Integrating Acunetix with Azure DevOps Services for CI/CD

Integrating Acunetix with Azure DevOps Services for Continuous Integration and Deployment is a 2-step process:

Step 1 - Prepare your Acunetix Target information

  • Login to your Acunetix installation

  • Go to your list of targets and click on the target you wish to work with

  • Retrieve the Target ID from the URL
  • Go to your Profile page and retrieve your API Key

Step 2 - Configure Azure DevOps Services to Integrate with Acunetix

  • Login to your Azure DevOps Services account

  • Go to your list of pipelines and click on the pipeline you wish to work with

  • Click on the "Edit" button to change your pipeline settings

  • Click on the Add Task button on one of your Agent Jobs
  • Option 1: Command Line
  • Select the "Command line" option, and click the "Add" button
  • Click on the new Command Line Script; you can optionally give it a friendly name to reflect the task
  • Edit the "Script" field to read as follows:

curl -k -i --request POST --url https://online.acunetix.com/api/v1/scans --header "X-Auth: [API KEY]" --header "content-type: application/json" --data "{ \"profile_id\" : \"11111111-1111-1111-1111-111111111111\" , \"incremental\" : false , \"schedule\" : { \"disable\" : false , \"start_date\" : null , \"time_sensitive\" : false } , \"user_authorized_to_scan\" : \"yes\" , \"target_id\" : \"[Target ID]\" }"

  • Option 2: PowerShell Script
  • Select the "PowerShell Script" option, and click the "Add" button
  • Click on the new PowerShell Script; you can optionally give it a friendly name to reflect the task
  • Set the "Type" to "Inline"
  • Edit the "Script" field to read as follows:

# Declare Variables

$MyAXURL="https://online.acunetix.com/api/v1"

$MyAPIKEY="[API KEY]"

$FullScanProfileID="11111111-1111-1111-1111-111111111111"

$MyRequestHeaders=@{

 'X-Auth' = $MyAPIKEY

 'Content-Type' = 'application/json'

}

$MyTargetID="[Target ID]"

# Trigger a scan on the target - Scan ID is in the HTTP Response Headers

$MyRequestBody='{"profile_id":"' + $FullScanProfileID + '" , "incremental" : false , "schedule" : { "disable" : false , "start_date" : null , "time_sensitive" : false } , "user_authorized_to_scan" : "yes" , "target_id" : "' + $MyTargetID + '" } '

Invoke-RestMethod -Uri $MyAXURL/scans -Headers $MyRequestHeaders -Method Post -Body $MyRequestBody

  • Replace the 3 highlighted fields:
  • To set the correct X-Auth value, replace the "[API KEY]" text with the API key you retrieved in Step 1
  • The suggested value for profile_id is "11111111-1111-1111-1111-111111111111" - this default value is for a "Full Scan". If you wish to specify a different scan profile, you can set one of the following values:
  • For the Online version of Acunetix:
  • Full Scan: 11111111-1111-1111-1111-111111111111
  • High Risk Vulnerabilities: 11111111-1111-1111-1111-111111111112
  • SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
  • Weak Passwords: 11111111-1111-1111-1111-111111111115
  • Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
  • Crawl Only: 11111111-1111-1111-1111-111111111117
  • Malware Scan: 11111111-1111-1111-1111-111111111120
  • Full Web and Network Scan: 11111111-1111-1111-1111-211111111111
  • Network Scan: 11111111-1111-1111-1111-211111111112
  • Network Scan (Safe Checks): 11111111-1111-1111-1111-211111111113
  • Network Scan Quick: 11111111-1111-1111-1111-211111111114
  • For the On-Premises version of Acunetix:
  • Full Scan: 11111111-1111-1111-1111-111111111111
  • High Risk: 11111111-1111-1111-1111-111111111112
  • SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
  • Weak Passwords: 11111111-1111-1111-1111-111111111115
  • Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
  • Crawl Only: 11111111-1111-1111-1111-111111111117
  • High / Medium Risk: 11111111-1111-1111-1111-111111111119
  • Malware Scan: 11111111-1111-1111-1111-111111111120
  • ...or alternatively the scan profile id of any custom scan profiles you may have created; you can retrieve the scan profile id of custom scan profiles programmatically via the Acunetix API, or by navigating to the custom scan profile, and checking the URL:

  • To set the correct target_id value, replace the "[Target ID]" text with the target ID you retrieved in Step 1

  • Click on the "Save & queue" button, and in the drop down menu again select "Save & queue"

  • In the "Run pipeline" window, click on the "Save and run" button
  • This will trigger a manual run of the pipeline, and therefore add an immediate scan request to Acunetix:

  • All future pipeline runs will now also trigger a scan request to Acunetix

 

« Back to the Acunetix Support Page