Step-By-Step Configuration with GitHub

Acunetix allows seamless integration with GitHub. This provides Acunetix administrators with the ability to send vulnerabilities directly to their development teams.

In this guide, we will show you the complete process of creating a GitHub account and integrating it with Acunetix. If you already have a GitHub account, you can skip Steps 1 and 2 of this guide.

Part 1. Prepare Your GitHub Account for Integration

Step 1. Create Your GitHub Account

1. Go to the GitHub site.
2. Click on the Sign Up button.
3. On the Create your account page:
   • Enter a username for your new account.
   • Enter a valid email address for your new account.
   • Enter a valid password for your new account.
   • Click on the Verify button and solve the CAPTCHA component before creating the account.
   • Click on the Create account button.
   • Check your mailbox and click on the link in the account verification email that you received. This will send you to the GitHub Get Started page.

Step 2. Create a Repository

1. From your GitHub profile drop-down, select Your repositories.
2. Click on the New button.
3. On the Create a new repository page:
   • Enter a name for the repository.
   • Enter a description for the repository.
   • Set the repository to Private (unless you want this to be visible to the general public).
   • Enable the checkbox labelled Initialize this repository with a README to allow you to work with the repository immediately.
   • Click on the Create repository button.

Step 3. Create a New Issue Label for Your Repository

1. In your repository dashboard, click on the Issues tab.
2. Click on the Labels button.
3. Click on the New label button.
4. Set the Label name field to vulnerability.
5. Set the Description field to Identified by Acunetix.
6. Click on the Create label button.

Step 4. Create a Personal Access Token for Acunetix Integration Authentication

1. From your GitHub profile drop-down, select Settings.
2. Click on the Developer settings button.
3. Click on the Personal access tokens button.
4. Click on the Generate new token button.
5. On the New personal access token page:
   • Set the Note field to Acunetix Integration – this is only a friendly name to remind you of its use.
   • Select the repo scope from the Select scopes list – this will automatically select all the sub-items within the repo scope.
   • Scroll to the bottom of the page and click on the Generate token button.

   

6. Make sure you keep a copy of the token – it cannot be retrieved after you exit the page. If you lose the token, you will need to create a new one and repeat the process.

Part 2. Configure Acunetix for Integration

1. In the Acunetix UI, click on Issue Trackers in the sidebar.
2. Click on the Add Issue Tracker button.
3. Set the Name field to describe the integration – for this example, we have used GitHub Issues.
4. Select GitHub from the drop-down labelled Platform.
5. Set the Authentication field to Personal Access Token (PAT).
6. This example assumes you are using the GitHub.com online service, so you would set the URL to https://api.github.com.
7. Insert your GitHub personal access token into the Token field.
8. Click on Test Connection – you should receive a Connection is Successful message; also, the Project and Issue Type panel will be updated with your list of projects and issue labels.
9. Select the GitHub project you want the integration to be linked to – in this example you would be using the pre-created internal-wiki project.
10. Select the GitHub Issue Type you want Acunetix to create when a vulnerability is found – in this example you would be using the custom type vulnerability.
11. Click on the Save button at the top of the Add Issue Tracker panel.

Part 3. Configure a Target to Report Issues to Your Issue Tracker

From your list of targets, select the target you wish to work with.

1. In the Target Information panel, scroll to the bottom of the panel and expand the Advanced link.
2. Enable the Issue Tracker slider.
3. From the Issue Tracker drop-down, select the name of the GitHub integration configuration you wish to use.
4. At the top of the Target Information panel, click on the Save button.

Now that your target is configured to link to GitHub, you need to scan your target. When the scan is completed, you will be able to select the vulnerabilities to submit to your issue tracker.

Part 4. Submit Vulnerabilities to GitHub

Once you have completed a scan of your target:

1. Select Vulnerabilities in the sidebar.
2. Adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your issue tracker.
3. Use the checkboxes next to vulnerability to select the vulnerabilities to send to the issue tracker.
4. Click on the Send to Issue Tracker button at the top of the Vulnerabilities panel.

Now, check your GitHub Issues page. It will show the issues you have submitted to the issue tracker:

THE AUTHOR

Kevin Attard Compagno
Technical Writer
LinkedIn

Kevin Attard Compagno is a Technical Writer working for Acunetix. A technical writer, translator, and general IT buff for over 30 years, Kevin used to run Technical Support teams and create training documents and other material for in-house technical staff.