{"id":22014747,"url":"https://github.com/neuralegion/issue-linker","last_synced_at":"2025-07-08T12:06:54.534Z","repository":{"id":186129898,"uuid":"640520888","full_name":"NeuraLegion/issue-linker","owner":"NeuraLegion","description":"A CLI tool to link between SAST issues and BrightSec issues","archived":false,"fork":false,"pushed_at":"2024-01-24T10:36:52.000Z","size":56,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":15,"default_branch":"main","last_synced_at":"2025-01-28T15:31:14.061Z","etag":null,"topics":["appsec","dast","sast","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"Crystal","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NeuraLegion.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-14T11:21:08.000Z","updated_at":"2023-09-11T15:58:55.000Z","dependencies_parsed_at":null,"dependency_job_id":"695ca240-acf4-47e2-abdb-29a1acf14ca1","html_url":"https://github.com/NeuraLegion/issue-linker","commit_stats":null,"previous_names":["neuralegion/issue-linker"],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NeuraLegion%2Fissue-linker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NeuraLegion%2Fissue-linker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NeuraLegion%2Fissue-linker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NeuraLegion%2Fissue-linker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NeuraLegion","download_url":"https://codeload.github.com/NeuraLegion/issue-linker/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245078148,"owners_count":20557279,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","dast","sast","vulnerability-scanners"],"created_at":"2024-11-30T04:17:38.701Z","updated_at":"2025-03-23T08:42:53.312Z","avatar_url":"https://github.com/NeuraLegion.png","language":"Crystal","funding_links":[],"categories":[],"sub_categories":[],"readme":"# issue-linker\n\nThis is a tool to link issues between SAST vendors and BrightSec DAST.\nIt also allows to run validation scan based on the SAST scan results.\n\n## Installation\n\n### From Source\n\n1. [Install Crystal](https://crystal-lang.org/docs/installation/)\n2. `git clone` this repo\n3. `cd` into the repo\n4. `shards build`\n\n### From Releases\n\n1. Download the latest release from the [releases page](https://github.com/NeuraLegion/issue-linker/releases)\n2. Look for the binary for your OS and architecture\n3. Download it to your working directory\n4. execute with `./issue-linker`. You may need to `chmod +x` the binary first.\n\n### From Docker\n\n#### Docker Build Option\n\n1. `git clone` this repo\n2. `cd` into the repo\n3. `docker build -t issue-linker .`\n4. `docker run -it issue-linker --help`\n\n#### Docker Pull Option\n\n1. `docker pull neuralegion/issue-linker`\n2. `docker run -it neuralegion/issue-linker --help`\n\n## Usage\n\n`issue-linker --help` to see the help menu\n\nThe tool has different options based on the relevant vendor, for Snyk you can use the following options:\n\n`issue-linker Snyk --help`\n\nThis will show the help menu for the Snyk vendor.\n\n```bash\nUsage: issue-linker [subcommand] [arguments]\n -h, --help Show this help\n Link-Issues Link Snyk and Bright issues\n Verification-Scan Run a verification scan based on Snyk Code findings\n```\n\nYou can choose a different vendor as well, listing avialable vendors can be done with:\n\n```bash\n./issue-linker --help\nUsage: issue-linker [subcommand] [arguments]\n Snyk Snyk Integration\n CX Checkmarx\n -h, --help Show this help\n```\n\n### Link-Issues\n\nThis command will link issues between Snyk and BrightSec.