Create GitHub tickets for Findings

Push Findings to GitHub Issues

You can use Integration Builder to push pentest and/or DAST findings to GitHub Issues.

Prerequisites

To use GitHub recipes, you must have a GitHub account and a repository where you want to push findings as issues.

Create the GitHub connection

If you haven’t already, you need to create a connection to GitHub. If you already have a GitHub connection, you can skip this section.

1. Navigate to the Projects tab of the Integration Builder.

2. Click the “Create” button to open the menu, then click “Connection.”

3. Click on the GitHub connector.

4. Input a name for the connection and click the “Connect” button.

5. Authorize the connection.

6. Once the connection is authorized, you will see the “Connected” status.

Create a folder for your GitHub recipes

1. Navigate to the Projects tab of the Integration Builder.

2. Click the “Create” button to open the menu, then click “Folder.”

3. Input the folder name and click “Create folder.” NOTE: We recommend naming the folder “GitHub” for keeping recipes organized by integrated system.

4. The new folder will be empty by default.

Set up the GitHub recipe

Note: This guide uses the pentest findings recipe, but there is also a recipe for DAST findings. You should be able to use the same steps for either recipe.

1. Navigate to the Library tab and click on GitHub.

2. Click on the recipe you want to use, then click “Use recipe.”

3. Select the folder you created and click “Copy and save.”

Customize the recipe

You will need to customize the recipe to use your GitHub organization and repository. You can optionally customize the content of the GitHub issues that the recipe creates.

1. Click the “Customize recipe” button to open the recipe editor.

2. Click the link for step 17 in the error message at the top of the editor.

3. Select or input your GitHub Organization and Repository name required fields.

• Optional: You can update the recipe trigger to run it for a specific asset or pentest. By default, the recipe will be triggered for all pentests within your org. (Note: If you are using the DAST recipe, you can select a Target instead of an Asset or Pentest.)

  • Click on the trigger to open the trigger editor, then click the button to view optional fields.
  
  • To specify an asset, select the checkbox for “Asset” then select an asset from the list.
  
  • To specify a pentest, select the checkbox for “Pentest” then select a pentest from the list.
  
  • To undo your changes, click the “Reset” button to return to the default state.
  

• Optional: Customize the content of the GitHub issues that the recipe creates.

  • You can use datapills to populate the fields with dynamic values.
  • You can type into the input fields to set static values.
  

  • Available fields:

    • Issue title
    • Body
    • Assignees
    • Labels (optional field, see below)
    • Milestone ID (optional field, see below)
    

4. Click the “Save” button to save your changes.

5. Click the “Exit” button to close the recipe editor.

6. By default, the recipe will be in an inactive state. To start pushing your findings to GitHub issues, click the “Start recipe” button.

Test the recipe

To test the recipe with pentest findings, follow the guide for creating a test finding.

To test the recipe with DAST scan findings, run a scan against the target https://brokencrystals.com and wait for the scan to complete.

Edit the recipe

1. To edit the recipe, you need to stop it first. Click the “Stop recipe” button at the top of the recipe page.

2. Click the “Edit” button to open the recipe editor.

3. Make your changes in the recipe editor. Once you’re finished, make sure to click the save button and re-start the recipe as shown in the steps above.