An Issue Tracker such as Atlassian JIRA, GitHub and Microsoft TFS is a powerful and essential tool in the Software Development Life Cycle (SDLC) of almost any software project. It helps development teams streamline collaboration and manage their work without getting lost in an endless stream of emails and PDF reports.

It is therefore a logical next-step to leverage existing issue tracker infrastructure to report security vulnerabilities directly to the people who need to action them, in the format and workflow-tools they are already using. This way, security vulnerabilities are tracked and perceived as issues which need to be fixed, just like any other high-impact issue the development Team may have on its plate.

This is precisely why Acunetix integrates with Atlassian JIRA, GitHub and Microsoft TFS’ issue trackers out-of-the-box. Different issue trackers can be set-up per-Target and Acunetix is smart enough not to open duplicate issues of vulnerabilities it has already opened.

Configuring an Issue Tracker

Configuring an issue tracker in Acunetix is easy. Simply head over to Settings > Issue Trackers and click the Add Issue Tracker button. We shall be using GitHub as an example, but the same steps apply for other products.

Configure Issue tracker

You may then enter your GitHub account details and click the Test Connection button to make sure your settings are correct. Upon validation of your settings, Acunetix will also pull a list of projects and issue types.

Issue tracking

You need to select which project you would like Acunetix to open issues in, as well as what issue type to open new issues under. Click Ok when done.

Once an issue tracker has been configured, it can be setup to work with a Target. Navigate to Targets, pick a Target you would like to configure and navigate to the Advanced tab. Enable Issue Tracker.


Select the issue tracker you want for this Target, and click Save to save your Target’s settings. You may now start sending vulnerabilities to the issue tracker configured on the Target simply by navigating to Vulnerabilities, selecting one or more vulnerabilities and clicking Send to Issue Tracker.


Once issues are sent, you can go ahead and view them directly inside the issue tracker. Acunetix will automatically assign issue priority based on the severity of the vulnerability (for issue trackers that support priority), as well as CWE and vulnerability classification tags in order to allow you to quickly filter similar vulnerabilities.

By integrating Acunetix with issue trackers, developers fixing vulnerability are given the full details needed to fix the vulnerability directly inside of the issue opened through Acunetix. Meaning that developers no longer need to rummage through emails, filter through spreadsheets or even log-in to Acunetix to obtain details of a scan’s findings – everything they need is right at their fingertips inside of the issue.

Ian Muscat

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.

  • Team,
    My web portal is on Magento based technology, we are not able to verify scan target as it give me 502 error
    Please see detail below
    auth file response status code 502
    Please check that verification file is accessible at ……..

    • Hi,

      HTTP 502 means “The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request”.

      Can you confirm that the request is allowed by your proxy? Should the problem persist, please open a support case.

  • I’m getting a message when connecting to my JIRA cloud instance, No Project is available. I’ve created a project for this purpose so I know there is one there. Does anyone know what that error means?

    • Hi Charles,

      This could depend on a number of cases, such as the account permissions you are creating the project with versus the account you are trying to integrate the issue tracker with. It would be best for us to take a closer look by getting in touch with our support team over at as they would be able to assist you further.

  • what the maximum issue tracker item can be created for JIRA? We have hundreds of web application and each of them are third party developer. I would like each web application group assigned to respective issue tracker which more than 50 developer group.

  • I’m not at Version: 12.0.181018132 and it doesn’t show the option to add the issue tracker.

    • Hi Henry,

      Can you check in with our support team – Issue Tracker integration is only available to Enterprise licenses.

  • Comments are closed.