Skip to main content

GitHub Issues

This document is for Invicti Platform

Integrating Invicti Platform with GitHub Issues streamlines your vulnerability management by automatically creating and tracking security issues within your GitHub projects. This integration enables seamless collaboration between development and security teams, ensuring vulnerabilities are identified, assigned, and resolved efficiently.

This document walks you through the steps required to connect Invicti with GitHub, configure issue tracking, and automate vulnerability reporting.

Prerequisites

Before integrating Invicti with GitHub, ensure you have completed the following prerequisites:

  • Active GitHub Account: You must have an active GitHub account.
  • Project Setup: Create a project that houses the source code for your target web application.
  • GitHub project members/collaborators must have Write permissions for the field values / mappings to work correctly.
  • API Access Verification: Confirm that your GitHub system allows incoming API requests from online.acunetix.com or app.invicti.com (for EU-based customers: app-eu.invicti.com).

Integrating Invicti Platform with GitHub is a four-step process:

  1. Create an access token
  2. Create GitHub labels
  3. Configure Invicti
  4. Submit vulnerabilities to GitHub

Step 1: Create an access token

  1. From your GitHub profile dropdown, click Settings.
GitHub profile settings
  1. Scroll down to the bottom of the left-side menu and choose Developer settings.
GitHub developer settings
  1. From Personal access tokens in the left-side menu, choose Tokens (classic).
GitHub personal access tokens classic
  1. Click Generate new token. For this integration the classic token is used.
GitHub generate new token
  1. On the New personal access token (classic) page:
    • In the Note field, enter Invicti Integration for identification purposes.
    • Set the Expiration date according to your requirements.
    • In the Scopes section, choose the following:
      • repo (the entire section)
      • Under user choose read:user
    • Scroll to the bottom of the page and click Generate token.
GitHub token scopes configuration
  1. Ensure you keep a copy of the token as it cannot be retrieved after leaving the page. Losing the token necessitates creating a new one and repeating the process.
GitHub copy generated token

Step 2: Create GitHub labels

  1. Open your repository's main page on GitHub and directly append /labels to your repository's URL. For example: https://github.com/your-username/your-repository/labels.

  2. Alternatively, from the repository's main page:

    • Click the Issues tab.
    • On the Issues page, click the Labels button.
GitHub issues labels button

  1. Click New label to add your own labels.

  2. Fill in the Label name, description, and choose a color.

  3. Click Create label to save.

GitHub create new label

If you don't see the Labels button or encounter any issues, ensure you have the necessary permissions (write access) to manage labels in the repository.

Step 3: Configure Invicti

  1. In Invicti, choose Integrations from the left-side menu.

  2. Switch to the All integrations tab.

    All integrations tab

  3. Scroll down to the Issues trackers and choose Configure in the GitHub issues tile.

    GitHub issues configuration tile

  4. In the Configure and authorize section:

    • Enter a name for your integration. For this example, the name used is GitHub and Invicti integration.
    • Fill in the GitHub Issues base URL.
    GitHub integration detail page
    • In the Authentication details, enter your Account email and the Personal Access Token (classic) you generated in Step 1.
    GitHub configure and authorize section
    • Click Validate & load projects, to load your organization and issue details.

  5. In the Project configuration section, provide the following details:

    • Choose a project from the drop-down list.
    • Repository: The GitHub repository where the discovered vulnerabilities are sent.
    • Issue title formatting: Choose the format for the issue title.
    • Included details: Use the drop-down menu to choose the information to include in the issue details.
    • Optionally, choose Yes to include a link to the report and attach a PDF report.
    GitHub project configuration
    • Click Next.

  6. In the Issue mappings section, assign Field values and Field mappings.

    • Field values: Here, you decide who the assignee is, and add a label to the reported issues. Only one assignee can be chosen.
    • Field mappings: Map Invicti Vulnerability Severities to GitHub Issues Labels.
    GitHub field mappings configuration

  7. Click Create sample issue to test the configuration. A green Success message appears at the top of the page.

  8. The vulnerability is now created in the specified GitHub repository.

    GitHub vulnerability issue created

  9. In Invicti, click Save and finish to complete the GitHub integration.

    Save and finish GitHub integration

Step 4: Submit vulnerabilities to GitHub

After identifying vulnerabilities, you can forward them to the designated issue tracker. There are two ways to do this:

  • Manually, through the Vulnerabilities page
  • Automatically, using Automations

The process is consistent across all supported issue trackers. For detailed instructions, refer to the linked documents.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?