Integrating Acunetix with Azure DevOps Server (TFS)

Integrating Acunetix with Azure DevOps Servicer (TFS) is a 4-step process:

  • Prepare a Personal Access Token in Azure DevOps Server for communication with Acunetix
  • Configuring Acunetix for Integration
  • Configuring a Target to Report Issues to your Issue Tracker
  • Submitting Vulnerabilities to Azure DevOps Server

๐Ÿ” Integrating Acunetix with Azure DevOps Server - Prerequisites

Before you can successfully integrate Acunetix with Azure DevOps Server, you will need to have completed some preparation beforehand:

  • you should already have created a project - typically this would contain the source code for the Target Web Application
  • you should already have your custom work items types created โ€“ unless you are satisfied using the default built-in work item types for your work items; the included example assumes that you have created a custom work item type named "Vulnerability"
  • if you are using Acunetix Online, you should ensure that your Azure DevOps Server system allows incoming API requests from online.acunetix.com

Configuring Acunetix for Integration

  • In the Acunetix UI, click on "Issue Trackers" in the sidebar
  • Click on the "Add Issue Tracker" button

  • Set the "Name" field to describe the integration โ€“ for this example, we have used "Azure DevOps Server Issues"
  • Select "Azure DevOps (TFS)" from the dropdown labelled "Platform"
  • Set the URL to the format https://<AzureDevOpsServer>; this example assumes that your Azure DevOps Server was installed on IP Address "192.168.1.242"; therefore the URL will be "http://192.168.1.242"
  • Insert your Azure DevOps Server Username into the "Username of Email" field
  • Insert your Azure DevOps Server Password into the "Password" field
  • Click on "Test Connection" - you should receive a "Connection is Successful" message; also, the "Project and Issue Type" panel will be updated with your list of Projects and Issue Labels

  • Select the Azure DevOps Server project you want the integration to be linked to โ€“ in this example you would be using the pre-created "DefaultCollection\acunetix-test" project
  • Select the Azure DevOps Server Work Item Type you want Acunetix to create when a vulnerability is found โ€“ in this example you would be using the custom type "Vulnerability"
  • Click the "Save" button at the top of the "Add Issue Tracker" panel

Configuring a Target to Report Issues to your Issue Tracker

From your list of Targets, select the Target you wish to work with.

  • In the Target Information panel, scroll to the bottom of the panel and expand the "Advanced" link.

  • Enable the "Issue Tracker" slider
  • From the "Issue Tracker" dropdown, select the name of the Azure DevOps Server Integration configuration you wish to use
  • At the top of the "Target Information" panel, click the "Save" button

Now that your Target is configured to link to Azure DevOps Server, you need to Scan your Target. When the Scan is completed, you will be able to select the Vulnerabilities to submit to your Issue Tracker.

Submitting Vulnerabilities to Azure DevOps Server

Once you have completed a Scan on your Target:

  • select "Vulnerabilities" in the sidebar

  • adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your Issue Tracker
  • use the checkboxes next to vulnerability to select the vulnerabilities to send to the Issue Tracker
  • click the "Send to Issue Tracker" button at the top of the "Vulnerabilities" panel

Check your Azure DevOps Server Work Items page

Your Azure DevOps Server Work Items page will show the issues you have submitted to the Issue Tracker:

 

ยซ Back to the Acunetix Support Page