HackerOne Blog

HOW HACKERONE AND GITHUB NOW WORK BETTER TOGETHER

HackerOne Team
HOW HACKERONE AND GITHUB NOW WORK BETTER TOGETHER

Developers need to bring security into their workflows without pivoting to separate security tools to get vulnerability information. HackerOne has created an integration with GitHub to streamline the process of including more security in the Software Development Life Cycle (SDLC) by automatically syncing activities between the two products.

With the new GitHub integration, organizations can:

  • Reduce time to remediation with automated workflows
  • Unify vulnerability actions in a single console
  • Simplify triage and remediation processes with an efficient handoff to the development team
  • Achieve real-time synchronization between HackerOne and GitHub
  • Decide what status changes matter most to sync

It’s a simple process to set up the integration in either HackerOne or from the GitHub Marketplace. This step allows customers to map data from HackerOne to GitHub giving customers the flexibility to choose which information they want to sync.

The referenced media source is missing and needs to be re-embedded.

Figure 1 shows data fields from HackerOne reports that map to fields in GitHub issues to tailor the information to your specific work.

You can then choose which actions in HackerOne you’d like to post to GitHub. This ensures you are up-to-date on the information that is essential to your processes.

The referenced media source is missing and needs to be re-embedded.

You can also choose which actions in GitHub you’d like to post to HackerOne as an event to keep HackerOne up-to-date.

The referenced media source is missing and needs to be re-embedded.

A key benefit of this integration is incorporating HackerOne reports into GitHub issues for resolution and tracking. You do this by selecting the report from your program inbox and setting up a reference to your GitHub integration.  

The referenced media source is missing and needs to be re-embedded.

Figure 2 shows how to add a reference to your GitHub issue tracker.

Comment presented in HackerOne report

The referenced media source is missing and needs to be re-embedded.

Figure 3 shows that comments made in GitHub will automatically synchronize with your HackerOne report.

You also have the option of linking HackerOne reports to a specific issue vs. creating a new one by entering a particular issue ID.

The referenced media source is missing and needs to be re-embedded.

Figure 4 shows the option to link HackerOne reports to specific issues

This integration is available to all HackerOne Professional and Enterprise customers and is available on the GitHub Marketplace. Find detailed installation instructions on our docs site. To learn about more integration options, visit HackerOne’s integrations page.

Exposure Management