Web of Trusted Things - Introducing WoTT's GitHub Integration

Introducing WoTT's GitHub Integration By Viktor Petersson on November 27, 2019 | 0 Comments

Main image for post - Introducing WoTT's GitHub Integration

announcement github devsecops devops

share

There’s no doubt that GitHub has become one of the most popular platforms for developer collaboration and communication. Increasingly, GitHub is also used for project management across developer and Dev(Sec)Ops teams. Because of this, it is increasingly where the security fixes are being tracked too.

For instance, GitHub recently announced their Security Alerts, which helps you audit vulnerabilities in dependencies. There’s also Snyk’s GitHub integration, that does similar audits. Hence, GitHub is becoming the hub for tracking security issues.

While GitHub’s Security Alerts (and Snyk) are great ways to secure your application dependencies, they only track part of the security posture. They neglect VM (or bare metal) security audits.

This is why we are super excited to announce WoTT’s GitHub integration.

With WoTT’s GitHub integration, the wott-bot will automatically generate GitHub Issues based on our Recommended Actions. You can then easily assign ownership and schedule the work as part of your sprints.

Example of an event in GitHub

The integration is currently in beta and is available to all users.

To get started, login to your WoTT Dashboard and navigate to your profile (upper right-hand corner) and select GitHub Integration.

Click the ‘Authorize GitHub’ and follow the wizard to authorize the wott-bot to create issues. The repository can be either public or private. Since these are security issues, it is recommended that you use a private repository. Also, please do note that WoTT cannot read your code base. It can only create GitHub issues.

Once you’re finished the wizard, you should be able to select the repository that you’ve granted access from the drop down list.

GitHub configuration in Dashboard

Lastly, you now need to select “Install App” for the bot to be able to create Issues. Once that’s done, you should start seeing GitHub Issues created as they are discovered by WoTT (and updated when something changes).

If you got any questions or issues, please drop us a line at hey@wott.io or reach out to us at @WoTTSecurity on Twitter.

And while you're here...

Did you know that WoTT gives you free security audits, including CVE scanning, for your first node? Sign up today.

Related articles

tutorials Create audit trails with sudoreplay By Viktor Petersson on March 27, 2020 `sudo` is a tool used by most Linux/UNIX users on a daily basis to escalate permission. If you're like me, you likely though that the features in `sudo` were "done" and final, just like you don't monitor the the changelog for new features in `tar` (or at least I'm not). This is... Continue reading

tutorials Meltdown and Spectre By Fiona McAllister on January 20, 2020 # Hardware Vulnerabilities: Meltdown and Spectre and how to protect yourself ## Introduction Meltdown and Spectre refer to 3 variants of hardware vulnerability found by the [Google Project Zero Team](https://googleprojectzero.blogspot.com) and various other academic institutions and field experts. Unfortunately, these vulnerabilities exist on practically every piece of commercial hardware made since 1995.... Continue reading

thoughts The DevSecOps Iceberg By Viktor Petersson on November 29, 2019 Security is a complicated topic. There are countless attack vectors and threat models to take into consideration when designing a security strategy. Over the last year, we've spoken to companies of different sizes about their security strategies and practices. Based on these discussions, we've come up with something we call the DevSecOps... Continue reading