Skip to main content
Neo works best when it has access to your actual stack: your source code, running environments, and the services your applications depend on. This guide walks through connecting everything Neo needs to run meaningful security assessments from day one.

What to Connect and Why

Neo uses these connections to build a complete picture of your attack surface and test it the way a real attacker would, with access to both your code and your running applications.
ConnectionWhat Neo Uses It For
Source code (GitHub)Reading code changes in PRs, tracing data flows, understanding application architecture, correlating code-level patterns with runtime behavior
Application environmentsTesting running applications, validating exploitability against real services, browser-based testing, API interaction
Environment variablesAuthenticating to your services, accessing protected endpoints, connecting to databases and third-party APIs during assessments
Issue tracking (Linear, Jira)Creating findings as trackable issues, syncing status, triggering retests when fixes ship
Communication (Slack)Notifying your team of completed assessments, critical findings, and retest results
You can connect these incrementally. Neo delivers value with just a GitHub repo and a target environment. Additional connections expand what Neo can test and how deeply it integrates into your workflow.

Connecting GitHub

GitHub is the primary way Neo accesses your source code and integrates into your development workflow.

Install the GitHub App

1

Navigate to Integrations

In the Neo dashboard, go to Settings → Integrations → GitHub.
2

Install the Neo GitHub App

Click Connect GitHub and follow the OAuth flow to install the Neo GitHub App on your organization. You can grant access to all repositories or select specific ones.
3

Select repositories

Choose which repositories Neo should have access to. You can start with a single repo and expand later. Neo only reads code and PR metadata; it does not push commits or modify your repositories.

What GitHub Access Enables

Once connected, Neo can:
  • Review PRs automatically. When a developer opens a pull request, Neo analyzes the code changes for security implications, tests exploitability against your running environment, and posts findings directly on the PR.
  • Read source code for deeper analysis. During any assessment, Neo can reference your codebase to trace data flows, understand business logic, and correlate code patterns with runtime vulnerabilities.
  • Track changes over time. Neo monitors merged PRs to update its understanding of your attack surface, identifying areas where new risk may have been introduced.
Neo requires read-only access to repository contents and pull requests. It does not need write access to your codebase.

Environment Best Practices

Use staging or dedicated testing environments. Neo runs all exploit attempts inside isolated sandboxes, but pointing it at a staging environment ensures your production data and users are never involved. A staging environment that mirrors production gives Neo the most realistic attack surface to test against. One environment per service. If your stack includes multiple services (e.g., a frontend, an API, and a background worker), add each as a separate environment. This gives Neo a clear map of your architecture and allows it to test cross-service interactions. Keep environments up to date. Neo’s assessments are only as accurate as the environment it’s testing against. If your staging environment drifts significantly from production, findings may not reflect real-world risk. Environments that stay in sync with your deployment pipeline give Neo the best signal.

Configuring Environment Variables

Some of your services require authentication or specific credentials to access. Environment variables let you securely provide Neo with the secrets it needs to test authenticated flows and protected endpoints.
1

Navigate to Environment Variables

In the Neo dashboard, go to Settings → Environment Variables.
2

Add variables

Define key-value pairs for credentials, API keys, tokens, or any secrets Neo needs during assessments. Common examples include:
  • API_KEY — API keys for your services
  • AUTH_TOKEN — Authentication tokens for accessing protected endpoints
  • DATABASE_URL — Connection strings for database access during testing
  • SESSION_COOKIE — Pre-authenticated session cookies for bypassing login flows
3

Scope variables to environments

Variables can be scoped to specific environments so Neo uses the right credentials for the right target. Your staging API key stays with your staging environment; your QA credentials stay with QA.
All environment variables are encrypted at rest and in transit. Neo only accesses them during active assessments inside isolated sandboxes. Variables are never logged, exposed in reports, or included in finding evidence.

Connecting Issue Tracking

Connecting your issue tracker lets Neo create findings as real, trackable issues in the tools your team already uses. When a fix ships, Neo can automatically detect the change and retest to confirm the vulnerability is resolved.

Linear

1

Navigate to Integrations

Go to Settings → Integrations → Linear.
2

Authenticate

Click Connect Linear and authorize Neo to access your Linear workspace.
3

Configure project mapping

Map Neo findings to specific Linear teams or projects. You can route findings by severity, by target application, or let Neo choose based on the context of the assessment.

Jira

1

Navigate to Integrations

Go to Settings → Integrations → Jira.
2

Authenticate

Click Connect Jira and provide your Jira instance URL and authorization credentials.
3

Configure project mapping

Map Neo findings to specific Jira projects and issue types. Configure priority mapping so Neo’s severity ratings align with your team’s existing triage workflow.
Once connected, every validated finding Neo reports becomes a trackable issue with full evidence, reproduction steps, and remediation guidance attached. When the linked PR or fix deploys, Neo retests automatically and updates the issue status.

Connecting Slack

Slack integration keeps your team informed as assessments run and findings come in.
1

Navigate to Integrations

Go to Settings → Integrations → Slack.
2

Authenticate

Click Connect Slack and authorize Neo for your workspace.
3

Configure notification channels

Choose which Slack channels receive notifications. You can route by event type:
  • Assessment completed — summary of findings when a scan finishes
  • Critical finding — immediate alert when a high-severity vulnerability is validated
  • Retest passed — confirmation that a fix resolved the vulnerability
  • Regression detected — alert when a previously fixed vulnerability reappears

Verifying Your Setup

Once you’ve connected your stack, verify everything is working:
1

Check the Integrations dashboard

Go to Settings → Integrations and confirm all connections show a healthy status.
2

Run a quick assessment

Ask Neo to run a lightweight scan against one of your connected environments. A simple instruction like “Run a security review of [your staging URL]” is enough to confirm Neo can reach your environment, authenticate, and report findings.
3

Confirm issue tracking

If you’ve connected Linear or Jira, verify that findings from the test assessment appear as issues in the correct project.
4

Check Slack notifications

Confirm your configured Slack channel received the assessment summary.

Next: Your First Scan

Now that your stack is connected, run your first real security assessment with Neo.