Skip to main content

GitHub Issues

GitHub Issues Service integration allows Checkmarx One users to automate the creation, modification, and closure of GitHub issues for specific vulnerabilities detected in a scan.

Checkmarx One aggregates matching vulnerabilities during the issues creation process. As a result, the number of issues opened in the GitHub service may not align with the number of detected vulnerabilities in Checkmarx One.

Important

Only issue owners and GitHub users with push access permissions can edit existing issues, including updating and reopening them.

Preconditions

GitHub Issues is a lightweight issue-tracking system that is available in all GitHub repositories.

When you create a GitHub repository, GitHub Issues is enabled by default.

If GitHub Issues is not enabled for the relevant repo, use the below link as a reference to enable it:

Disabling GitHub Issues

Note

GitHub Issues work only for GitHub repositories that have been previously imported.

In the right side panel select GitHub Issues and click Next

Select_GitHub_Issues1.png

General Settings

GitHub Issues Settings & Trigger Conditions panel contains basic details for the new Feedback App in addition to its trigger conditions.

Configure the following:

  1. General Settings:

    • Feedback App Name

    • Description

    • Associate Tags - Assign tags to a Feedback App. Tags are very useful for filtering purposes

  2. Trigger Conditions:

    • Severity - The severity level of a vulnerability that triggers the Feedback App.

    • Status - To decrease the number of issues created in Jira, specify also the status of a vulnerability that triggers the Feedback App.

      In conjunction with the severity, this makes the setting more precise.

  3. Click Save

    GitHub_Issues_Settings_and_Trigger_Conditions.png