Integrating Acunetix with Azure DevOps Server (TFS)
Integrating Acunetix with Azure DevOps Services (TFS) is a 4-step process:
- Prepare a Personal Access Token in Azure DevOps Server for communication with Acunetix
- Configuring Acunetix for Integration
- Configuring a Target to Report Issues to your Issue Tracker
- Submitting Vulnerabilities to Azure DevOps Server
Before successfully integrating Acunetix with Azure DevOps Server, ensure you have completed the following preparations:
- You should already have created a project, typically containing the source code for the Target Web Application.
- Establish custom work item types unless you're content with the default built-in work item types for your work items. In this example, we assume you've created a custom work item type named Vulnerability.
- If using Acunetix Online, ensure that your Azure DevOps Server system allows incoming API requests from online.acunetix.com (For EU-based customers: app-eu.invicti.com).
Configuring Acunetix for Integration
- In the Acunetix UI, click Issue Trackers in the sidebar followed by Add Issue tracker (or the Configure New Issue Tracker link):
- Set the Name field to describe the integration. In this example, we have used Azure DevOps Server Issues.
- In the Target Groups Access panel, choose the Target Groups that will be assigned to the Issue Tracker. Note that only Targets inside an assigned Target Group can be integrated into this Issue Tracker.
- In the "Proxy Settings" panel, select the HTTP proxy settings that will be used to communicate with this Issue Tracker:
- For Platform select Azure DevOps (TFS).
- Set the URL to the format https://<AzureDevOpsServer>; for instance, if your Azure DevOps Server is installed on IP Address "192.168.1.242," the URL will be "http://192.168.1.242."
- Enter your Azure DevOps Server Username into the "Username or Email" field.
- Insert your Azure DevOps Server Password into the "Password" field.
- Click Test Connection; you should receive a "Connection is Successful" message.
- The Project and Issue Type panel will be updated with your list of Projects and Issue Labels.
- Choose the Azure DevOps Server project to link the integration. For example, use the pre-created DefaultCollection\acunetix-test project.
- Select the Azure DevOps Server Work Item Type for Acunetix to create when a vulnerability is found. In this example, use the custom type Vulnerability.
- If the selected issue type has custom fields defined, you can add the custom fields and assign values to those fields.
- Click Save at the top of the Add Issue Tracker panel.
Configuring a Target to Report Issues to your Issue Tracker
From your list of Targets, choose the Target you want to work with.
- In the Target Information panel, scroll down, and expand the Advanced link.
- Enable the Issue Tracker slider
- From the Issue Tracker dropdown, select the name of the Azure DevOps Server Integration configuration you wish to use
- At the top of the Target Information panel, click Save
- Now that your Target is configured to link to Azure DevOps Server, proceed to scan your Target. After the scan is completed, you'll be able to select the vulnerabilities to submit to your Issue Tracker.
Submitting Vulnerabilities to Azure DevOps Server
After completing a scan on your Target, select Vulnerabilities in the sidebar.
- Adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your Issue Tracker.
- Use the checkboxes next to vulnerabilities to select the ones you want to send to the Issue Tracker.
- Click Send to Issue Tracker.
Check your Azure DevOps Server Work Items page
Check your Azure DevOps Server Work Items page; it will display the issues you've submitted to the Issue Tracker.