Tired of being the last to know when new code is deployed and routes are added to your attack surface?
Meet GitHub Insights, your one-stop-shop to get a Hawk's eye view of your entire attack surface. With this information, you can identify gaps in coverage, align security testing with software development, plan security measures for new assets early in the development process, and collaborate with engineering more efficiently.
How it Works
StackHawk's GitHub integration pulls metadata from your organization's repositories into the StackHawk platform for security teams to easily track and monitor coverage under one roof in the Repositories page.
The integration uses read-only access to extract helpful metadata from your repositories, such as repo name, size, last commit date, and last contributor. By surfacing meaningful metadata from your repos, you can quickly identify and configure applications for testing, maintain continuous visibility of your organization's attack surface, and collaborate with engineering more efficiently.
GitHub Insights can help you answer questions like:
"What's the state of my organization's onboarding process? Which StackHawk apps are configured, which are still not mapped?"
"Is my security coverage keeping up with the speed of development?"
"Who should I work with from engineering when I need to configure a new application for testing or a vulnerability arises in a scan?"
"What repositories in my organization contain key assets/services that should be under test (i.e. APIs)?"
The StackHawk + GitHub Difference
Early Discovery from the Inside Out
Most tools focus on discovering application and API assets after deployment to production, creating a wild goose chase for security teams.
GitHub Insights takes a proactive approach by surfacing repo activity to give security a heads-up before assets are in production. With early insight and context, security teams can strategize on coverage instead of constantly playing catch-up with new and existing applications and APIs.
💡Tip: Use the Repositories filter to identify new assets not under test.
Rapid Application Onboarding
GitHub Insights expands our efforts to take the pain out of deployment and configuration so teams can get their first test under their belts in minutes instead of hours or days.
With your attack surface in front of you, you can quickly create multiple applications in StackHawk at once and flow through onboarding with our step-by-step callouts to move you through the process.
💡Tip: Select multiple repositories to create new applications in bulk or map them back to existing StackHawk applications.
Continuous Visibility of Your Entire Attack Surface
Development never stops, and the state of your coverage today may be different a few months down the road as new assets come online.
As a security tool built for teams deploying software daily, we wanted to provide security folks with a line of sight into what’s happening in their organization. GitHub Insights delivers a high-level view of your organization’s attack surface by connecting application and API assets to their origin source— the code. With continuous visibility of repo activity, your team can plan and recalibrate security measures to ensure your state of coverage aligns with the speed of development and product delivery goals.
💡Tip: Compare the Last Scan and Last Commit dates to ensure your testing frequency provides appropriate coverage.
Efficient Collaboration Between Security and Engineering teams
Determining who to partner with from engineering when a new service needs to be configured for testing or a vulnerability arises is tough when developers outnumber security 100:1.
We've found the most efficient place to start is with the last person working on the code. GitHub Insights tells you the last code contributor so you can collaborate with the right person to get the answers and results you need faster.
💡Tip: Invite the Last Contributor to StackHawk to help configure a new application or access vulnerability details and fix guidance.