Skip to main content
All CollectionsIntegrations
ArmorCode Integration
ArmorCode Integration

Organizations: Setup your ArmorCode integration

Updated over a week ago

ArmorCode unifies the siloed world of security testing so you can move faster and spend time on what matters most. The ArmorCode-HackerOne integration makes it easy to ingest and correlate findings from HackerOne to the ArmorCode platform, prioritize based on risk, and automate triaging and remediation workflows to improve your security posture at scale.

To learn more, visit the ArmorCode website.

Configure integration with ArmorCode

  1. Navigate to Security Tools and select HackerOne

  2. Click on the Add button, and a form will appear that requires a configuration name, identifier, and token.

  3. Steps to generate an Identifier and Token for Hackerone configuration.

    1. First, log in to your HackerOne account (https://hackerone.com/).

    2. Now go to Organization Settings and select API Tokens

    3. Click on Create API token.

    4. Provide an Identifier and select the Program access and permissions groups for the token

    5. Click on Create API token

    6. The token is created (this token should be stored as it will work as Hackerone credentials in the ArmorCode platform)

  4. Back on ArmoreCode, enter the details, including configuration name, identifier, and token mentioned in 2, and Save.

  5. On the ArmorCode platform, a pop-up will appear asking to map the Product, Subproduct, and Environment on which your HackerOne projects will be.

  6. Click on the Save button, and a scan will be triggered which you can check on the Scans page in the Analyze section.

  7. After the scan is completed, click on Scan ID or Result Details and it will redirect to the findings that have been found for the project configured.

Configure Webhook

  • Select Webhook

  • Provide a Secret and click Generate URL

  • On HackerOne, navigate to Engagements > Program > Settings > Program Settings

  • Scroll down to Automation and select Webhooks

  • At the bottom of the page, click on the New webhook button

  • Provide webhook name, secret, and payload URL (generated in 2) and click Add webhook

Settings

Users can customize the alerts for the different tools along with their scan frequencies. There are two tabs present: Notifications and General. The notification tab pertains to customizing the alerts for the tool, whereas the settings tab is for adjusting scan frequencies.

Notifications

ArmorCode security tool settings allow users to set up and create notifications to be alerted of changes and updates related to the security tool.

Notify When Trigger Types:

  1. When Operation Status Down

    1. Selecting Operation Status Down will create an alert when a scan associated with the security tool fails.

  2. When No New Reports

    1. Selecting When No New Reports trigger type will create an alert when no new findings were ingested from a scan based on the Scan Frequency set within security tool settings.

  3. When Config Changed

    1. Selecting Config Changed will create an alert when changes are made to the Security tool configuration.

    2. Example: Enabling and Disabling individual Security Tool Configurations.

  4. When Tool Configuration Got Disabled

    1. Selecting When Tool Configuration Got Disabled will create an alert when configurations are disabled and operations are performed against it.

    2. Example: Disabling an existing Push configuration.

General

Users can set scan frequency and tool inactive status on both the tool and product levels. After the set time, a scan will be triggered and if a tool's inactive time has been set, the tool will be rendered inactive.

Did this answer your question?