Integrating Acunetix with GitHub for CI/CD

Integrating Acunetix with GitHub for Continuous Integration and Deployment is a 2-step process:

Step 1 - Prepare your Acunetix Target information

  • Login to your Acunetix installation

  • Go to your list of targets and click on the target you wish to work with

  • Retrieve the target id from the URL
  • Go to your Profile page and retrieve your API key.

Step 2 - Configure GitHub to integrate with Acunetix

  • Login to your GitHub account

  • Go to your list of repositories and click on the repository you wish to work with

  • Click the Actions button

  • Click the Set up a workflow yourself link
  • This will require you to create a yml file; edit this file to have the following contents:

name: CI

on:

  push:

    branches: [ main ]

  pull_request:

    branches: [ main ]

  workflow_dispatch:

jobs:

  build:

    runs-on: ubuntu-latest

    steps:

      - name: Trigger Acuneitx Scan

        run: |

          curl -k -i --request POST --url "https://online.acunetix.com/api/v1/scans" --header "X-Auth: [APIKEY]" --header "content-type: application/json" --data '{"profile_id":"11111111-1111-1111-1111-111111111111", "schedule":{"disable":false,"start_date":null,"time_sensitive":false}, "user_authorized_to_scan":"yes", "target_id":"[Target ID]"}'

  • