Integrating Acunetix 360 with Jira

You can integrate Acunetix 360 with Jira to streamline your bug-fixing process and vulnerability management.

In today's agile environment, building vulnerability management into your development pipeline is a must when doing security testing. So, any vulnerability that needs fixing must be turned into a ticket in the developers' existing system. If this is done manually, managing vulnerability tickets adds a lot of extra work for everyone. If created automatically, it streamlines the vulnerability resolution.

Thanks to the integration between Acunetix 360 and Jira, you can create tickets and assign them to developers automatically. Also, you can do the following:

  • Monitoring the vulnerability-fixing process
  • Verifying fixes (if there is 2-way integration)
  • Reopening tickets, if necessary.
  • Closing tickets.


So, with minimal setup, you can embed vulnerability scanning into your Jira-based development pipeline to ensure that security issues are reported and fixed without delay.

This topic describes how to integrate Acunetix 360 On-Demand with Jira.

Warning

Using the self-hosted Jira? Make sure Acunetix 360 On-Demand can communicate with the self-hosted Jira.

Jira fields

This table lists and explains the Jira fields on the New Jira Integration page.

Button/Section/Field

Description

Name

This is the name of the integration that will be shown elsewhere in Acunetix 360.

URL

This is the Jira instance URL. The URL must be specified as the domain name.

Username or Email

This is the username if self-hosted.

This is the email address, if hosted by Atlassian.

Access Token or Password

This is the access token  (API) or the password of the user. If hosted by Atlassian, enter the API token. If self-hosted, enter your password.

The API token can be retrieved from https://id.atlassian.com/manage/api-tokens.

Project Key

This is the project.

Issue Type

This is the name of the issue type.

Title Format

This is the string format that is used to create the issue title.

Template

This is the type of issue description template. There are two template types for issue templates: Standard and Detailed.

The Detailed template has additional fields such as Request and Response.

Integrating Acunetix 360 with Jira

Prerequisite

  • Administrator privileges OR the Add/Edit Integration permission in Acunetix 360

There are two steps to this integration:

  1. Setting up the connection with Jira instance
  2. Configuring project details for integration
Step 1. How to set up the connection with Jira instance
  1. Log in to Acunetix 360.
  2. From the main menu, go to Integrations > New Integration > Jira.

  1. In the Mandatory section, complete the connection details:
  1. Name
  2. URL
  3. Username or Email
  4. Access Token or Password
  1. Select Load Jira Details.

If successful, Acunetix 360 displays your project details to continue configuring your integration. Otherwise, Acunetix 360 displays an error message.

Step 2. How to configure your Jira project for integration with Acunetix 360
  1. From the Project Key drop-down, choose your project. OR, start typing your project name or project key to search, then choose your project.

  1. From the Issue Type drop-down, choose the issue type. (For further information about issue types, see What are issue types?)
  2. Enter Title Format. (You can leave it as it is or type your title format including {0}.)
  3. Select Save to save your integration.


Once saved, the integration appears on the Manage Integrations page.

Information

You can further configure your integration, for example, by selecting the assigned person or determining the due day. For further information, see Configuring custom fields.

You can test your integration by creating a sample issue.

Creating a sample issue to test integration
  1. From the main menu, select Integrations > Manage Integrations.
  2. From the Manage Integrations page, next to the relevant Jira integration, select Edit.
  3. Select Create Sample Issue.

Acunetix 360 exports a sample issue to Jira to test the integration. If successful, the following ticket is opened in Jira:

How to edit the Jira integration
  1. From the main menu, select Integrations > Manage Integrations.
  2. Next to the relevant Jira integration, select Edit.
  3. Make the necessary changes, and select Save.
How to delete the Jira integration
  1. From the main menu, select Integrations > Manage Integrations.
  2. Next to the relevant Jira integration, select Delete.
  3. From the Delete Integration pop-up, select Delete.
How to clone the Jira integration

Tips

You can clone your integration to create as many Jira integrations as you need. However, due to security precautions, access tokens or passwords cannot be cloned.

  1. From the main menu, select Integrations > Manage Integrations.
  2. Next to the relevant Jira integration, select Clone.
  3. Make the necessary changes, and select Save.

Exporting issues to Jira

There are several ways to send issues to Jira with Acunetix 360:

How to export reported issues to projects in Jira
  1. Once the integration has been configured, you can configure Acunetix 360 to automatically send issues to Jira after scanning has been completed. For further information, see Managing Notifications.
  2. You can send one or more issues from the Issues page:
  1. From the main menu, select Issues > All Issues.
  2. On the Issues page, select one or more issues you want to send.
  3. Select Send To > Jira.

A pop-up is displayed, with a link to the issue you have sent to Jira. If there is an error, this information will be displayed instead.

  1. You can send an issue from the Recent Scans page:
  1. From the main menu, select Scans > Recent Scans.
  2. Next to the relevant scan, select Report.
  3. Scroll down to the Technical Report section.
  4. From the list of detected issues, select an issue and display its details.

  1. Select Send To > Jira.

You can view the issues you have sent to Jira on the Open issues page.

If you have already previously submitted this vulnerability to Jira, it will already be accessible. You cannot submit the same issue twice.

Registering webhook for 2-way integration

Warning

We updated the webhook configuration for the 2-way integration on 23 May 2023. To ensure the integration continues to work, enable the Exclude Body checkbox on the Jira webhook settings. This update is essential for maintaining the full functionality of the integration.

  • If you have already enabled the Exclude Body checkbox, then no action is needed on your part.
  • If you have not yet done so, please go to the Jira webhook settings, enable the checkbox, and save the configuration. So, you can continue using the 2-way integration.

