Skip to main content

Set up Cases and GitHub Issues

Set up cases in a space to allow users in the space to keep track of security tasks and add GitHub issues directly from within the Mondoo Console. Cases setup involves configuring Mondoo to integrate with GitHub.

For an overview of cases, read Track and Fix Findings with Cases and Your Ticket System.

Prerequisites

  • Owner or Editor access to the Mondoo space

  • A GitHub account with access to the project where you want Mondoo to add issues

  • Access to a GitHub organization or repository

Create a GitHub personal access token to give Mondoo access to the repository

A personal access token gives Mondoo the ability to create GitHub issues on your behalf. A token can grant access to an entire GitHub organization or only to specific repositories. Once you share the token with Mondoo, any new cases created in the space can write new GitHub issues using that token.

To learn more about personal access tokens, read Managing your personal access tokens in the GitHub documentation.

  1. Log into GitHub. If you haven't verified your email address with GitHub, do that now.

  2. In the upper-right corner of any GitHub page, select your profile photo and then select Settings.

  3. In the left sidebar, select Developer settings.

  4. In the left sidebar, under Personal access tokens, select Fine-grained tokens.

  5. Near the top-right corner of the page, select the Generate new token button.

  6. In the Token name box, enter an easily identifiable name, such as Mondoo cases integration.

  7. In the Resource owner drop-down list, select the organization that owns the repository or repositories where you want Mondoo to create issues.

  8. In the Expiration drop-down list, select the number of days before the token expires. (Be sure to note the expiration date so that, as it approaches, you can create a new one without interrupting the Mondoo-GitHub integration.)

  9. Under Repository access, select All repositories to give Mondoo access to all the repositories in the chosen organization, or select Only select repositories and add the repositories you want to give Mondoo access to.

  10. Select Repository permissions and, in the Issues drop-down list, select Read and write.

  11. Select the Generate token button.

  12. Copy the token that GitHub generates. You need it in the next steps.

note

If your GitHub organization requires approval for personal access tokens, Mondoo can't use your token until a GitHub organization administrator approves the token.

tip

If you prefer, you can create a classic personal access token. Assign the repo scope to the classic token. To learn more, read Creating a personal access token (classic) in the GitHub documentation.

Add a GitHub integration

  1. In the Mondoo Console, navigate to the space where you want to set up cases and, in the side navigation bar, select Cases.

    Configure cases in Mondoo

  2. Select the ADD INTEGRATION button.

    Configure cases in Mondoo

  3. Select GitHub Issues.

    Configure cases in Mondoo

  4. In the Choose an integration name box, enter a name for the integration. Make it a name that clearly shows this is a GitHub integration.

  5. If you have a GitHub Enterprise account, in the Provide GitHub Enterprise URL box, type the URL for the account. This is the URL you use to access the home page for your GitHub account. An example is https://github.mycompany.com.

  6. In the Provide your personal access token box, paste the token you copied from GitHub in the steps above.

  7. To close a case in Mondoo when the corresponding GitHub issue closes, enable Automatically close cases.

  8. To create a case and a corresponding GitHub issue when an asset becomes more exposed to attack, enable Create drift issues in this integration and enter the GitHub organization and repository where you want to create new issues. To learn more, read Automatically create cases on drift.

  9. Select the CREATE INTEGRATION button.

Learn more