GitHub Issues

GitHub Issues

Sentinel can create GitHub issues from approved findings, with deduplication and dry-run support.

Workflow

1. Scan — sentinel scan /repo produces findings
2. Review — inspect findings via CLI (sentinel findings) or Web UI
3. Approve — sentinel approve <id> marks findings for issue creation
4. Create — sentinel create-issues creates GitHub issues from approved findings

Setup

Set these environment variables (or pass via CLI flags):

export SENTINEL_GITHUB_TOKEN=ghp_...      # GitHub personal access token
export SENTINEL_GITHUB_OWNER=your-username # Repo owner
export SENTINEL_GITHUB_REPO=your-repo      # Repo name

The token needs repo scope (or public_repo for public repos).

Approve findings

# Approve by finding ID
sentinel approve 7
sentinel approve 12

# Or approve via the web UI with the "Approve" button

Create issues

# Preview first (no API calls)
sentinel create-issues --dry-run

# Create for real
sentinel create-issues

Issue format

Created issues include:

• Title from the finding title
• Body with severity, detector, description, evidence, and file location
• Labels: sentinel, detector name, severity level
• Deduplication: won't create an issue if one with the same fingerprint already exists as an open issue

CLI options

sentinel create-issues \
  --owner jcentner \
  --github-repo sentinel \
  --token ghp_... \
  --dry-run \
  --json-output

Security: Prefer SENTINEL_GITHUB_TOKEN env var over --token flag to avoid shell history leaks.

JSON output

sentinel create-issues --json-output

Returns structured JSON with created issue URLs and any errors.