Integrating Acunetix with BugZilla

Integrating Acunetix with BugZilla is a 4-step process:

• Prepare an API Key in BugZilla for communication with Acunetix
• Configuring Acunetix for Integration
• Configuring a Target to Report Issues to your Issue Tracker
• Submitting Vulnerabilities to BugZilla

Create an API Key in your BugZilla preferences

• In the "Preferences" page, click on the "API Keys" tab
• Enable the "Generate a new API key" checkbox, and set the optional description to "Acunetix Integration"
• Click the "Submit Changes" button; this will create the API Key and the page will be updated

• Make sure you keep a copy of the Token - you will need it to complete the integration steps in Acunetix.

Configuring Acunetix for Integration

• In the Acunetix UI, click on "Issue Trackers" in the sidebar
• Click on the "Add Issue Tracker" button

• Set the "Name" field to describe the integration – for this example, we have used "BugZilla Issues"

• In the "Target Groups Access" panel, select which Target Groups will be assigned to the Issue Tracker; only Targets inside an assigned Target Group can be integrated into this Issue Tracker

• In the "Proxy Settings" panel, choose which HTTP proxy settings will be used to communicate with this Issue Tracker

• Select "BugZilla" from the dropdown labelled "Platform"

• Set the URL to the format https://<BugZillaServer>; this example assumes that your BugZilla Server was installed on IP Address "192.168.1.162"; therefore the URL will be "http://192.168.1.162"

• Insert your BugZilla API Key into the "Token" field
• Click on "Test Connection" - you should receive a "Connection is Successful" message; also, the "Project and Issue Type" panel will be updated with your list of Projects and Issue Labels

• Select the BugZilla product you want the integration to be linked to – in this example you would be using the pre-created "acunetix-test" product
• Select the BugZilla component you want Acunetix to create when a vulnerability is found – in this example you would be using the component named "Vulnerability"

• Select the custom fields you would like to link to, and set the value for each of the custom fields
• Click the "Save" button at the top of the "Add Issue Tracker" panel

Configuring a Target to Report Issues to your Issue Tracker

From your list of Targets, select the Target you wish to work with.

• In the Target Information panel, scroll to the bottom of the panel and expand the "Advanced" link.

• Enable the "Issue Tracker" slider
• From the "Issue Tracker" dropdown, select the name of the BugZilla Integration configuration you wish to use
• At the top of the "Target Information" panel, click the "Save" button

Now that your Target is configured to link to BugZilla, you need to Scan your Target. When the Scan is completed, you will be able to select the Vulnerabilities to submit to your Issue Tracker.

Submitting Vulnerabilities to BugZilla

Once you have completed a Scan on your Target:

• select "Vulnerabilities" in the sidebar

• adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your Issue Tracker
• use the checkboxes to select the vulnerabilities to send to the Issue Tracker
• click the "Send to Issue Tracker" button at the top of the "Vulnerabilities" panel

Check your BugZilla Bugs page

Your BugZilla Bugs page will show the issues you have submitted to the Issue Tracker: