Integrate Acunetix 360 with Jira
Integrating Acunetix 360 with Jira means that you can have vulnerabilities identified during a web application security scan automatically created as vulnerabilities in your vulnerability tracking system.
Acunetix 360 has out-of-the-box support for resolving and reactivating Jira issues according to the scan results, in addition to automatic vulnerability creation. Acunetix 360 uses user provided resolved and reopened statuses in Jira for this purpose.
To enhance vulnerability synchronization support, Acunetix 360 also offers webhook support. This enables you to detect any status changes Jira issues opened by Acunetix 360.
- Acunetix 360 generates a Webhook URL after you save your integration settings. When you register this link as a webhook in your Jira Project, and enter your preferred resolved and reopen statuses, you will complete Acunetix 360 vulnerability synchronization for your integration.
- When you change your Jira issue’s status to your preferred resolved status, the vulnerability is automatically marked as Fixed (Unconfirmed) in Acunetix 360 and a retest scan is started. And, when you change your Jira issue’s status to your preferred reopened status, your corresponding Acunetix 360 vulnerability is automatically marked as revived.
This table lists and explains the Jira fields in the New Jira Integration page.
This is the name of the integration that will be shown elsewhere in Acunetix 360.
This section contains fields that must be completed.
This is the Jira instance URL.
Username or Email
This is the username if self-hosted. This is the username or email address if hosted by Atlassian .
Access Token or Password
This is the personalized access (API) token of the user or the password.
This is the project key that is used to prefix the ids of vulnerabilities for the specific project
This is the name of the vulnerability type.
This is the string format that is used to create the vulnerability title.
This section contains optional fields.
This is the user to whom the vulnerability is assigned by default.
This is the user name who reports vulnerabilities.
This is the priority of the bug.
This is the status of the reopened issues/tickets.
This is the status name of the resolved issues/tickets.
The vulnerability security level name.
These are the vulnerabilities' labels.
This is the number of days from the date the issue was created to the date it is due.
This section contains Custom Fields.
New Custom Field
Click to create a new custom field.
Enter a name for the new custom field.
Enter a value for the new custom field.
Create Sample Vulnerability
Once all relevant fields have been configured, click to create a sample vulnerability.
How to Integrate Acunetix 360 with Jira
- Log in to Acunetix 360.
- From the sidebar, click Integrations then New Integration.
- From the Vulnerability Tracking Systems section, click Jira. The New Jira Integration page is displayed.
- In the Name field, enter a name for the integration.
- In the Mandatory section, complete the connection details:
- URL (The URL where the Jira application runs)
- Username or Email (The email address you used to log in to Jira)
- Access (API) Token or Password (API token can be retrieved from https://id.atlassian.com/manage/api-tokens)
- Project Key (The 'Key' value in the Settings>Projects table)
- Vulnerability Type (Bug, Task, Story)
- Title Format (This is a string format that is used to create the vulnerability title)
- Click Create Sample Vulnerability to confirm that Acunetix 360 can connect to the configured system. A confirmation message is displayed to confirm that the sample vulnerability has been successfully created.
- In the confirmation message, click the Vulnerability number link to open the vulnerability in your default browser.
- If the Jira integration is not configured correctly, Acunetix 360 will correctly route the following descriptive error messages to you. Sample error messages may be displayed as illustrated:
- If the URL was entered incorrectly
- If the Access Token or Password was entered incorrectly
How to Export Reported Vulnerabilities to Projects in Jira
There are several ways to send vulnerability to Jira with Acunetix 360:
- Once notifications have been configured, you can configure Acunetix 360 to automatically send vulnerabilities after scanning has been completed.
- You can send one or more Vulnerability from the Vulnerability page:
- You must have Manage Vulnerability permission.
- From the sidebar, select Vulnerabilities, then All Vulnerabilities. The Vulnerabilities page is displayed.
- Select one or more vulnerability you want to send.
- Click Send To, then Jira.
- An information box is displayed, with a link to the vulnerability you have sent to Jira. If there is an error, this information will be displayed instead.
- You can send a vulnerability from the Recent Scans page:
- From the sidebar, click Scans then Recent Scans.
- Next to the relevant scan, click Report. The report is displayed.
- Scroll down to the Technical Report area.
- From the list of detected vulnerabilities, click to select a vulnerability and display its details.
- Click Send To, then Jira.
- You can view the vulnerabilities you have sent to Jira in the Open issues page.
How to Register Acunetix 360 Jira Integration Webhook
- From the sidebar, click Integrations, then Manage Integrations, and next to the relevant Jira integration, click Edit. The Update Jira Integration page is displayed.
- In the Webhook URL field, click Copy to clipboard ().
- In Jira, click Settings, then System, then Webhooks. The Webhooks page is displayed.
- Click Create a WebHook.
- In the URL field, paste in the Webhook URL (from step 1). Add a JQL filter, and in the Issue column, select the updated checkbox.
- Enable the Exclude body option on Jira Webhook settings to prevent unnecessary data transfer. Data transfer being turned on may interfere with transfer limits and disrupt synchronization. If you are going to make this change, it is highly important to update the integration address.
- Click Create.
- Once you have solved the security vulnerability, update the Status dropdown to Done in Jira. The Webhook is triggered, and Acunetix 360 initiates a new Retest process.
- You can view the vulnerability by clicking on Scans, then Waiting For Retest, where it waits to be scanned again by Acunetix 360.
- The scanning process will begin soon, depending on the availability of the scanning engines.
- If the vulnerability is found again, the status will be updated to Reopen Status instead of To Do or In Progress.