Integrating Acunetix with Azure Active Directory DevOps Services for CI/CD

The first step is to prepare the Acunetix Target information. In step 2, configure Azure AD DevOps Services to integrate seamlessly with Acunetix.

Prepare your Acunetix Target information

  1. Log in to your Acunetix installation

  1. Access your list of targets and click on the desired target. Retrieve the Target ID from the URL. Next, go to your Profile page and obtain your API Key.

Configure Azure AD DevOps Services to Integrate with Acunetix

  • Log in to your Azure DevOps Services account.

  • Navigate to your list of pipelines and select the specific pipeline you want to work with.

  • Click Edit to access your pipeline settings.

  • Add a task by clicking Add Task within one of your Agent Jobs:

Option 1: Command Line

  1. Choose the Command line option and click Add.
  2. Click on the new Command Line Script; you can optionally provide a friendly name for clarity.
  3. Edit the "Script" field to read as follows:

curl -k -i --request POST --url https://online.acunetix.com/api/v1/scans --header "X-Auth: [API KEY]" --header "content-type: application/json" --data "{ \"profile_id\" : \"11111111-1111-1111-1111-111111111111\" , \"incremental\" : false , \"schedule\" : { \"disable\" : false , \"start_date\" : null , \"time_sensitive\" : false } , \"user_authorized_to_scan\" : \"yes\" , \"target_id\" : \"[Target ID]\" }"

Option 2: PowerShell Script

  1. Select PowerShell Script option and click Add.
  2. Click on the new PowerShell Script; optionally, assign a friendly name for clarity.
  3. Set the Type to Inline.
  4. Edit the Script field to read as follows:

# Declare Variables

$MyAXURL="https://online.acunetix.com/api/v1"

$MyAPIKEY="[API KEY]"

$FullScanProfileID="11111111-1111-1111-1111-111111111111"

$MyRequestHeaders=@{

 'X-Auth' = $MyAPIKEY

 'Content-Type' = 'application/json'

}

$MyTargetID="[Target ID]"

# Trigger a scan on the target - Scan ID is in the HTTP Response Headers

$MyRequestBody='{"profile_id":"' + $FullScanProfileID + '" , "incremental" : false , "schedule" : { "disable" : false , "start_date" : null , "time_sensitive" : false } , "user_authorized_to_scan" : "yes" , "target_id" : "' + $MyTargetID + '" } '

Invoke-RestMethod -Uri $MyAXURL/scans -Headers $MyRequestHeaders -Method Post -Body $MyRequestBody

  1. To set the correct X-Auth value, replace the "[API KEY]" text with the API key you retrieved in Step 1.
  2. The suggested value for profile_id is "11111111-1111-1111-1111-111111111111" - this default value is for a Full Scan. If you wish to specify a different scan profile, you can set one of the following values:
  1. For the Online version of Acunetix:
  • Full Scan: 11111111-1111-1111-1111-111111111111
  • High Risk Vulnerabilities: 11111111-1111-1111-1111-111111111112
  • SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
  • Weak Passwords: 11111111-1111-1111-1111-111111111115
  • Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
  • Crawl Only: 11111111-1111-1111-1111-111111111117
  • Malware Scan: 11111111-1111-1111-1111-111111111120
  • Full Web and Network Scan: 11111111-1111-1111-1111-211111111111
  • Network Scan: 11111111-1111-1111-1111-211111111112
  • Network Scan (Safe Checks): 11111111-1111-1111-1111-211111111113
  • Network Scan Quick: 11111111-1111-1111-1111-211111111114
  1. For the On-Premises version of Acunetix:
  • Full Scan: 11111111-1111-1111-1111-111111111111
  • High Risk: 11111111-1111-1111-1111-111111111112
  • SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
  • Weak Passwords: 11111111-1111-1111-1111-111111111115
  • Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
  • Crawl Only: 11111111-1111-1111-1111-111111111117
  • High / Medium Risk: 11111111-1111-1111-1111-111111111119
  • Malware Scan: 11111111-1111-1111-1111-111111111120
  1. Alternatively, use the scan profile ID of any custom scan profiles you've created. Retrieve the scan profile ID of custom scan profiles programmatically via the Acunetix API or by checking the URL when navigating to the custom scan profile:

  1. To set the correct target_id value, replace the "[Target ID]" text with the target ID you retrieved in Step 1. Click Save & queue, and in the drop-down menu, again select Save & queue.

  1. In the Run pipeline window, click Save and run. This will initiate a manual run of the pipeline, triggering an immediate scan request to Acunetix.
  3. Subsequently, all future pipeline runs will also trigger scan requests to Acunetix.

 

« Back to the Acunetix Support Page