Skip to content

GitHub Integration#

GitHub provides a built-in feature to detect vulnerabilities in libraries.

You can import vulnerabilities detected in a specified GitHub repository into FutureVuls and manage them on the FutureVuls platform. The integration procedure is as follows:

  1. Enable GitHub Security Alerts
  2. Generate a GitHub token
  3. As a group administrator, register the GitHub token for the group under Group Settings > External Integration
  4. From the Server / Product details, register the owner/repository_name of the GitHub repository you want to integrate and select the token to use

Enabling GitHub Security Alerts#

Refer to the "GitHub Documentation" to enable the GitHub Security Alerts setting.

Generating a GitHub Token#

Generate a GitHub token from Personal access tokens (classic).

The repo (Full control of private repositories) scope is required (Reference: How to set up GitHub "Personal access tokens" - in Japanese)

When using Fine-grained personal access tokens

If you are setting up Fine-grained personal access tokens (Beta), please be aware of the following:

  • Expiration: Ensure it has not expired
  • Resource owner: Ensure this is set to the owner (Organization) of the target repository
  • Repository access: Ensure the target repository is included
  • Repository permissions: Ensure the following scopes have at least read-only access
    • Contents
    • Dependabot alerts
    • Metadata

Configuring External Integration#

As a group administrator, register the token created above under Group Settings > External Integration.

Group Settings > GitHub Integration

Register the token using the "Add" button. Also, set a token name to identify it within FutureVuls.

The configuration is complete once the added token appears in the list.

Adding a GitHub token

Registering a GitHub Repository to a Server#

From the Server / Product details, select the GitHub repository you want to integrate and the token.

GitHub Repository Integration

If registration is successful, the registered repository will appear in the list.

Clicking the GitHub icon in the settings will take you to the corresponding repository on GitHub. You can also switch tokens or remove the integration by clicking Edit.

GitHub Repository Integration

When Scan Results are Reflected

After integration, you can update the scan results by running a "Manual Scan" from the Server / Product details. For an actual server, the results will also update during the next scheduled scan.

After the scan, the corresponding libraries will be displayed under Server > Software.