Official StackHawk GitHub App
StackHawk’s official GitHub App integration.
Overview
StackHawk provides several features to integrate with GitHub. These features are all offered under the official StackHawk GitHub App. These individual pages will detail specific features of the GitHub App, while this page will cover requirements and installation details.
Looking for the new Microsoft Defender for Cloud integration? Check out the documentation here.
Features
- Integrate StackHawk with GitHub via our marketplace app or from the GitHub tile on our Integrations page. By integrating StackHawk with GitHub, you can easily include security testing capabilities in your GitHub repositories. This integration enables you to view relevant repository metadata with each scan, incorporate StackHawk scan results into every PR commit, and import correlated SAST findings from GitHub CodeQL.
- Multiple GitHub organizations or accounts can be tied to a single StackHawk org. Aggregate all of your GitHub data under a single view in StackHawk.
Requirements
StackHawk
- You must have a StackHawk account.
- Your StackHawk account needs to be on a Pro or Enterprise plan to use the GitHub Integration.
GitHub
- You must be allowed to install GitHub Apps to your organization / account.
Setup
- Log into StackHawk and visit the GitHub Integration page.
- Click the
Enable GitHub
button. If you already have a GitHub org connected, but need to modify clickManage Connection
. - Follow the prompts in GitHub to select your GitHub Organization / Account. This will require that you are a GitHub administrator for your organization. Once in the GitHub org, you can select individual repositories to allow or give access to all. Once you have made your selection, click
Install
. - You will be navigated back into StackHawk. Please note that the import process may take a few minutes depending on the size of your organization. You can check your progress by navigating to the StackHawk Repositories page.
- Once completed, you should have a list of all of your repositories available in StackHawk with key metadata to help inform your next steps.
- If you already have applications in StackHawk, you can easily link them to a repository via the Add to existing application menu item on each row or via the ‘Create Applications’ button above the table once at least one row has been selected.
- If you are new to StackHawk, you can use this Repositories view to quickly create and configure new applications that will be mapped directly to your code.
- These mappings of repository to StackHawk application unlock additional features such as our SAST integration with GitHub CodeQL, GitHub Pull Request checks, and automation with GitHub Actions.
Allowed IP Addresses
If your GitHub Organization has access restricted by IP address, consider allowing access by GitHub Apps via these GitHub docs. Otherwise, if you wish to manage this manually, add the following IP addresses to the allowed list:
44.227.38.189
54.69.98.33
44.227.81.160