Integrating Acunetix with Bugzilla

Integrating Acunetix with Bugzilla is a 4-step process:

  1. Prepare an API Key in Bugzilla for communication with Acunetix
  2. Configure Acunetix for integration
  3. Configure Targets to report issues to your issue tracker
  4. Submit vulnerabilities to Bugzilla

Prerequisites: Before integrating Acunetix with Bugzilla, ensure you have completed the following preparations:

  • Create a product in Bugzilla. Typically, this would contain the tasks for the Target Web Application.
  • Establish custom components unless you're content with the default component, created by default with every product in Bugzilla. In this example, we have assumed you'll be using the default component for your product named Vulnerability.
  • Create any custom fields you intend to use in your Bugzilla setup.
  • Generate an API Key to secure the communication channel between Acunetix and Bugzilla for your Target's product.
  • If using Acunetix Online, ensure that your Bugzilla system allows incoming API requests from online.acunetix.com and app.invicti.com (For EU-based customers: app-eu.invicti.com).

Step 1: Create an API Key in your Bugzilla preferences

On the Preferences page, follow these steps:

  1. Click API Keys tab.
  2. Select the Generate a new API key checkbox.
  3. Set the optional description to Acunetix Integration.
  4. Click Submit Changes; this action will create the API Key, and the page will be updated.

  1. Make sure you keep a copy of the Token - you will need it to complete the integration steps in Acunetix.

Step 2: Configure Acunetix for Integration

  1. Select Issue Trackers in the Acunetix side menu.
  2. Click + Add Issue Tracker.

  1. Set the Name field to describe the integration. For this example, we have used Bugzilla Issues.
  2. In the Target Groups Access panel, select which Target Groups will be assigned to the Issue Tracker. Only Targets inside an assigned Target Group can be integrated into this Issue Tracker.

  1. From the Platform dropdown, select Bugzilla.
  2. Set the URL to the format https://<BugzillaServer>. This example assumes that your Bugzilla Server was installed on IP Address "192.168.1.162" therefore, the URL will be "http://192.168.1.162".
  3. Insert your Bugzilla API Key into the Token field.
  4. Click Test Connection. You should receive a Connection is Successful message.

  1. The Project and Issue Type panel will be updated with your list of Projects and Issue Labels.
  2. Select the Bugzilla product you want the integration to be linked to. In this example we've used the pre-created "acunetix-test" product.
  3. Specify the Bugzilla component you want Acunetix to create when a vulnerability is found. In this example we've used the component named Vulnerability.

  1. Select the custom fields you would like to link to, and set the value for each of the custom fields.

  1. Click Save at the top of the Add New Issue Tracker page.

Step 3: Configure Targets to report issues to your issue tracker

  1. Select Targets from the Acunetix side menu.
  2. Click on the Target you wish to work with.
  3. On the Target Settings page, scroll down and expand the Advanced section.
  4. Enable the Issue Tracker toggle.
  5. From the Issue Tracker dropdown, select the name of the Bugzilla Integration configuration you wish to use.

  1. Click Save at the top of the Target Settings page.

Now that your Target is configured to link to Bugzilla, proceed to Scan your Target. When the Scan is completed, you will be able to select the Vulnerabilities to submit to your Issue Tracker.

Step 4: Submit vulnerabilities to Bugzilla

Once you have completed a Scan on your Target, follow the steps below:

  1. Select Vulnerabilities from the Acunetix side menu.
  2. Adjust the filter to obtain a shortlist containing the vulnerabilities you wish to send to your Issue Tracker.
  3. Use the checkboxes to select the vulnerabilities to send to the Issue Tracker.
  4. Click Send to Issue Tracker.

Check your Bugzilla Bugs page

The Bugzilla Bugs page will show the issues you have submitted to the Issue Tracker:

 

« Back to the Acunetix Support Page