Integrating Acunetix with GitHub for CI/CD

Integrating Acunetix with GitHub for Continuous Integration and Deployment is a 2-step process:

  1. Prepare Acunetix Target information
  2. Configure GitHub to integrate with Acunetix

Prepare your Acunetix Target information

  1. Log in to Acunetix and click the Target you wish to work with.

  1. Retrieve the Target ID from the URL.

  1. Go to your Profile page and retrieve your API key.

Configure GitHub to integrate with Acunetix

  1. Log in to your GitHub account and click on the repository you wish to work with:

  1. Select Actions.

  1. Click Set up a workflow yourself.

  1. Create a yml file. Edit the file to have the following contents:

name: CI

on:

  push:

    branches: [ main ]

  pull_request:

    branches: [ main ]

  workflow_dispatch:

jobs:

  build:

    runs-on: ubuntu-latest

    steps:

      - name: Trigger Acuneitx Scan

        run: |

          curl -k -i --request POST --url "https://online.acunetix.com/api/v1/scans" --header "X-Auth: [APIKEY]" --header "content-type: application/json" --data '{"profile_id":"11111111-1111-1111-1111-111111111111", "schedule":{"disable":false,"start_date":null,"time_sensitive":false}, "user_authorized_to_scan":"yes", "target_id":"[Target ID]"}'

  1. Replace the 3 highlighted fields:
  • To set the correct X-Auth value, replace the [API KEY] text with the API key you retrieved from Acunetix.
  • The suggested value for profile_id is 11111111-1111-1111-1111-111111111111 - this default value is for a Full Scan. If you wish to specify a different scan profile, you can set one of the following values:
  • For the Online version of Acunetix:
  • Full Scan: 11111111-1111-1111-1111-111111111111
  • High Risk Vulnerabilities: 11111111-1111-1111-1111-111111111112
  • SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
  • Weak Passwords: 11111111-1111-1111-1111-111111111115
  • Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
  • Crawl Only: 11111111-1111-1111-1111-111111111117
  • Malware Scan: 11111111-1111-1111-1111-111111111120
  • Full Web and Network Scan: 11111111-1111-1111-1111-211111111111
  • Network Scan: 11111111-1111-1111-1111-211111111112
  • Network Scan (Safe Checks): 11111111-1111-1111-1111-211111111113
  • Network Scan Quick: 11111111-1111-1111-1111-211111111114
  • For the On-Premises version of Acunetix:
  • Full Scan: 11111111-1111-1111-1111-111111111111
  • High Risk: 11111111-1111-1111-1111-111111111112
  • SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
  • Weak Passwords: 11111111-1111-1111-1111-111111111115
  • Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
  • Crawl Only: 11111111-1111-1111-1111-111111111117
  • High / Medium Risk: 11111111-1111-1111-1111-111111111119
  • Malware Scan: 11111111-1111-1111-1111-111111111120
  • Alternatively the scan profile ID of any custom scan profiles you may have created. You can retrieve the scan profile ID of custom scan profiles programmatically via the Acunetix API, or by navigating to the custom scan profile, and checking the URL.

  • To set the correct target_id value, replace the [Target ID] text with the target ID you retrieved from Acunetix.

  1. Click Start commit to save your settings.

  1. Click Commit new file.

Performing this action will initiate a manual run of the workflow, consequently adding an immediate scan request to Acunetix. Subsequently, all future commits will also trigger a scan request to Acunetix.

 

« Back to the Acunetix Support Page