Merge pull request #1099 from hendrik-hackerone/clickup-integration

Added documentation for ClickUp integration

docs/organizations/clickup-integration.md

@@ -0,0 +1,109 @@
+---
+title: "ClickUp Integration"
+path: "/organizations/clickup-integration.html"
+id: "organizations/clickup-integration"
+---
+
+<style>
+.contents {
+  margin-left: 1.45rem;
+  margin-right: 1.45rem;
+  border-radius: 0.3em;
+  width: 60%;
+}
+</style>
+
+HackerOne offers a bidirectional ClickUp integration that syncs information between your HackerOne report and the ClickUp task. This means that ClickUp users can sync specific workflows from ClickUp to HackerOne and vice versa, from HackerOne to ClickUp. This integration helps your development and security teams stay aligned and contributes to a better workflow to process security vulnerabilities as it minimizes the back and forth between ClickUp and HackerOne.
+
+### Creating a ClickUp task
+You can create new ClickUp tasks for reports you receive on HackerOne.
+
+To create a new ClickUp task from your HackerOne report:
+1. Go to the HackerOne report in your inbox that you want to create a new ClickUp task for.
+2. Click on <i>References</i>.
+
+![clickup-integration-5](./images/clickup-integration-5.png)
+
+3. Select the ClickUp integration that you want the report to escalate to in the dropdown.
+4. Click **Create**.
+
+![clickup-integration-2](./images/clickup-integration-2.png)
+
+5. Add comments or change the state of the report in ClickUp.
+
+![clickup-integration-3](./images/clickup-integration-3.png)
+
+When you perform an action on the ClickUp report such as adding a comment or changing the status of the report, Hackbot will generate an internal comment on the HackerOne report to reflect the changes.
+
+![clickup-integration-4](./images/clickup-integration-4.png)
+
+### Linking HackerOne Reports to Existing ClickUp Tasks
+You can link your HackerOne reports to existing ClickUp tasks.
+
+To link your reports:
+1. Go to the HackerOne report in your inbox that you want to link to ClickUp.
+2. Click **References** in the report sidebar.
+
+![clickup-integration-5](./images/clickup-integration-5.png)
+
+3. Select <i>Link issue</i> and enter the ClickUp task ID in the **Reference ID** field.
+4. Click **Create**.
+
+![clickup-integration-6](./images/clickup-integration-6.png )
+
+The HackerOne report will now be linked to the ClickUp task, and all activities that are performed on the report will be synced to the corresponding task.
+
+There's also another way you can link your HackerOne reports to ClickUp. You can:
+1. Go to the bottom of your HackerOne report.
+2. Select **Change state > Triaged** in the action picker
+3. Click **Add reference to issue tracker**.
+
+![clickup-integration-1](./images/clickup-integration-1.png)
+
+4. Enter the ClickUp task id in the **Reference ID** field.
+5. Click **Create**.
+
+### Syncing updates from HackerOne to ClickUp
+
+With the ClickUp integration you can sync these report updates to ClickUp:
+- Report Comments
+- State changes
+- Rewards
+- Assignee changes
+- Public disclosure
+
+All updates on a report are synced as a comment to ClickUp. Additionally, all actions are configurable and can be toggled from the ClickUp integration settings page.
+
+![clickup-integration-7](./images/clickup-integration-7.png)
+
+If you've configured your own [custom fields](/organizations/custom-fields.html), you can use them in the ClickUp integration. All custom fields automatically appear as available variables that you can use to set up the field mapping between HackerOne and ClickUp.
+
+### Syncing updates from ClickUp to HackerOne
+
+To make sure your security team stays up to date with the changes that happen in ClickUp, you can sync back activities from ClickUp to the HackerOne report. All updates from ClickUp will be reflected in HackerOne as an internal comment on the associated report.
+
+![clickup-integration-4](./images/clickup-integration-4.png)
+
+We currently support these activities from ClickUp to HackerOne:
+- Comments
+- State changes
+- Assignee changes
+- Priority changes
+
+You can choose which events you want to synchronize from ClickUp as each of the activities can be toggled individually.
+
+![clickup-integration-8](./images/clickup-integration-8.png)
+
+### Automatically resolving a HackerOne report
+
+You can set your integration to automatically close a HackerOne report as <i>Resolved</i> when a ClickUp task closes. This enables the hacker to be notified right away when the ClickUp task that's linked to the report is closed. In the **Select ClickUp to HackerOne events** section of the integration setup, select the ClickUp task status that will trigger the closure of the HackerOne report.
+
+### HackerOne Severity to ClickUp Priority Mapping
+
+You can map HackerOne severity ratings to the ClickUp priority fields when configuring your integration. This enables the right priority to be set when escalating a report to ClickUp.
+
+![clickup-integration-9](./images/clickup-integration-9.png)
+
+### Installing the ClickUp integration
+
+See the [ClickUp Setup](clickup-setup.html) page.

