GitHub Issues

The GitHub Issues integration lets you turn ZeroThreat scan findings into real, trackable work right inside the repositories your team uses. Connect once, pick the repository, and directly create issues from inside ZeroThreat scans with all the vulnerability details attached. Comments stay in sync between GitHub and ZeroThreat, reducing back-and-forth and keeping everyone aligned. You also get better planning and prioritization with labels, assignees, and status sync for clear visibility into progress. Whether you're running periodic scans or have a fully automated CI/CD pipeline, this integration ensures that vulnerabilities gets visibility and focus within your GitHub repository.

Prerequisites

Before you begin, ensure the following:

  • Your target application is verified on ZeroThreat.

  • You have a GitHub account with permission to create issues in the intended repository.

  • You are logged into the correct GitHub account in your browser.

  • Your target is associated with a professional plan (or any plan that supports Issue Tracking integrations) in ZeroThreat.

Step 1: Connect ZeroThreat to GitHub

  1. Navigate to the Targets () section in ZeroThreat.

  2. Click the Continuous Integration () button for your desired target.

  3. In the configuration drawer, click the Issue Tracking () section.

  4. Locate GitHub and click Authorize.

  1. A new browser tab will open for GitHub authorization. Here you will see all the access rights required. Once ready click on Authorize zerothreatai.

Here, you might be asked to complete your Multi-Factor Authentication that you set with GitHub. Complete the required Authentication.

Once authorized, you’ll be redirected back to your ZeroThreat dashboard.

Step 2: Create GitHub Issues from a Scan Report

Once GitHub is connected:

  1. Go to the Scans () section in ZeroThreat.

  2. Open any completed scan report.

  3. Click the GitHub Issues button at the top of the report.

A GitHub integration popup will appear with configuration options.

Step 3: Configure GitHub Issue Settings

In the GitHub Issue popup:

  • Repository: Select the GitHub repository where you want to track vulnerabilities.

  • Include Organization Resources (optional): Toggle this if you installed the app at the org level and want to browse org-wide repositories and Projects.

  • Projects (optional): Choose a GitHub Project to add issues to for planning and tracking.

    • Supports organization or repository Projects (subject to your GitHub permissions).

Click Submit to save your selections.

Step 4: Create Issues for Vulnerabilities

  1. In the scan report, select the vulnerability you want to create a GitHub Issue for.

  2. Click on Create Issue () once done.

ZeroThreat will generate individual GitHub issues for each finding under that vulnerability.

All findings are immediately pushed to GitHub and can be tracked from either platform (ZeroThreat and GitHub).

You can only create Issue for one vulnerability at a time, this is done to avoid cluttering your Repository. We recommend creating Issues only for the vulnerabilities that have impact, and are confirmed and verified.

Step 5: View and Manage Issues in GitHub

  • Go to Created Issues in ZeroThreat to see all GitHub issues created for that scan.

  • Click any issue to open it directly in GitHub. Each GitHub issue includes:

    • A detailed description of the vulnerability

    • HTTP request and response headers

    • Evidence (such as vulnerable parameters, payloads, or proof of concept)

    • A link back to the full scan report in ZeroThreat

It is important that you don't remove the two labels ZeroThreatAI and ZT-ME0Y8OX39319 (ZT-id). These two labels are used to enable bi-directional sync between ZeroThreat Portal and GitHub, removing this will stop the sync.

Step 6: Bi-directional Comment Sync

Collaborate without switching platforms:

  • Leave comments on the GitHub issue—these will automatically appear in the corresponding vulnerability in ZeroThreat.

  • Add comments from within ZeroThreat—they will be synced back to GitHub Issue.

This ensures both security and engineering teams stay aligned on context and progress.

Step 7: Monitor Issue Status in ZeroThreat

To view the current status of the issues you created:

  1. Open the same scan report where you initially generated the GitHub issues.

  2. Click the GitHub Issue button again and select the same repository (and Project, if used).

You’ll see the latest details for each issue, including assignees, and current status—such as OPEN or CLOSED—mirroring what you see in GitHub.

This provides a central, security-focused view of your development team’s progress on remediation.

Best Practices

  • Create GitHub issues only for validated, high-priority vulnerabilities to avoid noise.

  • Align scan schedules with sprint cycles or release timeleines for smoother remediation planning.

You’re all set with GitHub Issues. Head over to our guide on Reviewing Scan Reports to learn and analyze different sections of the scan report.

PreviousAzure BoardsNextGitLab Issues

Last updated