\n\n```bash\nUsage: issue-linker Snyk [arguments]\n -h, --help Show this help\n --snyk-token TOKEN Api-Key for the snyk platform\n --snyk-org ORG Snyk org UUID\n --snyk-project PROJECT Snyk project UUID\n --bright-token TOKEN Api-Key for the Bright platform\n --bright-scan SCAN Bright scan ID\n --output TYPE Type of Output, default: json. [json,markdown,ascii] (Optional)\n --update Update Bright issues with Snyk issue links\n\n```\n\nExample command can looks like the following for Checkmarx:\n\n```bash\n./issue-linker CX Link-Issues --bright-token XXX --cx-token XXX --cx-scan=UUID --bright-scan esmkpk584o2UHdad1s3mHj --update --output ascii\n```\n\nAn Example of the possible markdown output:\n\n```markdown\n ------------------------------------- --------- -------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------\n| Issue name | CWE | Snyk issue URL | Bright issue URL |\n|-------------------------------------|---------|--------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|\n| Cross-site Scripting (XSS) | CWE-79 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-b7dae014-653a-48da-b011-3cb61442d696) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/cHmgTrrXy8RWUxtxyD8Pk8) |\n| Cross-site Scripting (XSS) | CWE-79 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-063a7c98-2225-48a2-893f-d973df45f039) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/trNW9XWMzXBmvQbng6oTEN) |\n| Server-Side Request Forgery (SSRF) | CWE-918 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-3909e99d-c7b5-4a28-b8b9-e9386d3549e9) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/2CjaWdsEx89QojKc22iPiS) |\n| Server-Side Request Forgery (SSRF) | CWE-918 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-876d02ab-7ddf-41bc-bd1e-bcbe96350d20) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/2JEsNQBg6anpX8SDKc5LuN) |\n| Command Injection | CWE-78 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-701b3fcf-5a73-431e-844b-e2efb043f0c4) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/gGnbb91pCYYSEPsf8xGT9c) |\n| SQL Injection | CWE-89 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-a06e7f8e-f93d-43c4-a2f2-d657251bb911) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/myayD5vcFrxz5FyWPQMn5Q) |\n| Cross-site Scripting (XSS) | CWE-79 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-5dac60b3-5cce-4e57-97cc-cfa870313341) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/n5n5VkU3krbdaDhSVAxpMQ) |\n| XML External Entity (XXE) Injection | CWE-611 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-ff85e9d1-c896-4ac1-86a9-6fbeea37c442) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/qQMxUyZXvWw7XxiHAs5Cmr) |\n| Open Redirect | CWE-601 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-b36659b8-6e48-418f-bcea-50bf64d2b768) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/1dD8ht6WGrF6djkxSnrXyu) |\n -------------------------------------|---------|--------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------\n```\n\nWhich will be parsed as a table:\n\n ------------------------------------- --------- -------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------\n| Issue name | CWE | Snyk issue URL | Bright issue URL |\n|-------------------------------------|---------|--------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|\n| Cross-site Scripting (XSS) | CWE-79 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-b7dae014-653a-48da-b011-3cb61442d696) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/cHmgTrrXy8RWUxtxyD8Pk8) |\n| Cross-site Scripting (XSS) | CWE-79 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-063a7c98-2225-48a2-893f-d973df45f039) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/trNW9XWMzXBmvQbng6oTEN) |\n| Server-Side