Application Security Platform
Issue trackers

GitHub Issues

This document is for:
Invicti Platform

Integrating Invicti Platform with GitHub Issues streamlines your vulnerability management by automatically creating and tracking security issues within your GitHub projects. This integration enables seamless collaboration between development and security teams, ensuring vulnerabilities are identified, assigned, and resolved efficiently.

This document walks you through the steps required to connect Invicti with GitHub, configure issue tracking, and automate vulnerability reporting.

Prerequisites

Before integrating Invicti with GitHub, ensure you have completed the following prerequisites:

  • Active GitHub Account: You must have an active GitHub account.
  • Project Setup: Create a project that houses the source code for your target web application.
  • GitHub project members/collaborators must have Write permissions for the field values / mappings to work correctly.
  • API Access Verification: Confirm that your GitHub system allows incoming API requests from online.acunetix.com or app.invicti.com (for EU-based customers: app-eu.invicti.com).

Integrating Invicti Platform with GitHub is a four-step process:

  1. Create an access token
  2. Create GitHub labels
  3. Configure Invicti
  4. Submit vulnerabilities to GitHub

Step 1: Create an access token

  1. From your GitHub profile dropdown, click Settings.

  1. Scroll down to the bottom of the left-side menu and select Developer settings.

  1. From Personal access tokens in the left-side menu, select Tokens (classic).

  1. Click Generate new token. For this integration we will be using the classic token.

  1. On the New personal access token (classic) page:
  • In the Note field, enter Invicti Integration for identification purposes.
  • Set the Expiration date according to your requirements.
  • In the Scopes section, select the following:
  • repo (the entire section)
  • Under user select read:user

  • Scroll to the bottom of the page and click Generate token.
  1. Ensure you keep a copy of the token as it cannot be retrieved after leaving the page. Losing the token will necessitate creating a new one and repeating the process.

Step 2:  Create GitHub labels

  1. Open your repository's main page on GitHub and directly append /labels to your repository's URL. For example: https://github.com/your-username/your-repository/labels.​
  2. Alternatively, from the repository's main page:​
  • Click on the "Issues" tab.
  • On the Issues page, click on the "Labels" button.

  1. Click New label to add your own labels.
  2. Fill in the Label name, description, and choose a colour.
  3. Click Create label to save.​

If you don't see the "Labels" button or encounter any issues, ensure you have the necessary permissions (write access) to manage labels in the repository.

Step 3: Configure Invicti

  1. In Invicti, select Integrations from the left-side menu.
  2. Switch to the All integrations tab.


  1. Scroll down to the Issues trackers and select Configure in the GitHub issues tile.

  1. In the Configure and authorize section
  • Enter a name for your integration. For this example, we have used GitHub and Invicti integration.
  • Fill in the GitHub Issues base URL.

  • In the Authentication details, enter your Account Email and the Personal Access Token (classic) you generated in Step 1

  • Click Validate & load projects, to load your organization and issue details.
  1. In the Project configuration section, provide the following details:
  • Select a project from the drop-down list.
  • Repository: The GitHub repository where the discovered vulnerabilities will be sent.
  • Issue title formatting: Choose the format for the issue title.
  • Included details: Use the drop-down menu to select the information to include in the issue details.
  • Optionally, select Yes to include a link to the report and attach a PDF report.

  • Click Next.
  1. In the Issue mappings section, assign Field values and Field mappings.
  • Field values: Here, you decide who the assignee will be, and add a label to the reported issues. Only one assignee can be selected.
  • Field mappings: Map Invicti Vulnerability Severities to GitHub Issues Labels.

  1. Click Create sample issue to test the configuration. A green Success message appears at the top of the page.

  1. The vulnerability is now created in the specified GitHub repository.

  1. In Invicti, click Save and finish to complete the GitHub integration.

Click Save and finish.

Step 4: Submit vulnerabilities to GitHub

After identifying vulnerabilities, you can forward them to the designated issue tracker. There are two ways to do this:

  • Manually, through the Vulnerabilities page
  • Automatically, using Automations

The process is consistent across all supported issue trackers. For detailed instructions, refer to the linked documents above.

Share This Article