This Extension enables GitHub integration. When the assessment is finalized, vulnerabilities matching the configured severity levels will be sent to GitHub as issues and FACTION will be updated with the GitHub issue number.
To use this extension you must:
-
Configure the GitHub API Key in Faction:
- In the FACTION App Dashboard configuration, set "Github API Key" with your GitHub Personal Access Token
- You can create a token at GitHub Settings -> Developer settings -> Personal access tokens
- The token needs
reposcope to create issues - Note: This is a required configuration - the extension will not work without it
-
Configure Severity Levels (optional):
- In the FACTION App Dashboard configuration, set "Severity Levels" as a comma-separated list
- Default value is "5,4" (Critical and High severity)
- Severity mapping: 5=Critical, 4=High, 3=Medium, 2=Low, 1=Info
- Example: "5,4,3" would process Critical, High, and Medium vulnerabilities
-
Configure Issue Tags (optional):
- In the FACTION App Dashboard configuration, set "Issue Tags" as a comma-separated list
- Default value is "security,vulnerability"
- These tags/labels will be automatically added to all created GitHub issues
- Example: "security,bug,needs-review" would add three labels to each issue
-
Create a Custom Field in FACTION called "GitHub Repo" with the value in the format
owner/repository(e.g.,myorg/myrepo). -
The extension will automatically create issues for vulnerabilities matching the configured severity levels when the assessment is finalized
You can find more information about extensions here
mvn clean compile assembly:single