GitHub integration walkthrough and FAQs
Setting up your GitHub Integration
Sign in → Pentest → Settings
-
Sign into the Cobalt platform
-
Navigate to the ‘Pentests’ tab
-
Select the pentest you would like to set up the GitHub integration for
-
Click on 'Settings' within the pentest title card
-
From the left navigation, select ‘Integrations’
Follow the instructions listed in the GitHub section:
-
Create a personal access token using this GitHub procedure
-
Paste the GitHub Access Token
-
Enter the GitHub owner and repository name
-
Click 'Update Github' button
About the GitHub Integration
-
Once a finding is posted, you will have the ability to push the issue to your GitHub Repository.
-
It is recommended to wait until a finding is set to 'Pending Fix' before pushing the issue through to GitHub as an issue
-
Please note that the push is manual/1-way and can only be pushed through once. Anything updated or added to the finding in the Cobalt platform after being pushed through to GitHub will not be captured or will have to be added manually
-
-
To push a finding through from Cobalt to GitHub, go to the Findings tab option, click into a specific finding
-
On the right side of the page, you will see the menu pictured below
-
Click on ‘External Issue Tracking' → 'Create issue on GitHub’
-
-
After the issue is pushed, you will see the GitHub logo along with the issue number, as pictured below. The link is clickable and will redirect you to the issue on GitHub
FAQs
Are Labels customizable?
No. Currently only the standard labels of ‘Cobalt’ and ‘Security’ get pushed.
Can Jira (1-Way or Bi-Di) and GitHub be integrated simultaneously?
Yes. Users can have both integrations at the same time and can create tickets for both Jira and GitHub without any errors.
Do images, attachments, and comments get pushed into GitHub as well?
No, only the following fields get pushed:
-
Title
-
URL
-
Description
-
Suggested Fix
Comments
0 comments
Please sign in to leave a comment.