Adding GitHub Repositories
This guide includes authorizing your GitHub account with HackerOne, installing the the HackerOne Code GitHub application (PullRequest) to your Organization, and syncing with your repositories.
Last updated
This guide includes authorizing your GitHub account with HackerOne, installing the the HackerOne Code GitHub application (PullRequest) to your Organization, and syncing with your repositories.
Last updated
HackerOne's GitHub application for our code security product is an a verified application in GitHub's official marketplace .
This application is compatible for GitHub Organizations using:
After , you'll be prompted to authorize and connect with a version control hosting provider. Click the Sync with GitHub option.
You'll then be asked to authorize your GitHub user account with PullRequest.
After authorizing with your GitHub account, you'll be directed to a page to select which GitHub Organization you want to install PullRequest on.
If a GitHub Profile or Organization already has PullRequest installed, the text Configure will appear on the selection.
Q: I don't see the Organization I'm trying to add. How do I add it?
You'll be asked to allow PullRequest to access All Repositories or Only select repositories.
After you've made your selection, click the Install button.
Our integration adheres to the principle of least privilege, ensuring that it only has the access necessary to perform its intended function—providing valuable insights in pull request discussions. Here are the permissions we require and how we use them.
You can to access this page directly.
A: You'll need to reach out to an Owner of your GitHub Organization with to complete the integration. We recommend also including the which describes what we need the integration permissions for and how we use them.
To determine who in your GitHub Organization has an Owner role, follow .
Required Permissions for GitHub.com and GitHub Enterprise Cloud Integration
This allows our service to to mark the status of our scanning and validation operations based on relevant commits. These states include: error, failure, pending, or success. Statuses will be visible from the pull request in GitHub to let end users know a scan is in progress. When it completes, they'll see a high-level description of the outcome of the scan.
We use the Issues permission to subscribe to events related to a pull request comment and for updating comment state (e.g., mark an inline comment as "Resolved"). GitHub's REST API considers every pull request an issue, which is why we need it in addition to the Pull Requests permission.
This permission allows our system to detect pull requests, information about them our system needs for determining workflow executions and so end-users can interact with the service from the GitHub interface.
Our service never updates or deletes source code in your repository. Our integration DOES NOT execute any code-modifying operations.
Our system uses this permission to and of the GitHub Organization which can be assigned service licenses in our systems and so it can determine what teams are visible to end-users.
This allows our service to get contents of a repository as needed for code scanning and validation. For example, certain files within a repository that are unchanged in the pull request code diff may still be relevant for determining reachability of a detected issue. The Contents permission allows our system to call to GitHub with a path parameter to reference the contents it needs.
The Metadata permission is required for all GitHub applications. This allows our system to list repositories, contributors, know what contributors have access to, and ensure any changes in GitHub are up-to-date in our systems.
When a member of your team creates a user account, our system uses this permission to apply the email address for their GitHub user to user profile in our systems. We use email communication for service events, occasional product release notes, and in case our staff need to reach out directly.
Your repositories should now appear on our page when the GitHub Organization is selected from the Organizations drop-down menu at the top-left portion of the screen.
NOTE: This guide contains screenshots from third-party partner interfaces that may be modified without notice. If you have any issues or questions about connecting with PullRequest, please reach out to .
