HackerOne offers a bi-directional GitHub integration that syncs information between your HackerOne report and the issues you track on your GitHub repository. This means that GitHub users can sync specific workflows from GitHub to HackerOne and vice versa, from HackerOne to GitHub. This integration contributes to a better workflow in managing security vulnerabilities as it minimizes the back and forth between GitHub and HackerOne.
This integration is currently in beta and is only available to select Professional and Enterprise programs. If you would like to opt-in to this beta integration, please let your program manager know.
To set up your integration with GitHub:
- Go to Program Settings > Program > Integrations.
- Click Connect with GitHub.
- Click Set up new integration.
- Enter a name for your integration.
- (Optional) Enter a description.
- Click Next.
- Click New authentication.
- Specify an authentication name and click Create.
- Click Authorize Hacker0x01 to give HackerOne access to your GitHub account.
- Click Next after seeing that your GitHub account has been connected.
- Enter your GitHub username in the Owner field.
- Select the name of the repository you want to connect to.
- Click Next.
- Select which HackerOne report fields you would like mapped to the corresponding GitHub field and then click Next.
- Select which actions in HackerOne you’d like to post to GitHub as an event. You can choose from:
|Comments||When someone comments on a report, post an update on the associated GitHub issue.|
|State Changes||When someone changes the state of a report, post an update on the associated GitHub issue.|
|Rewards||When someone awards or suggests a bounty and/or bonus, post an update on the associated GitHub issue.|
|Assignee Changes||When someone assigns a user/group to a report, post an update on the associated GitHub issue.|
|Disclosure||When disclosure is requested or a report becomes public, post an update on the associated GitHub issue.|
- Select which actions in GitHub you’d like to post to HackerOne as an event. You can choose from:
|Comment added||Post an internal comment when someone comments on a GitHub issue.|
|When issue closes||You can choose from:
- Click Finish.
You’ll now see your created GitHub integration listed at the top of the page. Click Enable next to your integration to make it live.
With the GitHub integration, you can:
- Create a GitHub issue from your HackerOne report
- Link your HackerOne reports to existing GitHub issues
Once your GitHub integration has been set up, to create an issue in GitHub from your HackerOne report:
- Go to your program’s Inbox and select a report.
- Click Edit next to the References field.
- Select the correct integration you want to add a reference to.
- Click Create.
The HackerOne report will now show as an issue in your GitHub repository.
Comment in GitHub:
How the comment in GitHub shows up on the HackerOne report:
To link your HackerOne report to a GitHub issue:
- Go to the HackerOne report in your inbox that you want to link to GitHub.
- Click Edit next to References.
- Click the Link issue tab in the Reference to your issue tracker window.
- Select your GitHub integration in the drop-down.
- Enter the GitHub issue number in the Reference ID field.
- Click Create.
Your HackerOne report will now be linked to the GitHub issue.