Integrating Syhunt with Issue Trackers

The information in this document applies to version 6.9.17 of Syhunt Hybrid.

Configuring an issue tracker is an easy task and vulnerabilities can be submitted to a specific project with the click of a button.

Integrating with GitHub Issues

Firstly, If you have not done so already, you have to create a personal access token with repo access permission:

  1. Log in to GitHub.
  2. In the upper-right corner, click your avatar and select Settings.
  3. On the Personal settings menu (left side of screen), scroll down and select Developer settings.
  4. Select Personal access tokens and click the button Generate new token.
  5. Enter an optional note for the token.
  6. Choose the repo scope.
  7. Click the Generate token button.
  8. Save the personal access token somewhere safe. Once you leave or refresh the page, you won’t be able to access it again.

Finally, you have to add a GitHub tracker:

  1. Click the Issue Trackers icon in the launcher toolbar. The Issue Trackers screen will open.
  2. Click the Add Tracker icon in the Issue Trackers screen toolbar and choose the Add tracker: Github menu option.
  3. Enter a reference name for the new tracker (like MyProjectName) and hit OK. A preferences dialog window will open.
  4. Enter the GitHub project name. Format must be owner/repo.
  5. Enter your GitHub personal access token and click the OK button.

The tracker is ready! Right click the item you just edited in the list and click the Submit Test Issue option. If you configured everything properly, a test issue item should be created at https://github.com/[owner]/[repo]/issues. If not, you will see an error message giving a hint of what needs to be done.

Integrating with GitLab Issues

If you are looking into integrating Syhunt with GitLab's CI and security dashboard, please read this other document.

Firstly, If you have not done so already, you have to create a personal access token with API access permission:

  1. Log in to GitLab.
  2. In the upper-right corner, click your avatar and select Settings.
  3. On the User Settings menu, select Access Tokens.
  4. Choose a name and optional expiry date for the token.
  5. Choose the API scope.
  6. Click the Create personal access token button.
  7. Save the personal access token somewhere safe. Once you leave or refresh the page, you won’t be able to access it again.

Finally, you have to add a GitLab tracker:

  1. Click the Issue Trackers icon in the launcher toolbar in Syhunt. The Issue Trackers screen will open.
  2. Click the Add Tracker icon in the Issue Trackers screen toolbar and choose the Add tracker: GitLab menu option.
  3. Enter a reference name for the new tracker (like MyProjectName) and hit OK. A preferences dialog window will open.
  4. Enter the GitLab project name. Format must be owner/repo.
  5. Enter the GitLab Server URL, eg: https://gitlab.com/ or your own server URL.
  6. Enter your GitLab personal access token and click the OK button.

The tracker is ready! Right click the item you just edited in the list and click the Submit Test Issue option. If you configured everything properly, a test issue item should be created at https://[gitlab_server]/[owner]/[repo]/issues. If not, you will see an error message giving a hint of what needs to be done.

Integrating with JIRA Issues

Firstly, you have to add a JIRA tracker:

  1. Click the Issue Trackers icon in the launcher toolbar. The Issue Trackers screen will open.
  2. Click the Add Tracker icon in the Issue Trackers screen toolbar and choose the Add tracker: JIRA menu option.
  3. Enter a reference name for the new tracker (like MyProjectName) and hit OK. A preferences dialog window will open.
  4. Enter a valid JIRA project name.
  5. Enter the JIRA Server URL, eg: http://[IP]:8080/
  6. Enter a valid issue type name if you don't want to use the default name
  7. Enter your JIRA credentials (username and password) and click the OK button.

The tracker is ready! Right click the item you just edited in the list and click the Submit Test Issue option. If you configured everything properly, a test issue item should be created at your JIRA project page. If not, you will see an error message giving a hint of what needs to be done.

Submitting Vulnerabilities To a Tracker

  1. After you finish a scan, click -> View Vulnerabilities from the toolbar. Alternatively, you can click -> Past Sessions. Right click the last session in the session list and click the View Vulnerabilities menu option. The Session Details tab will open.
  2. Check a single or multiple vulnerabilities, click the Send To button (as shown in the image below) and then select the tracker you want the vulnerabilities to be sent to.

Syhunt can also automatically send a summary of the identified vulnerabilities to a tracker if you provide the -si parameter to the scanurl or scancode command, as explained in the CLI documentation or, if you are using YML or Powershell, through the -tracker parameter. Example:


-- From Powershell (previously created tracker)
Start-CodeScan -pfcond "medium" -tracker "YOURTRACKERNAME"

-- From Powershell (dynamic tracker)
Start-CodeScan -pfcond "medium" -tracker "?app=github###project=user/project###token=YOURTOKEN"

-- Within GitHub's YML (dynamic tracker)
Start-CodeScan -pfcond "medium" -tracker "?app=github###project=${{ github.repository }}###token=${{ secrets.GITHUB_TOKEN }}"

For additional product documentation, visit syhunt.com/docs

Contact