Skip to main content
Connect Odin to GitHub to push security findings directly to your repository’s issue tracker.

Connecting

1

Open Integrations

Go to Management > Integrations in the sidebar.
2

Connect GitHub

Click Connect next to GitHub and authorise the Borg Security GitHub App.
3

Select your organisation

Choose the GitHub organisation or account that owns your repositories.
4

Choose a repository

Select the repository where issues should be created.
Odin integrations page showing the GitHub connect flow

Pushing a finding

On any finding, click Push to GitHub. Odin creates a GitHub issue with:
  • Finding title as the issue title
  • Severity label (Critical, High, Medium, Low)
  • Full description, reproduction steps, and suggested fix in the issue body
You can push multiple findings at once using the bulk action toolbar on the Findings page.

Auto-linking pull requests to findings

Once the GitHub App is installed, Odin automatically links pull requests to findings whenever a finding identifier (like BORG-12) appears in the PR’s branch name, title, or body. Linked PRs show as chips in the finding header, and their open/closed/merged state tracks live as the PR moves through GitHub. When a PR is linked to a Reported finding, Odin automatically transitions it to Mitigating so Borg’s analyst team can see work is in progress. The fastest way to use this is the Copy branch name action on the finding detail header — it gives you a fix/borg-12-... style branch name ready to paste into git checkout -b.

Settings

The GitHub integration has a few toggles that change how it works. Find them on the GitHub card in Management > Integrations.
  • Issue tracking: turn on to enable vulnerability tracking via GitHub Issues. When off, GitHub is used only for repository access (e.g. for Mjolnir whitebox pentesting).
  • Auto-create tickets: when on, GitHub issues are created automatically as new findings are reported. When off, you can still create issues manually from each finding.
  • Minimum severity: only findings at or above this severity trigger automatic issue creation. Defaults to Medium.
  • Automatic retests: when on, merging a PR that addresses a Mjolnir finding triggers an automatic retest to verify the fix. See PR Reviews for how Mjolnir uses GitHub during the development loop.
Set the minimum severity to High or Critical if you want to keep your GitHub Issues focused on the most urgent findings and handle lower-severity issues manually.

Notes

  • Issues are created in the repository(ies) accessible to the installed GitHub App
  • Odin does not update or close GitHub issues automatically. Status management stays in Odin.
  • You can update the GitHub App’s repository access at any time from your GitHub organisation settings