docs/organizations/clickup-setup.md

@@ -0,0 +1,108 @@
+---
+title: "ClickUp Setup"
+path: "/organizations/clickup-setup.html"
+id: "organizations/clickup-setup"
+---
+
+You can integrate with ClickUp in order to sync information between your HackerOne report and your ClickUp task.
+
+To integrate with ClickUp:
+
+1. Go to **Program Settings > Program > Integrations.**
+2. Click the **Connect with ClickUp link.**
+
+![clickup-setup-1](./images/clickup-setup-1.png)
+
+3. Click the **Set up new integration** button.
+4. Enter **Name** and **Description** for your new integration and click **Next.**
+
+![clickup-setup-2](./images/clickup-setup-2.png)
+
+5. Navigate to the ClickUp API settings of ClickUp by going to **Settings > ClickUp API** and click **Create an App**
+
+![clickup-setup-3](./images/clickup-setup-3.png)
+
+6. Enter the following information on the Create an App window and click **Create App.**
+
+   Fields | Details
+   ------ | -------
+   Application Name | HackerOne
+   Redirect URL(s) | `hackerone.integration-authentication.com`
+
+![clickup-setup-4](./images/clickup-setup-4.png)
+
+7. You will be provided with a Client ID and a Client Secret.
+
+![clickup-setup-5](./images/clickup-setup-5.png)
+
+8. Navigate back to HackerOne and click **Add a new account** in the ClickUp authentication window. 
+9. Enter your ClickUp Client Id and the Client Secret from step 7 in the **Create a new authentication window** and click **Create.**
+
+![clickup-setup-6](./images/clickup-setup-6.png)
+
+10. A window with all your workspaces will popup. Select the workspace with the list you want to escalate the reports to and click **Connect Workspace.**
+
+![clickup-setup-7](./images/clickup-setup-7.png)
+
+11. Click **Next** to finalize the setup between HackerOne and your ClickUp instance.
+12. Configure which ClickUp Team, Space, Folder and List  you'd like to escalate HackerOne reports to in the **ClickUp Team, Space, Folder and List** window and click **Next.**
+
+> **Note**: only lists that belong to a folder are currently supported.
+
+![clickup-setup-8](./images/clickup-setup-8.png)
+
+13. Select the HackerOne fields you want to map to the corresponding ClickUp fields. As alternative, enter any text using [integration variables](/organizations/integration-variables.html). If you have custom fields configured in ClickUp they also can be mapped to HackerOne fields. Finally you can configure the labels that are being applied to every new task. Click **Next**.
+
+> **Note**: only Text and Textarea custom field types are supported.
+
+![clickup-setup-9](./images/clickup-setup-9.png)
+
+> **Note**: alternatively you can manually set the mapping to a single field or combination of fields from the [integration variables](/organizations/integration-variables.html). For example: `{{triage_summary}} \\ Link: {{report_link}} \\ Date: {{submission_date}} \\ Reporter: {{reporter_name}} \\ Weakness: {{weakness}}` Would create a combination of the triage summare, a link to the report the submission date, the reporter name and the weakness of their report and map that to a single field.
+
