Hamburger Icon

GitHub Insights

Nicole Jones

Nicole Jones|September 6, 2023

GitHub Insights is in open beta for all StackHawk customers and trial users. Learn how it works and how you can leverage repository insights to ensure complete coverage for your organization.

Tired of being the last to know when new code is deployed and routes are added to your attack surface?

Meet GitHub Insights, your one-stop-shop to get a Hawk's eye view of your entire attack surface. With this information, you can identify gaps in coverage, align security testing with software development, plan security measures for new assets early in the development process, and collaborate with engineering more efficiently. 

GitHub Insights Repositories Page image

How it Works

StackHawk's GitHub integration pulls metadata from your organization's repositories into the StackHawk platform for security teams to easily track and monitor coverage under one roof in the Repositories page

The integration uses read-only access to extract helpful metadata from your repositories, such as repo name, size, last commit date, and last contributor. By surfacing meaningful metadata from your repos, you can quickly identify and configure applications for testing, maintain continuous visibility of your organization's attack surface, and collaborate with engineering more efficiently.

GitHub Insights can help you answer questions like: 

  • "What's the state of my organization's onboarding process?  Which StackHawk apps are configured, which are still not mapped?"

  • "Is my security coverage keeping up with the speed of development?"

  • "Who should I work with from engineering when I need to configure a new application for testing or a vulnerability arises in a scan?"

  • "What repositories in my organization contain key assets/services that should be under test (i.e. APIs)?"

👀 Watch the recording from our Office Hours session, Gitty Up with GitHub Insights, to see it in action!

The StackHawk + GitHub Difference

Early Discovery from the Inside Out

Discover new applications for testing in the Repositories page image

Most tools focus on discovering application and API assets after deployment to production, creating a wild goose chase for security teams.

GitHub Insights takes a proactive approach by surfacing repo activity to give security a heads-up before assets are in production. With early insight and context, security teams can strategize on coverage instead of constantly playing catch-up with new and existing applications and APIs.

💡Tip: Use the Repositories filter to identify new assets not under test.

Rapid Application Onboarding

Announcing GitHub Insights image

GitHub Insights expands our efforts to take the pain out of deployment and configuration so teams can get their first test under their belts in minutes instead of hours or days.

With your attack surface in front of you, you can quickly create multiple applications in StackHawk at once and flow through onboarding with our step-by-step callouts to move you through the process.

💡Tip: Select multiple repositories to create new applications in bulk or map them back to existing StackHawk applications.

Continuous Visibility of Your Entire Attack Surface

Continuous visibility of your attack surface image

Development never stops, and the state of your coverage today may be different a few months down the road as new assets come online.

As a security tool built for teams deploying software daily, we wanted to provide security folks with a line of sight into what’s happening in their organization. GitHub Insights delivers a high-level view of your organization’s attack surface by connecting application and API assets to their origin source— the code. With continuous visibility of repo activity, your team can plan and recalibrate security measures to ensure your state of coverage aligns with the speed of development and product delivery goals.

💡Tip: Compare the Last Scan and Last Commit dates to ensure your testing frequency provides appropriate coverage.

Efficient Collaboration Between Security and Engineering teams

GitHub Insights code contributor details image

Determining who to partner with from engineering when a new service needs to be configured for testing or a vulnerability arises is tough when developers outnumber security 100:1. 

We've found the most efficient place to start is with the last person working on the code. GitHub Insights tells you the last code contributor so you can collaborate with the right person to get the answers and results you need faster. 

💡Tip: Invite the Last Contributor to StackHawk to help configure a new application or access vulnerability details and fix guidance.

GitHub Insights is in open beta for all StackHawk customers. If you’re interested in trying it out, sign up for a free trial or reach out to see a demo.

Nicole Jones  |  September 6, 2023

Read More

StackHawk + GitHub: A Saga in Shift-Left Security

StackHawk + GitHub:A Saga in Shift-Left Security

Streamlining Security Tooling in the Developer Workflow with StackHawk and GitHub CodeQL

Streamlining Security Toolingin the Developer Workflowwith StackHawk and GitHub CodeQL

Running StackHawk in CI/CD

Running StackHawkin CI/CD