GitHub Issues
GitHub Issues Service integration allows Checkmarx One users to automate the creation, modification, and closure of GitHub issues for specific vulnerabilities detected in a scan.
Checkmarx One aggregates matching vulnerabilities during the issues creation process. As a result, the number of issues opened in the GitHub service may not align with the number of detected vulnerabilities in Checkmarx One.
Important
Only issue owners and GitHub users with push access permissions can edit existing issues, including updating and reopening them.
Prerequisites
GitHub Issues is a lightweight issue-tracking system that is available in all GitHub repositories.
When you create a GitHub repository, GitHub Issues is enabled by default.
If GitHub Issues is not enabled for the relevant repo, use the below link as a reference to enable it:
Note
GitHub Issues work only for GitHub repositories that have been previously imported.
Limitations
Limitation | Notes |
---|---|
Container vulnerabilities are not currently supported for Feedback Apps. This may cause a discrepancy between the summary counters shown in Checkmarx One and the ones sent via Feedback App. | Update planned as part of development of the new Container Security scanner |
Creating a New Feedback App
To create a new GitHub Issues Feedback App, click on Integrations > GitHub Issues
Settings & Trigger Conditions panel is opened in the right screen side.
Alternatively you can create a new GitHub Issues Feedback App by performing the following steps:
Click on Integrations > Inventory > Create App.
In the right side panel, select GitHub Issues and click Next.
General Settings
GitHub Issues Settings & Trigger Conditions panel contains basic details for the new Feedback App in addition to its trigger conditions.
Configure the following:
General Settings:
Feedback App Name
Description
Associate Tags - Assign tags to a Feedback App. Tags are very useful for filtering purposes
Trigger Conditions:
Severity - The severity level of a vulnerability that triggers the Feedback App.
Status - To decrease the number of issues created in Jira, specify also the status of a vulnerability that triggers the Feedback App.
In conjunction with the severity, this makes the setting more precise.
Click Save