[hackerone] Initial release of HackerOne with Report data streams

[clement-fouque]

Proposed commit message

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

• [ ]

How to test this PR locally

Related issues

Screenshots

[github-actions]

Vale Linting Results

Summary: 9 warnings, 35 suggestions found

⚠️ Warnings (9)

File	Line	Rule	Message
packages/hackerone/docs/README.md	116	Elastic.Latinisms	Latin terms and abbreviations are a common source of confusion. Use 'for example' instead of 'e.g'.
packages/hackerone/docs/README.md	116	Elastic.DontUse	Don't use 'please'.
packages/hackerone/docs/README.md	359	Elastic.DontUse	Don't use 'just'.
packages/hackerone/docs/README.md	375	Elastic.QuotesPunctuation	Place punctuation inside closing quotation marks.
packages/hackerone/docs/README.md	375	Elastic.QuotesPunctuation	Place punctuation inside closing quotation marks.
packages/hackerone/docs/README.md	488	Elastic.DontUse	Don't use 'Thus'.
packages/hackerone/docs/README.md	510	Elastic.Latinisms	Latin terms and abbreviations are a common source of confusion. Use 'for example' instead of 'e.g'.
packages/hackerone/docs/README.md	510	Elastic.DontUse	Don't use 'please'.
packages/hackerone/docs/README.md	754	Elastic.DontUse	Don't use 'just'.

💡 Suggestions (35)

File	Line	Rule	Message
packages/hackerone/_dev/build/docs/README.md	87	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/_dev/build/docs/README.md	93	Elastic.Semicolons	Use semicolons judiciously.
packages/hackerone/docs/README.md	88	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	94	Elastic.Semicolons	Use semicolons judiciously.
packages/hackerone/docs/README.md	106	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	114	Elastic.Wordiness	Consider using 'tell' instead of 'inform'.
packages/hackerone/docs/README.md	114	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	114	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	116	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	116	Elastic.WordChoice	Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI.
packages/hackerone/docs/README.md	117	Elastic.WordChoice	Consider using 'efficiently' instead of 'simply', unless the term is in the UI.
packages/hackerone/docs/README.md	117	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	124	Elastic.Clone	Use cloning only when referring to cloning a GitHub repository or creating a copy that is linked to the original. Often confused with 'copy' and 'duplicate'.
packages/hackerone/docs/README.md	227	Elastic.WordChoice	Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI.
packages/hackerone/docs/README.md	242	Elastic.WordChoice	Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI.
packages/hackerone/docs/README.md	259	Elastic.WordChoice	Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI.
packages/hackerone/docs/README.md	326	Elastic.WordChoice	Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI.
packages/hackerone/docs/README.md	336	Elastic.WordChoice	Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI.
packages/hackerone/docs/README.md	359	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	500	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	508	Elastic.Wordiness	Consider using 'tell' instead of 'inform'.
packages/hackerone/docs/README.md	508	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	508	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	510	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	510	Elastic.WordChoice	Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI.
packages/hackerone/docs/README.md	511	Elastic.WordChoice	Consider using 'efficiently' instead of 'simply', unless the term is in the UI.
packages/hackerone/docs/README.md	511	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	518	Elastic.Clone	Use cloning only when referring to cloning a GitHub repository or creating a copy that is linked to the original. Often confused with 'copy' and 'duplicate'.
packages/hackerone/docs/README.md	621	Elastic.WordChoice	Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI.
packages/hackerone/docs/README.md	636	Elastic.WordChoice	Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI.
packages/hackerone/docs/README.md	653	Elastic.WordChoice	Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI.
packages/hackerone/docs/README.md	720	Elastic.WordChoice	Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI.
packages/hackerone/docs/README.md	730	Elastic.WordChoice	Consider using 'deactivated, deselected, hidden, turned off, unavailable' instead of 'disabled', unless the term is in the UI.
packages/hackerone/docs/README.md	754	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.
packages/hackerone/docs/README.md	793	Elastic.WordChoice	Consider using 'can, might' instead of 'may', unless the term is in the UI.

---

The Vale linter checks documentation changes against the Elastic Docs style guide.

To use Vale locally or report issues, refer to Elastic style guide for Vale.

[clement-fouque]

@efd6 can you perform a review of the CEL part? Thanks.

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[efd6]

CEL code LGTM

[github-actions]

TL;DR

Check integrations netbox failed, but the provided Buildkite log is truncated to teardown/output-upload lines and does not include the first failing command or assertion. Immediate action: re-run that job with full step log retention (or share the uploaded build/test-results/netbox-system-*.xml) so the exact failing test can be identified.

Remediation

• Re-run Check integrations netbox and capture the full step output from the first failure line (not just the teardown tail).
• Inspect/upload build/test-results/netbox-system-*.xml from that run; this should contain the failing test name and assertion message.
• If the rerun passes without code changes, classify as transient infrastructure/test flake and retry CI.

Investigation details

Root Cause

The root cause is not identifiable from the available log artifact. The only captured lines are stack teardown and artifact upload, followed by a generic non-zero exit.

Evidence

• Build: https://buildkite.com/elastic/integrations/builds/43133
• Job/step: Check integrations netbox
• Key log excerpt (/tmp/gh-aw/buildkite-logs/integrations-check-integrations-netbox.txt):
  • --- [netbox] failed (line 73)
  • 🚨 Error: The command exited with status 1 (line 76)
  • user command error: exit status 1 (line 78)
  • No earlier test/assertion output present in this file.
• Uploaded artifacts listed in the same log include build/test-results/netbox-system-*.xml, indicating likely useful failure details exist outside the provided excerpt.
• PR diff checked locally at commit d2cd987a65f6067e9387ed2e73d530c90477c1c5: changes are under packages/hackerone/** (plus .github/CODEOWNERS), with no direct packages/netbox/** edits.

Verification

• Not run in this environment: reproducing .buildkite/scripts/test_one_package.sh depends on Buildkite runtime env/config and failed early here due missing pipeline env (YQ_VERSION unset).

Follow-up

Share the failing netbox-system xUnit XML (or full pre-teardown job logs) and I can provide a precise root-cause + patch-level remediation.

Note

🔒 Integrity filter blocked 2 items

The following items were blocked because they don't meet the GitHub integrity level.

• [hackerone] Initial release of HackerOne with Report data streams #18951 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #18951 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

---

What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[P1llus]

How does this work? I don't really understand the format the user has to provide this in. You could possibly have a default value but have it commented out?

If these are an array of just values, its better that we just ask them to give us a list of values as for example type text and multi true, then build the array in the configuration itself?

[clement-fouque]

This is how it looks like.

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: ffe2a01

History

• 💔 Build #43355 failed 7d36b5a
• 💚 Build #43155 succeeded 83adde1
• 💔 Build #43145 failed dc99b72
• 💔 Build #43133 failed d2cd987
• 💔 Build #43128 failed 5aea268
• 💔 Build #43103 failed 4a95ba7

[P1llus]

Will finalize the review on monday, but starting this up from draft to trigger a few more CI jobs