Integrating Acunetix 360 with Jira

Jira is an issue tracking software application with agile project management and bug tracking features. Jira allows you to order and prioritize issues and bugs, as well as add issue types, fields and workflows as the project develops. Jira shares customer support tickets with other issue tracking systems.

This topic explains how to configure Acunetix 360 to send a detected issue to Jira.

Acunetix 360 has out-of-the-box support for resolving and reactivating Jira issues according to the scan results, in addition to automatic issue creation. Acunetix uses user-provided Resolved and Reopened statuses in Jira for this purpose.

To enhance issue synchronization support, Acunetix 360 also offers webhook support. This enables you to detect any status changes in Jira issues opened by Acunetix 360.

  • Acunetix 360 generates a Webhook URL after you save your integration settings. When you register this link as a webhook in your Jira project, and enter your preferred Resolved and Reopen statuses, you will complete Acunetix 360 issue synchronization for your integration.
  • When you change your Jira issue’s status to your preferred Resolved status, the issue is automatically marked as Fixed (Unconfirmed) in Acunetix 360 and a retest scan is started. And, when you change your Jira issue’s status to your preferred Reopen status, your corresponding Acunetix 360 issue is automatically marked as Revived.

Jira Fields

This table lists and explains the Jira fields in the New Jira Integration page.

Button/Section/Field

Description

Name

This is the name of the integration that will be shown elsewhere in Acunetix 360.

Mandatory

This section contains fields that must be completed.

URL

This is the Jira instance URL.

Username or Email

This is the username if self-hosted. This is the username or email address if hosted by Atlassian.

Access Token or Password

This is the personalized access (API) token of the user or the password. The API token can be retrieved from https://id.atlassian.com/manage/api-tokens.

Project Key

This is the project key that is used to prefix the ids of issues for the specific project. The Key value is in the Settings > Projects table in Jira.

Issue Type

This is the name of the issue type. The option are: Bug, Task, Story and Epic.

Title Format

This is the string format that is used to create the issue title.

Optional

This section contains optional fields.

Assigned To

This is the user to whom the issue is assigned by default.

Reporter

This is the user who reports issues. You need to allow this feature in your JIRA project, otherwise you’ll encounter an error (see Configuring User Mappings).

Priority

This is the priority of the bug.

Security Level

This is the issue security level.

Reopen Status

This is the status of the reopened issues or tickets.

Resolved Status

This is the status name of the resolved issues or tickets.

Template

This is the type of the issue description’s template.

There are two template types for issue templates, Standard and Detailed. The Detailed template has additional fields such as Request, Response.

Epic Name

This is a short title for the epic that is used as a label on issues that belong to it. It is required when Epic is selected as the Issue Type.

Epic Key

This is a text identifier for the Epic. It is required to create issues that belong to an epic.

Labels

These are the issue labels.

Due Days

This is the number of days from the date the issue was created to the date it is due.

Custom Fields

This section contains Custom Fields.

New Custom Field

Click to create a new custom field.

Name

Enter a name for the new custom field.

Value

Enter a value for the new custom field.

Create Sample Issue

Once all relevant fields have been configured, click to create a sample issue.

How to Use the Reporter Field

To use the reporter field in Acunetix 360, first follow the steps below:

  1. First you need to define a new user mapping, so that Jira has something to select from the Reporter dropdown (see Configuring User Mappings).

  1. Next, you must enable this feature in your Jira project, otherwise you’ll encounter an error:

.

How to Integrate Acunetix 360 with Jira
  1. Log in to Acunetix 360.
  2. From the main menu, click Integrations then New Integration.

  1. From the Issue Tracking Systems section, click Jira. The New Jira Integration window is displayed.

  1. In the Name field, enter a name for the integration.
  2. In the Mandatory section, complete the connection details:
  • URL
  • Username or Email
  • Access (API) Token or Password
  • Project Key
  • Issue Type (Fill the Epic Name and Epic Value fields when Epic is selected as the Issue Type.)
  • Title Format (This is a string format that is used to create the issue title)
  1. Click Create Sample Issue to confirm that Acunetix 360 can connect to the configured system. A confirmation message is displayed to confirm that the sample issue has been successfully created.

  1. In the confirmation message, click the Issue number link to open the issue in your default browser.
  2. If the Jira integration is not configured correctly, Acunetix 360 will correctly route the following descriptive error messages to you. Sample error messages may be displayed as illustrated:
  • If the URL was entered incorrectly

  • If the Access Token or Password was entered incorrectly

How to Export Reported Issues to Projects in Jira

There are several ways to send issues to Jira with Acunetix 360:

  • Once notifications have been configured, you can configure Acunetix 360 to automatically send issues after scanning has been completed.
  • You can send one or more issues from the Issues window:
  • You must have Manage Issue permission.
  • From the main menu, select Issues, then All Issues. The Issues window is displayed.
  • Select one or more issues you want to send.
  • Click Send To, then Jira.

  • A popup is displayed, with a link to the issue you have sent to Jira. If there is an error, this information will be displayed instead.

  • You can send an issue from the Recent Scans window:
  • From the main menu, click Scans then Recent Scans.

  • Next to the relevant scan, click Report. The report is displayed.
  • Scroll down to the Technical Report section.
  • From the list of detected issues, click to select an issue and display its details.

