ArmorCode unifies the siloed world of security testing so you can move faster and spend time on what matters most. The ArmorCode-HackerOne integration makes it easy to ingest and correlate findings from HackerOne to the ArmorCode platform, prioritize based on risk, and automate triaging and remediation workflows to improve your security posture at scale.
To learn more, visit the ArmorCode website.
Configure integration with ArmorCode
Navigate to Security Tools and select HackerOne
Click on the Add button, and a form will appear that requires a configuration name, identifier, and token.
Steps to generate an Identifier and Token for Hackerone configuration.
First, log in to your HackerOne account (https://hackerone.com/).
Now go to Organization Settings and select API Tokens
Click on Create API token.
Provide an Identifier and select the Program access and permissions groups for the token
Click on Create API token
The token is created (this token should be stored as it will work as Hackerone credentials in the ArmorCode platform)
Back on ArmoreCode, enter the details, including configuration name, identifier, and token mentioned in 2, and Save.
On the ArmorCode platform, a pop-up will appear asking to map the Product, Subproduct, and Environment on which your HackerOne projects will be.
Click on the Save button, and a scan will be triggered which you can check on the Scans page in the Analyze section.
After the scan is completed, click on Scan ID or Result Details and it will redirect to the findings that have been found for the project configured.
Configure Webhook
Select Webhook
Provide a Secret and click Generate URL
On HackerOne, navigate to Engagements > Program > Settings > Program Settings
Scroll down to Automation and select Webhooks
At the bottom of the page, click on the New webhook button
Provide webhook name, secret, and payload URL (generated in 2) and click Add webhook
Settings
Users can customize the alerts for the different tools along with their scan frequencies. There are two tabs present: Notifications and General. The notification tab pertains to customizing the alerts for the tool, whereas the settings tab is for adjusting scan frequencies.
Notifications
ArmorCode security tool settings allow users to set up and create notifications to be alerted of changes and updates related to the security tool.
Notify When Trigger Types:
When Operation Status Down
Selecting Operation Status Down will create an alert when a scan associated with the security tool fails.
When No New Reports
Selecting When No New Reports trigger type will create an alert when no new findings were ingested from a scan based on the Scan Frequency set within security tool settings.
When Config Changed
Selecting Config Changed will create an alert when changes are made to the Security tool configuration.
Example: Enabling and Disabling individual Security Tool Configurations.
When Tool Configuration Got Disabled
Selecting When Tool Configuration Got Disabled will create an alert when configurations are disabled and operations are performed against it.
Example: Disabling an existing Push configuration.
General
Users can set scan frequency and tool inactive status on both the tool and product levels. After the set time, a scan will be triggered and if a tool's inactive time has been set, the tool will be rendered inactive.
