Configure GitHub Posting User

The service interfaces with users in GitHub projects through a "HackerOne" member of your GitHub team. So a GitHub user must be created and configured as a Posting or Service user.

Prerequisites

The GitHub posting user must be created by an individual on your team with the following administrative permissions:

A HackerOne Code user account with an Owner role for the organization in question.
An Owner role on your GitHub Enterprise Group.

Create Posting User

Log in to your GitHub instance as an administrator and create a new user with the username HackerOne or PullRequest. HackerOne Code will use this user to post scan results and validated issues.

***We strongly recommend adding the following image as the posting user's avatar. This provides a much better end-user experience; it allows the service to be easily identified in the GitHub interface:

22KB

hackerone-posting-user-avatar.jpg

image

Add Posting User to Projects

Add the posting or services user you created for HackerOne Code to all of the organizations/repositories you want code review on. Be sure to grant the user WRITE access so it's able to list repository collaborators and post comments.

Read more about the permissions HackerOne Code requires and how we use them here.

Create GitHub Access Token

Log into GitHub as the HackerOne Code user you just created.

This may be easier in another browser or in an incognito tab so you can remain logged in as the GitHub owner user.

Open Settings -> Developer settings -> Personal access tokens. This should be accessible from the following path using your own instance's domain instead of our-github.internal:

https://our-github.internal/settings/tokens

Click Generate new token and create a Personal Access Token with the following properties:

Note: For your team's internal use. No functionality is associated with this property.
Scopes: The repo (all of them), read:org, read:user, user:email, and write:discussion scopes should all be checked.

Once generated, copy the personal access token to your clipboard so we can configure the connection to GitHub.

Connecting PullRequest Proxy to GitHub

Now, it's time to return to that text file we're editing on the proxy server. Go ahead and set the following keys based on what was configured above.

PROVIDER_TYPE=github
PROVIDER_BASE_URL=https://our-github.internal/api/v3
PROVIDER_USERNAME=PullRequest
PROVIDER_ACCESS_TOKEN=<access_token>

Make sure the GitHub URL represents the path to the version 3 of the GitHub API

Make sure the HackerOne Code Posting User's username is spelled exactly as the username of the user that was created. We highly recommend "HackerOne" (all one word, PascalCase) to maintain communication consistency.

PreviousConfigure Posting User NextConfigure Bitbucket Posting User

Last updated 2 months ago