HackerOne integrates with GitHub to enable tracking and syncing of high-priority vulnerability reports

HackerOne announced a new workflow automation integration with GitHub that enables the tracking and synchronization of high-priority vulnerability reports between HackerOne and GitHub. Also, HackerOne is making its debut on GitHub’s Marketplace.

With HackerOne’s synchronized integration, software development leads can organize sprints, speed up build time, field requests from technical teams, and track their work from within a single interface — all while building more security into the Software Development Lifecycle (SDLC). With just one click, GitHub issues can be created from HackerOne intelligence, enabling teams to rapidly take action and track progress.

“Knowing where your code is vulnerable is half the battle,” said HackerOne CTO and Co-founder Alex Rice. “Being able to resolve these security holes before they are exploited is a challenge in and of itself. By combining HackerOne’s global community of security researchers with GitHub’s developer tooling, joint customers ensure the vulnerabilities that present the greatest risk to the business are remediated on time. Our goal is to break down the walls between security and developers, building the critical feedback loops that empower developers to learn from each report and develop more trustworthy products from the start.”

With this integration, organizations can:

  • Reduce time to remediation with automated workflows
  • Unify vulnerability actions across a single console
  • Simplify the triage and remediation process with an efficient handoff to the development team
  • Achieve real-time synchronization between HackerOne and GitHub

“As the speed of software development continues to increase, so too does the introduction of vulnerabilities to code,” said Dana Lawson, VP of Technology Partnerships and Engineering at GitHub. “With this integration, security teams can quickly deliver potential vulnerabilities to developers within their workflows, helping them to shift left and rapidly respond to and mitigate vulnerabilities.”

The integration is available to all HackerOne Professional and Enterprise customers and can also be found on the GitHub Marketplace. Installation instructions can be found on the HackerOne Docs Site.

More about

Don't miss