Acunetix 360 has out-of-the-box support for resolving and reactivating Jira issues according to the scan results, in addition to automatic issue creation. Acunetix 360 uses user-provided Resolved and Reopened statuses in Jira for this purpose.

To enhance issue synchronization support, Acunetix 360 also offers webhook support. This enables you to detect any status changes in Jira issues opened by Acunetix 360. That can help you:

  • Streamline issue resolution
  • Cut down on communication overhead
  • Allow developers to work on vulnerabilities without leaving the Jira environment

Acunetix 360 generates a Webhook URL after you save your integration settings. When you register this link as a webhook in your Jira project and enter your preferred Resolved and Reopen statuses, you complete Acunetix 360 issue synchronization for your integration.

When you change your Jira issue’s status to your preferred Resolved status, the issue is automatically marked as Fixed (Unconfirmed) in Acunetix 360 and a retest scan is started. And, when you change your Jira issue’s status to your preferred Reopened status, your corresponding Acunetix 360 issue is automatically marked as Revived.

The Webhook Settings field

This table lists and explains the Webhook fields on the Update Jira Integration page.

Button/Section/Field

Description

Webhook URL

This is the URL you need to enter to Jira to create the 2-way integration.

Reopen Status

This is the status of the reopened issues or tickets. This can be: To Do or In Progress.

Resolved Status

This is the status name of the resolved issues or tickets. By default, it is Done.

Information

There are only two categories (To Do and In Progress) for the Reopen status in Jira, and only one category for the Resolved status (Done).

Other categories added afterward are referred to as aliases, and these values cannot be used for integration with Acunetix 360. Please pay attention to the category definitions when defining your workflow.

How to register an Acunetix 360 Jira Integration Webhook
  1. From the main menu, select Integrations > Manage Integrations.
  2. Next to the relevant Jira integration, select Edit.
  3. From the Webhook Settings section, select Copy to clipboard to copy the Webhook URL.

  1. In a separate window, go to Jira.
  2. From the main menu, go to  Settings > System > WebHooks.
  3. On the WebHooks page, select Create a WebHook.

  1. In the URL field, paste in the Webhook URL (from step 3).

  1. In the Issue-related events field, select the updated checkbox in the Issue column.
  2. In the Jira WebHooks settings, enable the Exclude body checkbox. If not enabled, the WebHooks configuration does not work.

  1. Select Create.

Warning

After creating a webhook URL and entering it into Jira, if you modify your project details and save it, this changes the webhook URL. So, you need to copy the new webhook URL and paste the new URL into Jira. If you do not, your 2-way integration does not work.

Configuring custom fields

You can customize your Jira integration thanks to the custom fields. For example, you can choose the person who will be responsible for issues identified by Acunetix 360. Or, you can choose the priority level for the issue.

You can delete custom fields available or add new fields based on your needs.

This step is optional but crucial to configure your integration.

The Jira field mappings field

This table lists and explains the default Jira field mappings on the Jira Integration page.

Information

The following fields appear by default in the drop-down. There may be additional fields based on your project and issue type.

Button/Section/Field

Description

Assigned to

This is the user to whom the issue is assigned by default.

Reporter

This is the user who reports issues.

Labels

These are the issue labels.

Components

These are the components that you need to create on Jira. You can learn more about the components via the Jira support.

Typing component names provides the list of component(s) that you can select. You can select more than one component.

Security Level

This is the issue security level. You need to define this level in Jira, so you can control which user or group of users can view an issue. If there is no level defined, "No research found" is displayed. For further information, see Configuring issue-level security.

Due Days

This is the number of days from the date the issue was created to the date it is due.

Priority

This is the priority of the issue. This is mapped between Acunetix 360 and Jira. You can map an Acunetix 360 priority level to Jira priority. For example, you can configure a high priority in Acunetix 360 to the highest priority in Jira.

If you don't map any priority level, Acunetix 360sends all issues as "medium". If you mapped one level, for example, the highest, the rest of the issues will be sent as the medium.

Epic Link

This is an epic key. You need to copy the epic key from Jira and paste it into this field.

Epic Name

This is the epic name. You can write any name you want. Acunetix 360 creates this epic name in Jira. When you send any issue, including sample issue creation, Acunetix 360 creates the epic name in Jira.

The epic name option appears only if you select the issue type as Epic.

Please note that you cannot select an epic name and epic link for the same integration.

Prerequisite

  • Integrate Acunetix 360 with Jira
How to add a new field
  1. From the Jira Field Mappings section, select + New Jira Field.
  2. From the Field Name drop-down, select a value. (For this example, we select Priority.)

  1. From the Acunetix 360Security drop-down, select Critical.
  2. From the Jira Value drop-down, select Highest.
  3. Select Save.

Configuring complex fields

In addition to these said custom fields, your project can include complex fields, such as date picker. While mapping such complex fields, you need to enter them in a certain way. For example, you need to use double quotes or square brackets.

How to configure complex fields
  1. From the Jira Field Mappings section, select + New Jira Field.
  2. From the Field Name drop-down, select a value. (For example, Date Picker.)
  3. In the Jira Value, enter the following information, for example.

  1. From the Jira Field Mappings section, select + New Jira Field.
  2. From the Field Name drop-down, select a value. (For example, Release Version.)
  3. In the Jira Value, enter the following information, for example.

  1. From the Jira Field Mappings section, select + New Jira Field.
  2. Now, from the Field Name drop-down, select a value. (For example, Caution.)
  3. In the Jira Value, enter the following information, for example.

  1. Select Create Sample Issue.

If successful, Acunetix 360displays a success message and a link to the ticket.

You can view the issue you have sent to Jira in the following way:

 

« Back to the Acunetix Support Page