Complimentary 90-day, on-prem license available for entities involved in Covid19 response.
SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Integrating Netsparker Standard with GitHub

GitHub is a web-based hosting service for version control. GitHub is mostly used for code but it has an issue tracking feature with labels, milestones, assignees and a search engine. Every issue is referenced in a card, which can then be dropped into a repository, used to track the progress of the bug, discuss fixes and assign relevant tasks to teammates.

This topic explains how to configure Netsparker Standard to send a detected vulnerability to GitHub.

For further information, see Configuring the User Interface for Custom Send To Actions in Netsparker Standard and Configuring Auto Send To Actions in Netsparker Standard and What Systems Does Netsparker Integrate With?.

GitHub Fields

The table lists and describes the GitHub fields in the Send to Actions tab.

Button/Section/Field

Description

Add

Click to add an integration.

Delete

Click to delete the integration and clear all fields.

Create Sample Issue

Once all relevant fields have been configured, click to create a sample issue.

Display Name

This is the name of the configuration that will be shown in menus.

Mandatory

This section contains fields that must be completed.

Repository

This is the repository name, which includes the issue.

Username

This is the name of the user. If you are using a personal access token (see below), leave this field blank.

Access Token

This is the personalized access token of the user.

Vulnerability

This section contains fields with vulnerability details.

Body Template

This is the template file that is used to create description fields.

Title Format

This is the string format that is used to create the vulnerability title.

Optional

This section contains optional fields.

Labels

These are the issue labels.

Assignee

This is the user to whom the issue is assigned. Accepted values are:

  • Email address
  • User identifier
  • 'me' keyword

How to Integrate Netsparker Standard with GitHub

  1. Open Netsparker Standard.
  2. From the Home tab on the ribbon, click Options. The Options dialog is displayed.
  3. Click Send To Actions.

  1. From the Add dropdown, select GitHub. The GitHub fields are displayed.

  1. In the Mandatory section, complete the connection details:
    • Repository
    • Username
    • Access Token (This can be generated from GitHub's User Options menu.)
  2. In the Vulnerability section you can change the Body Template and Title Format.
Body templates are stored in %userprofile%\Documents\Netsparker\Resources\Send To Templates. If you use your own custom templates, store them in this location.
  1. In the Optional settings you can specify:
    • Labels
    • Assignee
  2. Click Create Sample Issue to confirm that Netsparker Standard can connect to the configured system. The Send To Action Test confirmation dialog is displayed.

  1. In the Send To Action Test dialog, click the Issue number link to open the issue in GitHub in the default browser.

How to Export Reported Vulnerabilities to Projects in GitHub

Please ensure that you have first configured GitHub integration (see How to Integrate Netsparker Standard with GitHub).
  1. Open Netsparker Standard.
  2. From the ribbon, select the File tab. Local Scans are displayed. Doubleclick the relevant scan to display its results.

  1. In the Issues panel, right click the vulnerability you want to export and select Send to GitHub. (Alternatively, from the ribbon, click the Vulnerability tab, then Send to GitHub.) A confirmation message and link is displayed at the bottom of the screen.

  1. Click the GitHub Send to Action is executed for the selected vulnerability. link to view the newly-created issue in GitHub.
  2. The vulnerability is automatically exported to GitHub. You can view it in GitHub's Issues tab.

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO