Click Save to save the integration.
Invicti Enterprise is now successfully integrated with GitHub and you are now able to send detected vulnerabilities from Invicti Enterprise to GitHub.
How to export reported vulnerabilities to projects in GitHub
There are several ways to send detected issues from Invicti Enterprise to GitHub:
- Once notifications have been configured, you can configure Invicti Enterprise to automatically send vulnerabilities after scanning has been completed.
- For more information, refer to How to configure a notification to report vulnerabilities to an issue tracking system.
- You can send one or more issues from the Issues page by following the steps below:
- Select Issues > All Issues from the left-side menu.
- On the Issues page, select one or more issues you want to send.
- Click Send To > GitHub.
- You can send an issue from the Recent Scans page by following the steps below:
- Select Scans > Recent Scans from the left-side menu.
- Locate the relevant scan and click Report on the right-hand side.
- Scroll down to the Technical Report section.
- On the Issues tab, select an issue to display its details.
- In the issue details, click Send To > GitHub.
If you have previously submitted this vulnerability to GitHub, it will already be accessible. You cannot submit the same issue twice.