GitHub Security Alerts Integration

Integration with GitHub Security Alerts

GitHub provides a feature to detect vulnerabilities in libraries as standard.

• Documentation
• Supported package ecosystems

You can import vulnerabilities detected in the specified GitHub repository on FutureVuls and manage them on FutureVuls. The steps for integration are as follows.

• Turn on GitHub Security Alerts settings
• Issue a GitHub token
• Register the GitHub token for the group from Group settings > External integration by the group administrator
• Register the desired GitHub “owner/repository name” and token from Server > Details (associations are possible with both actual and pseudo servers)

The specific steps are as follows.

• Turn on GitHub Security Alerts settings

• Issue a GitHub token from Edit personal access token

  • Reference: Setting up GitHub Personal Access Tokens

• Register the token for the group from Group settings > External integration by the group administrator

• Select the desired GitHub repository and token from Server > Details

• For actual servers, integration will be reflected in the next scan, and for pseudo-servers, integration will be reflected immediately by clicking the “Manual Scan” button.

• The corresponding library is displayed in Server > Software