Integrating Acunetix with GitLab for issue tracking

Integrating Acunetix with GitLab is a four-step process:

  1. Create a Personal Access Token in GitLab for communication with Acunetix
  2. Configure Acunetix for integration
  3. Configure a Target to report issues to your issue tracker
  4. Submit vulnerabilities to GitLab

Prerequisites

Before integrating Acunetix with GitLab, ensure you have completed the following preparations:

  • You should already have a GitLab account.
  • Create a project, typically containing the source code for the Target Web Application.
  • Establish custom issue labels unless you're content with the default built-in labels for your issues. In this example, we assume you've created a custom issue label named vulnerability.
  • Generate a Personal Access Token to secure the communication channel between Acunetix and GitLab for your Target's repository.
  • If using Acunetix Online, ensure that your GitLab system allows incoming API requests from online.acunetix.com or app.invicti.com (For EU-based customers: app-eu.invicti.com).

Step 1: Create a Personal Access Token in your Gitlab Profile

  1. From your GitLab profile dropdown, click Settings.

  1. Navigate to the Access Tokens option within the User Settings menu on the sidebar.

  1. On the Personal Access Tokens page:
  • In the Name field, enter Acunetix Integration for identification purposes.
  • Set the Expires at according to your requirements.
  • In the Scopes section, select api.
  • Scroll to the bottom of the page and click Create personal access token.

  1. Ensure you keep a copy of the token as it cannot be retrieved after leaving the page. Losing the token will necessitate creating a new one and repeating the process.

Step 2: Configure Acunetix for integration

  1. Select Issue Trackers in the Acunetix side menu.
  2. Click + Add Issue Tracker.

  1. Enter a name for your integration. For this example, we have used Gitlab Issues.

  1. In the Target Groups Access panel, select the Target Groups that will be assigned to the issue tracker. Only Targets within an assigned Target Group can be integrated into this issue tracker.

  1. Select Gitlab from the dropdown labeled Platform.
  2. Set the Authentication field to Personal Access Token.
  3. In this example, assuming you are using the gitlab.com online service, set the URL to https://gitlab.com.
  4. Enter your GitLab Personal Access Token into the Token field.
  5. Click Test Connection. You should receive a Connection is Successful message.

  1. The Project and Issue Type panel will update with your list of Projects and Issue Labels.
  2. Choose the GitLab project to link the integration. For example, use the pre-created internal-wiki project.
  3. Select the GitLab Issue Type for Acunetix to create when a vulnerability is found. In this example, use the custom type vulnerability.

  1. Click Save at the top of the Add New Issue Tracker page.

Step 3: Configure a Target to report issues to your issue tracker

  1. Select Targets from the Acunetix side menu.
  2. From your list of Targets, select the Target you want to work with.
  3. In the Target Settings panel, scroll down and expand the Advanced section.
  4. Enable the Issue Tracker toggle.
  5. From the Issue Tracker dropdown, select the name of the GitLab Integration configuration you intend to use.

  1. Click Save at the top of the Target Settings page.

Now that your Target is configured to link to Gitlab, you need to scan your Target. When the scan is completed, you will be able to select the vulnerabilities to submit to your issue tracker.

Step 4: Submit vulnerabilities to Gitlab

After completing a scan on your Target:

  1. Select Vulnerabilities in the Acunetix side menu.
  2. Adjust your filter to obtain a shortlist of the vulnerabilities you want to send to your issue tracker.
  3. Use the checkboxes next to vulnerabilities to select the ones you want to send to the issue tracker.
  4. Click Send to Issue Tracker.

  1. Check your Gitlab Issues page. Your GitLab Issues page will display the issues you've submitted to the issue tracker.

 

« Back to the Acunetix Support Page