An Issue tracker such as Atlassian JIRA, GitHub and Microsoft TFS is a powerful and essential tool in the Software Development Life Cycle (SDLC) of almost any software project. It helps development teams streamline collaboration and manage their work without getting lost in an endless stream of emails and PDF reports.
It is therefore a logical next-step to leverage existing issue tracker infrastructure to report security vulnerabilities directly to the people who need to action them, in the format and workflow-tools they are already using. This way, security vulnerabilities are tracked and perceived as issues which need to be fixed, just like any other high-impact issue the development Team may have on its plate.
This is precisely why Acunetix integrates with Atlassian JIRA, GitHub and Microsoft TFS’ issue trackers out-of-the-box. Different issue trackers can be set-up per-Target and Acunetix is smart enough not to open duplicate issues of vulnerabilities it has already opened.
Configuring an Issue Tracker
Configuring an issue tracker in Acunetix is easy. Simply head over to Settings > Issue Trackers and click the Add Issue Tracker button. We shall be using GitHub as an example, but the same steps apply for other products.
You may then enter your GitHub account details and click the Test Connection button to make sure your settings are correct. Upon validation of your settings, Acunetix will also pull a list of projects and issue types.
You need to select which project you would like Acunetix to open issues in, as well as what issue type to open new issues under. Click Ok when done.
Once an issue tracker has been configured, it can be setup to work with a Target. Navigate to Targets, pick a Target you would like to configure and navigate to the Advanced tab. Enable Issue Tracker.
Select the issue tracker you want for this Target, and click Save to save your Target’s settings. You may now start sending vulnerabilities to the issue tracker configured on the Target simply by navigating to Vulnerabilities, selecting one or more vulnerabilities and clicking Send to Issue Tracker.
Once issues are sent, you can go ahead and view them directly inside the issue tracker. Acunetix will automatically assign issue priority based on the severity of the vulnerability (for issue trackers that support priority), as well as CWE and vulnerability classification tags in order to allow you to quickly filter similar vulnerabilities.
By integrating Acunetix with issue trackers, developers fixing vulnerability are given the full details needed to fix the vulnerability directly inside of the issue opened through Acunetix. Meaning that developers no longer need to rummage through emails, filter through spreadsheets or even log-in to Acunetix to obtain details of a scan’s findings – everything they need is right at their fingertips inside of the issue.