+14. *(Optional)* Select ClickUp Priorities you want to map to the corresponding HackerOne Severities. This enables the right priority to be set when escalating a HackerOne report to ClickUp.
+
+![clickup-integration-9](./images/clickup-integration-9.png)
+
+15. *(Optional)* Select which actions in HackerOne you'd like to post to ClickUp in the **Select HackerOne to ClickUp events** window. You can choose from:
+
+Option | Detail
+------ | -------
+Comment added | When someone comments on a report, post an update on the associated ClickUp task.
+State changed | When someone changes the state of a report, post an update on the associated ClickUp task.
+Reward changed | When someone awards or suggests a bounty and/or bonus, post an update on the associated ClickUp task.
+Assignee changed | When someone assigns a user/group to a report, post an update on the associated ClickUp task.
+Disclosure | When disclosure is requested or a report becomes public, post an update on the associated ClickUp task.
+Synchronize attachments | Synchronize attachments linked with reports and comments to the associated ClickUp task.
+
+![clickup-integration-7](./images/clickup-integration-7.png)
+
+16. *(Optional)* Select which ClickUp actions you'd like to post onto HackerOne in the **Select ClickUp to HackerOne events** window. You can choose from:
+
+Option | Detail
+------ | -------
+Status changed | Post an internal comment when an task changes status.
+Closed task status | Resolve the report when an task is closed with the selected status.
+Comment added | Post an internal comment when someone comments on an task.
+Assignee changed | Post an internal comment when an task changes assignee.
+Priority changed | Post an internal comment when an task changes priority.
+
+![clickup-integration-8](./images/clickup-integration-8.png)
+
+17. (Optional) Once you complete this integration, a ClickUp webhook will be automatically created in your ClickUp instance. If there is no webhook created, you can use this Webhook URL to create a webhook manually with the taskCommentPosted, taskPriorityUpdated, taskStatusUpdated and TaskAssigneeUpdated events.
+
+![clickup-setup-10](./images/clickup-setup-10.png)
+
+18. Click **Finish**. Once the screen disappears, click **Enable** to enable the integration.
+
+![clickup-setup-11](./images/clickup-setup-11.png)
+
+You're all set! Now that you've finished setting up the ClickUp integration, you can [create ClickUp tasks](/organizations/clickup-integration.html#creating-a-ClickUp-task) right from your HackerOne report.
+
+### Multiple integrations
+
+If you have multiple HackerOne programs, you can integrate them to the same ClickUp instance. Steps 5-7 can be omitted for each subsequent program you need to add an integration for.
+
+*Note: You can omit steps 5-7 for your other programs because an App has already been created when integrating with your first program, and only 1 App is needed to set up a ClickUp integration.*
+
+### Multiple ClickUp instances per program
+This feature is available for **Enterprise programs only**. If you want to integrate the same program to multiple ClickUp instances, you can follow all the steps above for each integration.