  • Click Send To, then Jira.
  • If you have already previously submitted this vulnerability to Jira, it will already be accessible. You cannot submit the same issue twice.
  • You can view the issues you have sent to Jira in the Open issues window.

How to Register an Acunetix 360 Jira Integration Webhook
  1. From the main menu, click Integrations, then Manage Integrations. The Integrations window is displayed.
  2. Next to the relevant Jira integration, click Edit. The Update Jira Integration window is displayed.

  1. In the Webhook URL field, click Copy to clipboard ().
  2. Open Jira.
  3. From the main menu, click Settings, then System, then Webhooks. The Webhooks window is displayed.

  1. Click Create a WebHook.
  2. In the URL field, paste in the Webhook URL (from step 3). In the Issue related events field, select the updated checkbox in the Issue column.
  3. In the Jira Software related events field, enable the Exclude body option on Jira Webhook settings to prevent unnecessary data transfer. If data transfer is turned on, it may interfere with transfer limits and disrupt synchronization. (If you are going to make this change, it is essential to update the integration address.)

  1. Click Create, then Save.
  2. In Jira, navigate to the Open Issues window, then click the issue. From the Status dropdown, select DONE.

  1. The Webhook is triggered, and Acunetix 360 initiates a new Retest process.
  1. In Acunetix 360, from the main menu, click Scans, then Waiting For Retest. The Issues window is displayed, showing the issues waiting to be rescanned. The scanning process will begin soon, depending on the availability of the scanning agents.

  1. If the issue is found again, the status will be updated to Reopen Status instead of To Do or In Progress.

if_Gnome-Dialog-Information-64_55568.png

Information

There are only two categories (To Do and In Progress) for the Reopen status in Jira and there is only a single category for the Resolved status (Done). Other categories added afterwards are referred to as aliases, and these values cannot be used for integration with Acunetix 360. Please pay attention to the category definitions when defining your Workflow.

How to Add Custom Fields

if_Gnome-Dialog-Information-64_55568.png

Information

For information on creating a new custom field in JIRA, first read Adding a custom field.

For the purposes of this example, we have selected Text Field. For other field types, see How to Add Complex Custom Fields.

  1. Open your project in Jira.
  2. From the gears icon dropdown (), select Issues.
  3. In the Fields Category, click Custom Fields.

Alternatively, you can navigate to XXX.atlassian.net/secure/admin/ViewCustomFields.jspa

  1. Click Create Custom Field (top right). The Select a Field Type dialog is displayed.
  2. Scroll down and select Text Field (multi-line) or Text Field (single line).

  1. Click Next. The Configure 'Text Field (single line)' Field step is displayed.

  1. In the Name field, enter a name. Click Create.
  1. In the Associate field MyCustomField to screens field, select the screens you want to display the custom field.

  1. Before clicking Update, check the url for the fieldId.

  1. Copy the value of the fieldId's parameter in the URL (in this example, it is 'customfield_100XX').
  2. In Acunetix 360, navigate to the New JIRA Integration or Update JIRA Integration window. Configure your Jira integration. Then paste the fieldId's value (e.g. 'customfield_100XX') you copied from Jira into the Name field in the Custom Fields section.

  1. Click Create Sample Issue to confirm that Acunetix 360 can connect to the configured system. An issue is displayed like this, under MYCUSTOMFIELD, to confirm that the sample issue has been successfully created.

How to Add Complex Custom Fields

if_Gnome-Dialog-Information-64_55568.png

Information

For information on creating a new custom field in Jira, first read Adding a custom field.

For the purposes of this example, we have selected Date Picker, but the steps are the same for other field types.

  1. Open your project in Jira.
  2. At the Select a field type step, select Date Picker as your complex custom field.

  1. Click Next. In the Name field, enter 'DATEPICKERTEST', and click Create.

  1. Select screens according to your Jira settings.

  • If you want to change an existing field, in the Custom fields section, enter the custom field's name into the Search box, to find the newly-created complex custom field. Search results are displayed.

  1. Click the context menu, and click Associate to Screens.

  1. From the Issues list, select the screens you want to display the field.

  1. Check the current url for the fieldId.
  2. Copy the value of the fieldId's parameter in the URL (in this example, 'customfield_10031').
  3. This value will be used later in the Custom Fields' Name field.
  4. To get the Date Picker and other types values, see Setting custom field data for other field types.

  1. In Acunetix 360, in New JIRA Integration or Update JIRA Integration window, scroll down to the Custom Fields section and complete the following fields (examples shown):
  • Name: 'customfield_100XX' (replace with your custom field value)
  • Value: '”2011-10-03”' (value must be in “XXX” format)
  • Complex: Checked

  1. Click Create Sample Issue to confirm that Acunetix 360 can connect to the configured system. A confirmation message is displayed to confirm that the sample issue has been successfully created.

  1. In the confirmation message, click the Issue number link to open the issue in your default browser.
  2. If the Jira integration is not configured correctly, Acunetix 360 will correctly route descriptive error messages to you.
  3. In Jira, in the Acunetix 360 [Test Issue] window, you’ll see the DATEPICKERTEST value.

  1. Enable the Complex field checkbox.

Otherwise you’ll encounter the following error.

 

« Back to the Acunetix Support Page