Developers need to bring security into their workflows without pivoting to separate security tools to get vulnerability information. HackerOne has created an integration with GitHub to streamline the process of including more security in the Software Development Life Cycle (SDLC) by automatically syncing activities between the two products.

With the new GitHub integration, organizations can:

  • Reduce time to remediation with automated workflows
  • Unify vulnerability actions in a single console
  • Simplify triage and remediation processes with an efficient handoff to the development team
  • Achieve real-time synchronization between HackerOne and GitHub
  • Decide what status changes matter most to sync

It’s a simple process to set up the integration in either HackerOne or from the GitHub Marketplace. This step allows customers to map data from HackerOne to GitHub giving customers the flexibility to choose which information they want to sync.

data mapping

Figure 1 shows data fields from HackerOne reports that map to fields in GitHub issues to tailor the information to your specific work.

You can then choose which actions in HackerOne you’d like to post to GitHub. This ensures you are up-to-date on the information that is essential to your processes.

Table 1

You can also choose which actions in GitHub you’d like to post to HackerOne as an event to keep HackerOne up-to-date.

Table 2

A key benefit of this integration is incorporating HackerOne reports into GitHub issues for resolution and tracking. You do this by selecting the report from your program inbox and setting up a reference to your GitHub integration.  

issue tracking

Figure 2 shows how to add a reference to your GitHub issue tracker.

Comment presented in HackerOne report

individual issue

Figure 3 shows that comments made in GitHub will automatically synchronize with your HackerOne report.

You also have the option of linking HackerOne reports to a specific issue vs. creating a new one by entering a particular issue ID.

link to issue

Figure 4 shows the option to link HackerOne reports to specific issues

This integration is available to all HackerOne Professional and Enterprise customers and is available on the GitHub Marketplace. Find detailed installation instructions on our docs site. To learn about more integration options, visit HackerOne’s integrations page.


Posted by Charlie