Import HackerOne reports into GitLab
Problem to solve
The first step to automatically import HackerOne reports into GitLab is to set up a connection between the two. This requires credentials for HackerOne access that can be used by the GitLab integration.
Once connected, the GitLab integration should be able to fetch new reports related to that specific account, and create first-class vulnerabilities in GitLab.
Target audience
Security Analyst Persona: Security Analyst
Further details
Our Security Team already imports data from HackerOne, we should look at how it works to implement something generic that can be adapted to any customer and their workflows.
Proposal
- create a GitLab integration service with authentication data to access HackerOne
- create a connection between HackerOne and GitLab projects
- set up an automated fetch of new reports from HackerOne
- turn the new reports into GitLab first-class vulnerabilities
- create GitLab issues from vulnerabilities
What does success look like, and how can we measure that?
- Number of integration services set up.
- Number of vulnerabilities imported by the service.
Edited by Fabio Busatto