Request Forgery (SSRF) | CWE-918 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-3909e99d-c7b5-4a28-b8b9-e9386d3549e9) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/2CjaWdsEx89QojKc22iPiS) |\n| Server-Side Request Forgery (SSRF) | CWE-918 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-876d02ab-7ddf-41bc-bd1e-bcbe96350d20) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/2JEsNQBg6anpX8SDKc5LuN) |\n| Command Injection | CWE-78 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-701b3fcf-5a73-431e-844b-e2efb043f0c4) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/gGnbb91pCYYSEPsf8xGT9c) |\n| SQL Injection | CWE-89 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-a06e7f8e-f93d-43c4-a2f2-d657251bb911) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/myayD5vcFrxz5FyWPQMn5Q) |\n| Cross-site Scripting (XSS) | CWE-79 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-5dac60b3-5cce-4e57-97cc-cfa870313341) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/n5n5VkU3krbdaDhSVAxpMQ) |\n| XML External Entity (XXE) Injection | CWE-611 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-ff85e9d1-c896-4ac1-86a9-6fbeea37c442) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/qQMxUyZXvWw7XxiHAs5Cmr) |\n| Open Redirect | CWE-601 | [Snyk Issue URL](https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-b36659b8-6e48-418f-bcea-50bf64d2b768) | [Bright Issue URL](https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/1dD8ht6WGrF6djkxSnrXyu)\n\nOr as JSON for automation purpose:\n\n```json\n[{\"snyk_issue\":{\"id\":\"b7dae014-653a-48da-b011-3cb61442d696\",\"title\":\"Cross-site Scripting (XSS)\",\"cwe\":[\"CWE-79\"],\"url\":\"https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-b7dae014-653a-48da-b011-3cb61442d696\"},\"bright_issue\":{\"id\":\"cHmgTrrXy8RWUxtxyD8Pk8\",\"name\":\"Reflective Cross-site scripting (rXSS)\",\"cwe\":\"CWE-79\",\"url\":\"https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/cHmgTrrXy8RWUxtxyD8Pk8\"}},{\"snyk_issue\":{\"id\":\"063a7c98-2225-48a2-893f-d973df45f039\",\"title\":\"Cross-site Scripting (XSS)\",\"cwe\":[\"CWE-79\"],\"url\":\"https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-063a7c98-2225-48a2-893f-d973df45f039\"},\"bright_issue\":{\"id\":\"trNW9XWMzXBmvQbng6oTEN\",\"name\":\"Reflective Cross-site scripting (rXSS)\",\"cwe\":\"CWE-79\",\"url\":\"https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/trNW9XWMzXBmvQbng6oTEN\"}},{\"snyk_issue\":{\"id\":\"3909e99d-c7b5-4a28-b8b9-e9386d3549e9\",\"title\":\"Server-Side Request Forgery (SSRF)\",\"cwe\":[\"CWE-918\"],\"url\":\"https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-3909e99d-c7b5-4a28-b8b9-e9386d3549e9\"},\"bright_issue\":{\"id\":\"2CjaWdsEx89QojKc22iPiS\",\"name\":\"Server Side Request Forgery\",\"cwe\":\"CWE-918\",\"url\":\"https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/2CjaWdsEx89QojKc22iPiS\"}},{\"snyk_issue\":{\"id\":\"876d02ab-7ddf-41bc-bd1e-bcbe96350d20\",\"title\":\"Server-Side Request Forgery (SSRF)\",\"cwe\":[\"CWE-918\"],\"url\":\"https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-876d02ab-7ddf-41bc-bd1e-bcbe96350d20\"},\"bright_issue\":{\"id\":\"2JEsNQBg6anpX8SDKc5LuN\",\"name\":\"Server Side Request Forgery\",\"cwe\":\"CWE-918\",\"url\":\"https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/2JEsNQBg6anpX8SDKc5LuN\"}},{\"snyk_issue\":{\"id\":\"701b3fcf-5a73-431e-844b-e2efb043f0c4\",\"title\":\"Command Injection\",\"cwe\":[\"CWE-78\"],\"url\":\"https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-701b3fcf-5a73-431e-844b-e2efb043f0c4\"},\"bright_issue\":{\"id\":\"gGnbb91pCYYSEPsf8xGT9c\",\"name\":\"OS