Create GitHub tickets for Findings

How to use Integration Builder to push findings to GitHub Issues.

Push Findings to GitHub Issues

You can use Integration Builder to push pentest and/or DAST findings to GitHub Issues.

Prerequisites

To use GitHub recipes, you must have a GitHub account and a repository where you want to push findings as issues.

Create the GitHub connection

If you haven’t already, you need to create a connection to GitHub. If you already have a GitHub connection, you can skip this section.

  1. Navigate to the Projects tab of the Integration Builder.

  2. Click the “Create” button to open the menu, then click “Connection.”

Create connection
  1. Click on the GitHub connector.
Select GitHub connector
  1. Input a name for the connection and click the “Connect” button.
Enter connection name
  1. Authorize the connection.
Authorize connection
  1. Once the connection is authorized, you will see the “Connected” status.
Connected

Create a folder for your GitHub recipes

  1. Navigate to the Projects tab of the Integration Builder.

  2. Click the “Create” button to open the menu, then click “Folder.”

Create folder
  1. Input the folder name and click “Create folder.” NOTE: We recommend naming the folder “GitHub” for keeping recipes organized by integrated system.
Name folder
  1. The new folder will be empty by default.
Folder created

Set up the GitHub recipe

Note: This guide uses the pentest findings recipe, but there is also a recipe for DAST findings. You should be able to use the same steps for either recipe.

  1. Navigate to the Library tab and click on GitHub.
Recipe library
  1. Click on the recipe you want to use, then click “Use recipe.”
Select GitHub recipeUse GitHub recipe
  1. Select the folder you created and click “Copy and save.”
Copy GitHub recipeCopy and save

Customize the recipe

You will need to customize the recipe to use your GitHub organization and repository. You can optionally customize the content of the GitHub issues that the recipe creates.

  1. Click the “Customize recipe” button to open the recipe editor.
Start customizing
  1. Click the link for step 17 in the error message at the top of the editor.
Link for step 17
  1. Select or input your GitHub Organization and Repository name required fields.
Input required fields
  • Optional: You can update the recipe trigger to run it for a specific asset or pentest. By default, the recipe will be triggered for all pentests within your org. (Note: If you are using the DAST recipe, you can select a Target instead of an Asset or Pentest.)

    • Click on the trigger to open the trigger editor, then click the button to view optional fields.
    Edit trigger
    • To specify an asset, select the checkbox for “Asset” then select an asset from the list.
    Asset field toggleSelected asset
    • To specify a pentest, select the checkbox for “Pentest” then select a pentest from the list.
    Pentest field toggleSelected pentest
    • To undo your changes, click the “Reset” button to return to the default state.
    Reset trigger
  • Optional: Customize the content of the GitHub issues that the recipe creates.

    • You can use datapills to populate the fields with dynamic values.
    • You can type into the input fields to set static values.
    Customizable fields
    • Available fields:

      • Issue title
      • Body
      • Assignees
      • Labels (optional field, see below)
      • Milestone ID (optional field, see below)
      Optional fieldsSelect optional fields
  1. Click the “Save” button to save your changes.
Save recipe
  1. Click the “Exit” button to close the recipe editor.
Exit recipe editor
  1. By default, the recipe will be in an inactive state. To start pushing your findings to GitHub issues, click the “Start recipe” button.
Start GitHub recipeRecipe running

Test the recipe

To test the recipe with pentest findings, follow the guide for creating a test finding.

To test the recipe with DAST scan findings, run a scan against the target https://brokencrystals.com and wait for the scan to complete.

Edit the recipe

  1. To edit the recipe, you need to stop it first. Click the “Stop recipe” button at the top of the recipe page.
Stop recipe
  1. Click the “Edit” button to open the recipe editor.
Edit recipe
  1. Make your changes in the recipe editor. Once you’re finished, make sure to click the save button and re-start the recipe as shown in the steps above.
Recipe editor
Last modified December 18, 2024