docs/organizations/supported-integrations.md

@@ -1,7 +1,7 @@
 ---
-title: "Supported Integrations"
-path: "/organizations/supported-integrations.html"
-id: "organizations/supported-integrations"
+title: 'Supported Integrations'
+path: '/organizations/supported-integrations.html'
+id: 'organizations/supported-integrations'
 ---
 
 HackerOne integrates with many issue tracking tools. The integration ensures that the HackerOne platform fits into your existing security workflow with minimal friction. Integrating with one of these services will enable you to push report submissions into your preferred systems. You can set up multiple issue tracker integrations as well as a Slack integration.
@@ -44,6 +44,12 @@ HackerOne currently supports these integrations:
     </div>
     <div class="logo-text">Bugzilla</div>
   </a>
+  <a class="integration-button" href="clickup-integration.html">
+    <div class="logo">
+      <img src="./images/clickup-logo.png" />
+    </div>
+    <div class="logo-text">ClickUp</div>
+  </a>
   <a class="integration-button" href="https://xsoar.pan.dev/docs/reference/integrations/hacker-one">
     <div class="logo">
       <img src="./images/cortex-xsoar-logo.png" />
@@ -56,15 +62,15 @@ HackerOne currently supports these integrations:
     </div>
     <div class="logo-text">Freshdesk</div>
   </a>
+</div>
+
+<div class="int-button-container">
   <a class="integration-button" href="github-integration.html">
     <div class="logo">
       <img src="./images/github_logo.png" />
     </div>
     <div class="logo-text">GitHub</div>
   </a>
-</div>
-
-<div class="int-button-container">
   <a class="integration-button" href="gitlab-integration.html">
     <div class="logo">
       <img src="./images/gitlab_logo2.png" />
@@ -83,15 +89,15 @@ HackerOne currently supports these integrations:
     </div>
   <div class="logo-text">IBM QRadar SOAR</div>
   </a>
+<div>
+
+<div class="int-button-container">
   <a class="integration-button" href="jira-integration.html">
     <div class="logo">
       <img src="./images/jira_logo.png" />
     </div>
     <div class="logo-text">Jira</div>
   </a>
-<div>
-
-<div class="int-button-container">
   <a class="integration-button" href="https://community.askj1.com/kb/articles/1005-hackerone-integration-with-jupiterone">
     <div class="logo">
       <img src="./images/jupiter-one-logo.png" />
@@ -110,15 +116,15 @@ HackerOne currently supports these integrations:
     </div>
     <div class="logo-text">Linear</div>
   </a>
+</div>
+
+<div class="int-button-container">
   <a class="integration-button" href="mantisbt-integration.html">
     <div class="logo">
       <img src="./images/mantisbt-logo.png" />
     </div>
     <div class="logo-text">MantisBT</div>
   </a>
-</div>
-
-<div class="int-button-container">
   <a class="integration-button" href="microsoft-teams.html">
     <div class="logo">
       <img src="./images/microsoft_teams_logo.png" />
@@ -137,15 +143,16 @@ HackerOne currently supports these integrations:
     </div>
     <div class="logo-text">PagerDuty*</div>
   </a>
-  <a class="integration-button" href="phabricator-integration.html">
+
+</div>
+
+<div class="int-button-container">
+    <a class="integration-button" href="phabricator-integration.html">
     <div class="logo">
       <img src="./images/phabricator_logo.png" />
     </div>
     <div class="logo-text">Phabricator</div>
   </a>
-</div>
-
-<div class="int-button-container">
  <a class="integration-button" href="https://docs.plextrac.com/plextrac-documentation/product-documentation-1/account-management/account-admin/tools-and-integrations/integrations/hackerone">
     <div class="logo">
       <img src="./images/plextrac-logo.png" />
@@ -164,14 +171,15 @@ HackerOne currently supports these integrations:
     </div>
     <div class="logo-text">SafeBase</div>
   </a>
-  <a class="integration-button" href="servicenow-integration.html">
+</div>
+
+<div class="int-button-container">
+    <a class="integration-button" href="servicenow-integration.html">
     <div class="logo">
       <img src="./images/servicenow_logo.png" />
     </div>
     <div class="logo-text">ServiceNow*</div>
   </a>
-</div>
-<div class="int-button-container">
       <a class="integration-button" href="https://support.securityscorecard.com/hc/en-us/articles/4403224402459-HackerOne-App">
     <div class="logo">
       <img src="./images/securityscorecard-logo.png" />
@@ -190,15 +198,15 @@ HackerOne currently supports these integrations:
     </div>
     <div class="logo-text">Splunk*</div>
   </a>
+</div>
+
+<div class="int-button-container">
   <a class="integration-button" href="sumo-logic-integration.html">
     <div class="logo">
       <img src="./images/sumo_logic_logo.png" />
     </div>
     <div class="logo-text">Sumo Logic*</div>
   </a>
-</div>
-
-<div class="int-button-container">
      <a class="integration-button" href="trac-integration.html">
     <div class="logo">
       <img src="./images/trac_logo.png" />

src/pages/organizations/organizations-nav.yaml

@@ -225,6 +225,11 @@
       path: /organizations/brinqa-integration.html
     - title: Bugzilla
       path: /organizations/bugzilla-integration.html
+    - title: ClickUp
+      path: /organizations/clickup-integration.html
+      items:
+        - title: ClickUp Setup
+          path: /organizations/clickup-setup.html
     - title: Freshdesk
       path: /organizations/freshdesk-integration.html
     - title: GitHub