Skip to main content

Integrate with GitHub

Set up an integration to automatically send issues to GitHub when Contrast finds them in your applications.

Before you start, be sure you have:

  • GitHub account credentials (username and personal access token). When you generate your personal access token, be sure to enable the repo permissions.

  • Access to a GitHub organization and repository for the application.

  • Write permission (push access) to the repository. This is required to set labels, milestones and assignees in the configuration form.

  • A running GitHub instance accessible via HTTP to Contrast.

To connect with GitHub:

  1. Go to Organization settings > Integrations in the user menu.

  2. Click Connect in the row for GitHub.

  3. In the Connect with GitHub form, add the name for the bugtracker entry, the username for the account connected to GitHub and the password for the specified username in the appropriate fields. The GitHub URL must be accessible from the Contrast instance being configured.

  4. Automatically create issues in GitHub for newly discovered vulnerabilities by checking the box at the bottom of the configuration form. In the multiselect field that appears, choose the Rules and Severity levels of the vulnerabilities for which you want to generate tickets. The default selections are Critical and High.

  5. Once you complete the fields, select Test connection. This process may take a few moments depending on the number of your GitHub organizations and repositories. The test verifies that the GitHub instance can be reached by Contrast and that the specified user is able to log in.

  6. Once a connection is made, select the Applications that you want to be available to this bugtracker.

  7. Select the values for the GitHub organization and Repository fields using the dropdowns.


    If you change the GitHub organization or Repository values, you must re-enter the values for optional fields.

  8. Optionally, add LabelsAssignees and a Milestone for GitHub issues using the given fields.


For multiple vulnerabilities sent in bulk to GitHub as a single issue, the GitHub ticket status applies to all vulnerabilities associated with that ticket. For multiple issues tied to a single vulnerability, the vulnerability can only be closed when all the tickets are closed.