Command Injection\",\"cwe\":\"CWE-78\",\"url\":\"https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/gGnbb91pCYYSEPsf8xGT9c\"}},{\"snyk_issue\":{\"id\":\"a06e7f8e-f93d-43c4-a2f2-d657251bb911\",\"title\":\"SQL Injection\",\"cwe\":[\"CWE-89\"],\"url\":\"https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-a06e7f8e-f93d-43c4-a2f2-d657251bb911\"},\"bright_issue\":{\"id\":\"myayD5vcFrxz5FyWPQMn5Q\",\"name\":\"SQL DB Error Message In Response\",\"cwe\":\"CWE-89\",\"url\":\"https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/myayD5vcFrxz5FyWPQMn5Q\"}},{\"snyk_issue\":{\"id\":\"5dac60b3-5cce-4e57-97cc-cfa870313341\",\"title\":\"Cross-site Scripting (XSS)\",\"cwe\":[\"CWE-79\"],\"url\":\"https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-5dac60b3-5cce-4e57-97cc-cfa870313341\"},\"bright_issue\":{\"id\":\"n5n5VkU3krbdaDhSVAxpMQ\",\"name\":\"Reflective Cross-site scripting (rXSS)\",\"cwe\":\"CWE-79\",\"url\":\"https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/n5n5VkU3krbdaDhSVAxpMQ\"}},{\"snyk_issue\":{\"id\":\"ff85e9d1-c896-4ac1-86a9-6fbeea37c442\",\"title\":\"XML External Entity (XXE) Injection\",\"cwe\":[\"CWE-611\"],\"url\":\"https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-ff85e9d1-c896-4ac1-86a9-6fbeea37c442\"},\"bright_issue\":{\"id\":\"qQMxUyZXvWw7XxiHAs5Cmr\",\"name\":\"XML External Entity (XXE)\",\"cwe\":\"CWE-611\",\"url\":\"https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/qQMxUyZXvWw7XxiHAs5Cmr\"}},{\"snyk_issue\":{\"id\":\"b36659b8-6e48-418f-bcea-50bf64d2b768\",\"title\":\"Open Redirect\",\"cwe\":[\"CWE-601\"],\"url\":\"https://app.snyk.io/org/bararchy/project/3f86c938-d091-403b-9d80-f3d62dbad9c5#issue-b36659b8-6e48-418f-bcea-50bf64d2b768\"},\"bright_issue\":{\"id\":\"1dD8ht6WGrF6djkxSnrXyu\",\"name\":\"Unvalidated Redirect\",\"cwe\":\"CWE-601\",\"url\":\"https://app.brightsec.com/scans/tLyeJ6uBNW7GckD3Th7gv5/issues/1dD8ht6WGrF6djkxSnrXyu\"}}]\n```\n\n\u003e **Note**\n\u003e Using the `--update` option will allow to update Bright Issues with the relevant vendor input\n![image](https://github.com/NeuraLegion/issue-linker/assets/1631073/5dcab9d2-d319-4445-994c-1f525d9a5be6)\n![image](https://github.com/NeuraLegion/issue-linker/assets/1631073/644c68c5-d590-4ff2-b8b0-cc0b13025490)\n![image](https://github.com/NeuraLegion/issue-linker/assets/1631073/3f3f1ef0-1424-4751-ab95-fba0baa23fb1)\n\n\n### Verification-Scan\n\nThis command will allow you to run a verification scan based on a SAST scan that was previously run.\n\n```bash\nUsage: issue-linker [subcommand] [arguments]\n -h, --help Show this help\n --snyk-token TOKEN Api-Key for the snyk platform\n --snyk-org ORG Snyk org UUID\n --snyk-project PROJECT Snyk project UUID\n --bright-token TOKEN Api-Key for the Bright platform\n -t TARGET, --target TARGET Target to scan by bright DAST\n --output TYPE Type of Output, default: json. [json,markdown,ascii] (Optional)\n```\n\n\u003e **Note**\n\u003e Target option (-t) should be provided in the following format: `https://www.example.com`.\n\n## Contributing\n\n1. Fork it (\u003chttps://github.com/NeuraLegion/issue-linker/fork\u003e)\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create a new Pull Request\n\n## Contributors\n\n- [Bar Hofesh](https://github.com/bararchy) - creator and maintainer\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fneuralegion%2Fissue-linker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fneuralegion%2Fissue-linker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fneuralegion%2Fissue-linker/lists"}