HackerOne

ArmorCode unifies the siloed world of security testing so you can move faster and spend time on what matters most. The ArmorCode-HackerOne integration makes it easy to ingest and correlate findings from HackerOne to the ArmorCode platform, prioritize based on risk, and automate triaging and remediation workflows to improve your security posture at scale.

To learn more, visit the <a href="https://www.armorcode.com/" rel="nofollow noopener noreferrer" target="_blank">ArmorCode website</a>.

Navigate to Security Tools and select HackerOne ​

Click on the Add button, and a form will appear that requires a configuration name, identifier, and token.

Steps to generate an Identifier and Token for Hackerone configuration. ​

1. First, log in to your HackerOne account (<a href="https://hackerone.com/" rel="nofollow noopener noreferrer" target="_blank">https://hackerone.com/</a>).
2. Now go to Organization Settings and select API Tokens
3. Click on Create API token.
4. Provide an Identifier and select the Program access and permissions groups for the token
5. Click on Create API token
6. The token is created (this token should be stored as it will work as Hackerone credentials in the ArmorCode platform)

Back on ArmoreCode, enter the details, including configuration name, identifier, and token mentioned in 2, and Save.

On the ArmorCode platform, a pop-up will appear asking to map the Product, Subproduct, and Environment on which your HackerOne projects will be. ​

Click on the Save button, and a scan will be triggered which you can check on the Scans page in the Analyze section.

After the scan is completed, click on Scan ID or Result Details and it will redirect to the findings that have been found for the project configured.

1. Navigate to Security Tools and select HackerOne ​

2. Click on the Add button, and a form will appear that requires a configuration name, identifier, and token.
3. Steps to generate an Identifier and Token for Hackerone configuration. ​
 
 1. First, log in to your HackerOne account (<a href="https://hackerone.com/" rel="nofollow noopener noreferrer" target="_blank">https://hackerone.com/</a>).
 2. Now go to Organization Settings and select API Tokens
 3. Click on Create API token.
 4. Provide an Identifier and select the Program access and permissions groups for the token
 5. Click on Create API token
 6. The token is created (this token should be stored as it will work as Hackerone credentials in the ArmorCode platform)
4. Back on ArmoreCode, enter the details, including configuration name, identifier, and token mentioned in 2, and Save.
5. On the ArmorCode platform, a pop-up will appear asking to map the Product, Subproduct, and Environment on which your HackerOne projects will be. ​

6. Click on the Save button, and a scan will be triggered which you can check on the Scans page in the Analyze section.
7. After the scan is completed, click on Scan ID or Result Details and it will redirect to the findings that have been found for the project configured.

Provide a Secret and click Generate URL ​

On HackerOne, navigate to Engagements &gt; Program &gt; Settings &gt; Program Settings

Scroll down to Automation and select Webhooks ​

At the bottom of the page, click on the New webhook button

Provide webhook name, secret, and payload URL (generated in 2) and click Add webhook ​

- Select Webhook 
- Provide a Secret and click Generate URL ​

- On HackerOne, navigate to Engagements &gt; Program &gt; Settings &gt; Program Settings
- Scroll down to Automation and select Webhooks ​

- At the bottom of the page, click on the New webhook button
- Provide webhook name, secret, and payload URL (generated in 2) and click Add webhook ​

Users can customize the alerts for the different tools along with their scan frequencies. There are two tabs present: Notifications and General. The notification tab pertains to customizing the alerts for the tool, whereas the settings tab is for adjusting scan frequencies.

ArmorCode security tool settings allow users to set up and create notifications to be alerted of changes and updates related to the security tool.

1. Selecting Operation Status Down will create an alert when a scan associated with the security tool fails. ​

1. Selecting When No New Reports trigger type will create an alert when no new findings were ingested from a scan based on the Scan Frequency set within security tool settings. ​

1. Selecting Config Changed will create an alert when changes are made to the Security tool configuration.
2. Example: Enabling and Disabling individual Security Tool Configurations. ​

1. Selecting When Tool Configuration Got Disabled will create an alert when configurations are disabled and operations are performed against it.
2. Example: Disabling an existing Push configuration. ​

1. When Operation Status Down
 1. Selecting Operation Status Down will create an alert when a scan associated with the security tool fails. ​

2. When No New Reports
 1. Selecting When No New Reports trigger type will create an alert when no new findings were ingested from a scan based on the Scan Frequency set within security tool settings. ​

3. When Config Changed
 1. Selecting Config Changed will create an alert when changes are made to the Security tool configuration.
 2. Example: Enabling and Disabling individual Security Tool Configurations. ​

4. When Tool Configuration Got Disabled
 1. Selecting When Tool Configuration Got Disabled will create an alert when configurations are disabled and operations are performed against it.
 2. Example: Disabling an existing Push configuration. ​

Users can set scan frequency and tool inactive status on both the tool and product levels. After the set time, a scan will be triggered and if a tool's inactive time has been set, the tool will be rendered inactive. 

Configure integration with ArmorCode

Configure Webhook

Settings

Notifications

General