ArmorCode unifies the siloed world of security testing so you can move faster and spend time on what matters most. The ArmorCode-HackerOne integration makes it easy to ingest and correlate findings from HackerOne to the ArmorCode platform, prioritize based on risk, and automate triaging and remediation workflows to improve your security posture at scale.
Configure integration with ArmorCode
Navigate to Security Tools and select HackerOne
Click on the Add button, and a form will appear that requires a configuration name, identifier, and token.
Steps to generate an Identifier and Token for Hackerone configuration.
First, log in to your HackerOne account (https://hackerone.com/).
Now go to Organization Settings and select API Tokens
Click on Create API token.
Provide an Identifier and select the Program access and permissions groups for the token
Click on Create API token
The token is created (this token should be stored as it will work as Hackerone credentials in the ArmorCode platform)
Back on ArmoreCode, enter the details, including configuration name, identifier, and token mentioned in 2, and Save.
On the ArmorCode platform, a pop-up will appear asking to map the Product, Subproduct, and Environment on which your HackerOne projects will be.
Click on the Save button, and a scan will be triggered which you can check on the Scans page in the Analyze section.
After the scan is completed, click on Scan ID or Result Details and it will redirect to the findings that have been found for the project configured.
Provide a Secret and click Generate URL
On HackerOne, navigate to Engagements > Program > Settings > Program Settings
Scroll down to Automation and select Webhooks
At the bottom of the page, click on the New webhook button
Provide webhook name, secret, and payload URL (generated in 2) and click Add webhook
Users can customize the alerts for the different tools along with their scan frequencies. There are two tabs present: Notifications and General. The notification tab pertains to customizing the alerts for the tool, whereas the settings tab is for adjusting scan frequencies.
ArmorCode security tool settings allow users to set up and create notifications to be alerted of changes and updates related to the security tool.
Notify When Trigger Types:
When Operation Status Down
When No New Reports
When Config Changed
When Tool Configuration Got Disabled
Users can set scan frequency and tool inactive status on both the tool and product levels. After the set time, a scan will be triggered and if a tool's inactive time has been set, the tool will be rendered inactive.