StackHawk’s official GitHub App integration.
StackHawk with GitHub helps teams find security issues in open-source dependencies and proprietary code before they hit production. View your GitHub CodeQL results, including the line of code, alongside your HawkScan findings. Teams use GitHub CodeQL to show where there may be a vulnerability then confirm it is exploitable and validate with a StackHawk HawkScan. Correlating the two scan result sets helps developers immediately prioritize issues then confirm, reproduce and fix them quickly and efficiently.
- Automatically link HawkScan Findings with GitHub CodeQL Issues whenever you scan your application.
- Finding Details with linked CodeQL issues show where in the code the vulnerability was identified with links to GitHub for further information.
- You must have a StackHawk account.
- Your StackHawk account needs to be on a Pro or Enterprise plan to use the GitHub Integration.
- You must be allowed to install GitHub Apps to your organization / account.
- Log into StackHawk and visit the GitHub CodeQL Integration page.
- Click the
- Follow the prompts in GitHub to select your GitHub Organization / Account, then repositories for the install, then click
- Once the install is complete, click the
Addbutton to configure your first and subsequent GitHub repository to StackHawk application mapping.
- Now on the GitHub Integration page, you should now see a
Connected Projectslist that shows the connected GitHub repository and Application.
You can add and delete
Connected Projects from the GitHub CodeQL Integration page.
Once the GitHub Integration is installed and a StackHawk Application is connected to a GitHub repository, future scans will show findings correlated to CodeQL issues based on the CWE ID. When a StackHawk Application and a GitHub Repository with CodeQL findings are connected, HawkScan will link its Findings with correlated GitHub CodeQL Issues for all Environments in the given Application.
Applications mapped to a GitHub repository will have the logo under the name of the Application.
When viewing the Scan list or the list of Findings on a specific scan, a
SAST column with be present. If this column has the GitHub logo, this means that there is a linked GitHub CodeQL Issue.
When looking at the details of a specific Finding that has a linked GitHub CodeQL Issue, the
GitHub CodeQL tab will be displayed.
It will have details on the GitHub CodeQL Issues, with links to GitHub for more information.
Note that the
GitHub CodeQL tab in Finding Details will show at most 15 instances of the found CodeQL Issue.
If your scan results aren’t showing any linked GitHub CodeQL Issues and you are expecting them to, make sure you have connected a StackHawk Application and GitHub repository in the GitHub Integration.
CodeQL Issues will only be linked for scans run when an Application and Project are connected, there is no way to retroactively link past scans with GitHub CodeQL issues.
Currently, it’s not possible to select a single Environment under an Application to map to a GitHub repository. Mappings are done at the Application level and so all scans for all Environments in that Application will get Findings linked with GitHub CodeQL Issues.
Have any suggestions, feature requests, or feedback to share? Drop us a line at firstname.lastname@example.org.