Integrating Invicti Enterprise with GitHub

This document is for:

Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

GitHub is a web-based hosting service for version control. GitHub is mostly used for code, but it has an issue tracking feature with labels, milestones, assignees, and a search engine. Every issue is referenced in a card, which can then be dropped into a repository, used to track the progress of the bug, discuss fixes, and assign relevant tasks to team members.

This article explains how to configure Invicti Enterprise to send a detected vulnerability to GitHub, enabling seamless integration between security scanning and development workflows.

How to integrate Invicti Enterprise with GitHub

Follow these steps to establish the connection between Invicti Enterprise and your GitHub repository:

1. Log in to Invicti Enterprise.

2. Select Integrations > New Integration from the left-side menu.

3. Select GitHub from the Issue Tracking Systems section.

4. Enter a Name for the integration. This is the name of the configuration that will be shown in menus.

5. In the Mandatory section, complete the connection details:

Field	Description
Server URL	Enter the GitHub server's project URL. The SSL certificate of the URL must be verified.
Repository	Enter the GitHub repository name that includes the issue.
Username	Enter the GitHub username of the user.
Access Token	Enter the personalized access token of the user that is used for authorization.
Title Format	Enter the string to use for the format of the vulnerability title.

6. In the Optional section, complete as required:
   • Labels: These are the issue labels. Separate labels with a comma (,).
   • Assignee: This is the user to whom issues will be assigned.
   • Organization: This is the organization name in GitHub. All issues will be sent to that organization's repository.

7. Click Create Sample Issue to confirm that Invicti Enterprise can connect to the configured system.

   • A confirmation message is displayed to confirm that the sample issue has been successfully created.

8. In the confirmation message, select the issue number link to open the issue in your default browser.

9. Click Save to save the integration.

Integration Success

Invicti Enterprise is now successfully integrated with GitHub and you are now able to send detected vulnerabilities from Invicti Enterprise to GitHub.

How to export reported vulnerabilities to projects in GitHub

There are several ways to send detected issues from Invicti Enterprise to GitHub:

Automatic Issue Submission

Once notifications have been configured, you can configure Invicti Enterprise to automatically send vulnerabilities after scanning has been completed.

For more information, refer to How to configure a notification to report vulnerabilities to an issue tracking system external documentation.

Send Issues from the Issues Page

You can send one or more issues from the Issues page by following the steps below:

1. Select Issues > All Issues from the left-side menu.
2. On the Issues page, select one or more issues you want to send.
3. Click Send To > GitHub.

Send Issues from the Recent Scans Page

You can send an issue from the Recent Scans page by following the steps below:

1. Select Scans > Recent Scans from the left-side menu.
2. Locate the relevant scan and click Report on the right-hand side.
3. Scroll down to the Technical Report section.
4. On the Issues tab, select an issue to display its details.
5. In the issue details, click Send To > GitHub.

Duplicate Prevention

If you have previously submitted this vulnerability to GitHub, it will already be accessible. You cannot submit the same issue twice.

---

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center