GitHub Integration

DevGuard integrates with GitHub through a GitHub App, providing secure access to your repositories for issue management.

Overview

The GitHub integration provides:

  • Repository Access: List and import repositories from GitHub organizations
  • Issue Management: Create and update GitHub Issues for discovered vulnerabilities
  • Webhook Processing: React to issue changes and comments in real-time
  • CI/CD Integration: Automated scanning via GitHub Actions

How It Works

  1. Configure Integration: Add the DevGuard GitHub App to your GitHub organization
  2. Link Asset: Connect a DevGuard asset to a GitHub repository
  3. Create Issues: Vulnerabilities can be pushed to GitHub Issues for tracking (automatically or manually)
  4. Sync Status: Changes in either system are synchronized via webhooks

Issue Creation

When a vulnerability is flagged for remediation, DevGuard creates a GitHub issue containing detailed information about the vulnerability, including severity, affected components, and labels for categorization.

Comment Commands

Users can control vulnerability status through issue comments:

CommandEffect
/accept <reason>Accept the vulnerability risk
/component-not-present <reason>Mark as false positive
/vulnerable-code-not-present <reason>Mark as false positive
/vulnerable-code-not-in-execute-path <reason>Mark as false positive
/vulnerable-code-cannot-be-controlled-by-adversary <reason>Mark as false positive
/inline-mitigations-already-exist <reason>Mark as false positive
/reopenReopen a closed vulnerability

Processed Events

EventAction
Issue ClosedVulnerability marked as accepted
Issue ReopenedVulnerability reopened
Issue DeletedVulnerability marked as false positive
Comment AddedProcess slash commands

Issue State Synchronization

GitHub ActionDevGuard Interpretation
Close issueVulnerability accepted
Reopen issueVulnerability reopened
Delete issueVulnerability false positive