HOW HACKERONE AND GITHUB NOW WORK BETTER TOGETHER


Developers need to bring security into their workflows without pivoting to separate security tools to get vulnerability information. HackerOne has created an integration with GitHub to streamline the process of including more security in the Software Development Life Cycle (SDLC) by automatically syncing activities between the two products.

With the new GitHub integration, organizations can:

  • Reduce time to remediation with automated workflows
  • Unify vulnerability actions in a single console
  • Simplify triage and remediation processes with an efficient handoff to the development team
  • Achieve real-time synchronization between HackerOne and GitHub
  • Decide what status changes matter most to sync

It’s a simple process to set up the integration in either HackerOne or from the GitHub Marketplace. This step allows customers to map data from HackerOne to GitHub giving customers the flexibility to choose which information they want to sync.

HOW HACKERONE AND GITHUB NOW WORK BETTER TOGETHER

Figure 1 shows data fields from HackerOne reports that map to fields in GitHub issues to tailor the information to your specific work.


You can then choose which actions in HackerOne you’d like to post to GitHub. This ensures you are up-to-date on the information that is essential to your processes.

HOW HACKERONE AND GITHUB NOW WORK BETTER TOGETHER

You can also choose which actions in GitHub you’d like to post to HackerOne as an event to keep HackerOne up-to-date.

HOW HACKERONE AND GITHUB NOW WORK BETTER TOGETHER

A key benefit of this integration is incorporating HackerOne reports into GitHub issues for resolution and tracking. You do this by selecting the report from your program inbox and setting up a reference to your GitHub integration.  

HOW HACKERONE AND GITHUB NOW WORK BETTER TOGETHER

Figure 2 shows how to add a reference to your GitHub issue tracker.

Comment presented in HackerOne report

HOW HACKERONE AND GITHUB NOW WORK BETTER TOGETHER

Figure 3 shows that comments made in GitHub will automatically synchronize with your HackerOne report.

You also have the option of linking HackerOne reports to a specific issue vs. creating a new one by entering a particular issue ID.

HOW HACKERONE AND GITHUB NOW WORK BETTER TOGETHER

Figure 4 shows the option to link HackerOne reports to specific issues

This integration is available to all HackerOne Professional and Enterprise customers and is available on the GitHub Marketplace. Find detailed installation instructions on our docs site. To learn about more integration options, visit HackerOne’s integrations page.



Source link