HackerOne

HackerOne provides bidirectional GitLab integration for seamless data syncing between your HackerOne report and GitLab issues. Sync workflows from GitLab to HackerOne and vice versa, improving alignment between development and security teams and streamlining security vulnerability processing.

You can create new GitLab issues for reports you receive on HackerOne.

To create a new GitLab issue from your HackerOne report:

Go to the HackerOne report in your inbox that you want to create a new GitLab issue for.

Select the GitLab integration you want the issue to link to in the dropdown and click Create.

Add comments or change the state of the report in GitLab. ​

1. Go to the HackerOne report in your inbox that you want to create a new GitLab issue for.
2. Click next to References.​ 
 
 
3. Select the GitLab integration you want the issue to link to in the dropdown and click Create. 

4. Add comments or change the state of the report in GitLab. ​

When you act on the GitLab report, such as adding a comment or changing its status, Hackbot generates an internal comment on the HackerOne report to reflect the changes.

Linking HackerOne Reports to Existing GitLab Tasks

You can link your HackerOne reports to existing GitLab tasks.

Go to the HackerOne report in your inbox that you want to link to GitLab.

Click References in the report sidebar. ​

Enter the GitLab ticket reference ID in the Reference ID field.

1. Go to the HackerOne report in your inbox that you want to link to GitLab.
2. Click References in the report sidebar. ​

3. Enter the GitLab ticket reference ID in the Reference ID field.
4. Click Link GitLab issue.

The HackerOne report will now be linked to the GitLab task, and all activities performed on the report will be synced to the corresponding task.

There's also another way you can link your HackerOne reports to GitLab. You can:

Go to the bottom of your HackerOne report.

Select Change state &gt; Triaged in the action picker

Click Add reference to issue tracker. ​

Enter the GitLab ticket number in the Reference ID field.

1. Go to the bottom of your HackerOne report.
2. Select Change state &gt; Triaged in the action picker
3. Click Add reference to issue tracker. ​

4. Enter the GitLab ticket number in the Reference ID field.
5. Click Create.

With the GitLab integration, you can sync these report updates to GitLab:

- Report Comments
- State changes
- Rewards
- Assignee changes
- Public disclosure
- Close GitLab issue

All updates on a report are synced as a comment to GitLab. Additionally, all actions are configurable and can be toggled from the GitLab integration settings page.

To make sure your security team stays up to date with the changes that happen in GitLab, you can sync back activities from GitLab to the HackerOne report. All updates from GitLab will be reflected in HackerOne as an internal comment on the associated report.

We currently support these activities from GitLab to HackerOne:

You can choose which events you want to synchronize from GitLab as each activity can be toggled individually.

HackerOne Severity to GitLab Label Mapping

You can map HackerOne severity ratings to a GitLab label when configuring your integration. This enables the right priority to be set when escalating a report to GitLab.

The integration can be configured to automatically set a due date based on the severity of a report.

See the<a href="https://docs.google.com/document/d/1QuAmLAyi39dxSXI1Ilht2zdQHBVQfdc9zbvGMF6bB0U/edit?usp=sharing" rel="nofollow noopener noreferrer" target="_blank"> GitLab Setup</a> page.

Creating a GitLab Issue

Linking HackerOne Reports to Existing GitLab Tasks

Syncing Updates from HackerOne to GitLab

Syncing Updates from GitLab to HackerOne

HackerOne Severity to GitLab Label Mapping

Due Date Mapping

Installing the GitLab Integration