Drata

The GitHub Issues integration enables security and compliance teams to track and verify security issues within GitHub. It connects Drata to GitHub Issues so your team can demonstrate that vulnerabilities are logged, categorized, and prioritized according to your vulnerability management policies.

Security issue tracking: Monitor vulnerability-related issues within GitHub

Severity verification: Validate that issues are categorized by severity levels

Automated evidence collection: Provide auditors with proof that security issues are tracked and managed

- Security issue tracking: Monitor vulnerability-related issues within GitHub
- Severity verification: Validate that issues are categorized by severity levels
- Automated evidence collection: Provide auditors with proof that security issues are tracked and managed

This integration is used to automate tests such as vulnerability tracking verification and issue remediation monitoring, helping prove compliance with vulnerability management policies.

Owner access to your organization’s GitHub account

Access to your organization’s GitHub Issues labels and severity classifications

Required Drata Role with Write access: Admin, Workspace Managers, DevOps Engineer

Access Reviewers (Access Reviewers can only Read the connection page they can’t make changes)

- Owner access to your organization’s GitHub account
- Access to your organization’s GitHub Issues labels and severity classifications
- Required Drata Role with Write access: Admin, Workspace Managers, DevOps Engineer
- Access Reviewers (Access Reviewers can only Read the connection page they can’t make changes)

Navigate to the repository or organization where security issues are tracked.

Identify the label used to categorize security-related issues (for example, <code>Security</code>).

1. Log in to GitHub.
2. Navigate to the repository or organization where security issues are tracked.
3. Identify the label used to categorize security-related issues (for example, <code>Security</code>).

Expected outcome: You know the label used to identify security issues in GitHub Issues.

In GitHub, review the labels used to categorize issue severity.

Identify the labels used for the following severity levels:

- Critical
- High
- Medium
- Low

1. In GitHub, review the labels used to categorize issue severity.
2. Identify the labels used for the following severity levels:
 - Critical
 - High
 - Medium
 - Low

Expected outcome: You know the labels used for each severity level in GitHub Issues.

Log in to Drata → go to the Connections page.

Navigate to your Available Connections.

Search for and start the GitHub Issues connection process.

- Account Alias – a unique identifier for the integration
- Security Label – the label used for security issues
- Critical Severity Label
- High Severity Label
- Medium Severity Label
- Low Severity Label

1. Log in to Drata → go to the Connections page.
2. Navigate to your Available Connections.
3. Search for and start the GitHub Issues connection process.
4. Enter the required values when prompted:
 - Account Alias – a unique identifier for the integration
 - Security Label – the label used for security issues
 - Critical Severity Label
 - High Severity Label
 - Medium Severity Label
 - Low Severity Label

Expected outcome: GitHub Issues is successfully connected and issue tracking data begins syncing to Drata.

This integration is used to verify that security vulnerabilities are tracked and prioritized according to your organization’s vulnerability management policies.

The Security Label must match the label used in GitHub Issues to categorize security issues.

Severity labels entered during setup must match the labels used in GitHub Issues.

If labels are renamed or removed in GitHub, the integration may not correctly categorize issues.

- This integration is used to verify that security vulnerabilities are tracked and prioritized according to your organization’s vulnerability management policies.
- The Security Label must match the label used in GitHub Issues to categorize security issues.
- Severity labels entered during setup must match the labels used in GitHub Issues.
- If labels are renamed or removed in GitHub, the integration may not correctly categorize issues.

Making the initial connection to GitHub Issues

GitHub Issues Integration Guide

Home

Contact Sales

Support

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Empty Help Center

Uh oh. That page doesn’t exist.

Search results

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Permission/Scope	Why It’s Needed
GitHub organization owner access	Allows Drata to connect and retrieve issue tracking data
Security label	Identifies which issues represent security-related tickets
Severity labels	Maps GitHub issue severity levels to Drata’s severity categories

GitHub Issues Integration Guide

Key Capabilities

Prerequisites & Data Access

Permissions & Data Table

Step-by-Step Setup

Step 1: Identify Your Security Label

Step 2: Identify Severity Labels

Step 3: Connect GitHub Issues in Drata

Important Notes