You can manage web vulnerabilities internally with Acunetix. However, these vulnerabilities will need to be fixed by developers and the developers may already use an issue management system. Therefore, managing them internally might not be an optimal choice. In such a case, your vulnerability scanner should be able to work directly with the issue management system.

Acunetix can export discovered vulnerabilities as issues to external issue trackers such as one of the most popular ones – Jira. In this article, you will learn how to set up a Jira account and how to set up Acunetix to work with Jira.

Step 1. Prepare Your Jira Account for Integration

Create your Jira Account

1. Open the Atlassian Jira account creation page.

2. Click on the Next button and then the Sign up with email button (you may optionally select the Continue with Google option).

3. On the Create your account page:

  • Enter a valid email address for your new account
  • Enter a valid password for your new account
  • Enter a First name and a Last name for your new account
  • Click on the Agree and sign up button
  • Check your mailbox and click on the link in the account verification email you received; this will send you to the Let’s get started page

Create Your Jira Project

1. Enter a name for your Jira site and click on the Continue button

2. You will be presented with 2 questions to answer – you can skip both of them.


3. You will be presented with an Invite your team page – you can skip this.

4. On the Help us set up your Jira page, again click on the Skip button.

5. On the Choose a classic template page, select Software from the drop-down menu list and then click on the Bug tracking template.

6. On the Create project page, enter a name for the project (the page will auto-suggest a value for the Key field) and click on the Create button.

Create a New Issue Label for Your Projects

1. In the Settings menu, click on the Issues menu item.

2. At the top of the Issue types page, click on the Add issue type button.

3. In the Add Issue Type panel:

  • Set the Name field to Vulnerability
  • Set the Description field to Identified by Acunetix
  • Set the Type to Standard Issue Type
  • Click on the Add button

4. In the Issues menu in the sidebar, click on the Issue type schemes menu item.

5. In the Issue type schemes list, click on the Edit button for your Project – in this example, the project name is internal-wiki.

6. Drag the Vulnerability issue type from the Available Issue Types panel to the Issue Types for Current Scheme panel.

7. Click on the Save button

Create an API Token for Acunetix Integration Authentication

1. In the Settings menu, click on the Atlassian account settings menu item.

2. Click on the Security menu item in the Atlassian account menu in the sidebar.

3. Click on the Create and manage API tokens link on the Security page.

4. Click on the Create API token button

5. On the Create an API token page, set the Name field to Acunetix Integration – this is only a friendly name to remind you of its use.

6. Make sure you keep a copy of the token – it cannot be retrieved after you exit the page. If you lose the token, you will need to create a new one and repeat the process.

Step 2. Configure Acunetix for Integration

1. In the Acunetix UI, click on Issue Trackers in the sidebar.

2. Click on the Add Issue Tracker button.

3. Set the Name field to describe the integration – for this example, we have used Jira Issues.

4. Select Jira from the drop-down menu labelled Platform.

5. Set the Authentication field to HTTP Basic Token.

6. Set the URL to the format https://.atlassian.net – this example assumes that your Jira site was named acunetix-test, therefore the URL will be https://acunetix-test.atlassian.net/.

7. Insert your Jira API token into the Token field.

8. Click on Test Connection – you should receive a Connection is Successful message; also, the Project and Issue Type panel will be updated with your list of projects and issue labels.

9. Select the Jira project you want the integration to be linked to – in this example you would be using the pre-created internal-wiki project.

10. Select the Jira issue type you want Acunetix to create when a vulnerability is found – in this example you would be using the custom type Vulnerability.

11. Click on the Save button at the top of the Add Issue Tracker panel

Step 3. Configure a Target to Report Issues to Your Issue Tracker

1. From your list of targets, select the target you wish to work with.

2. In the Target Information panel, scroll to the bottom of the panel and expand the Advanced link.

3. Enable the Issue Tracker slider.

4. In the Issue Tracker drop-down menu, select the name of the Jira integration configuration you wish to use.

5. At the top of the Target Information panel, click on the Save button.

Now that your target is configured to link to Jira, you need to scan your target. When the scan is completed, you will be able to select the vulnerabilities to submit to your issue tracker.

Step 4. Submit Vulnerabilities to Jira

Once you have completed a Scan on your Target:

1. Select Vulnerabilities in the sidebar

2. Adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your issue tracker.

3. Use the checkboxes next to vulnerabilities to select the vulnerabilities to send to the issue tracker.

4. Click on the Send To Issue Tracker button at the top of the Vulnerabilities panel.

5. Check your Jira Issues page. It will show the issues you have submitted to the Issue Tracker.

SHARE THIS POST
THE AUTHOR
Kevin Attard Compagno
Technical Writer
Kevin Attard Compagno is a Technical Writer working for Acunetix. A technical writer, translator, and general IT buff for over 30 years, Kevin used to run Technical Support teams and create training documents and other material for in-house technical staff.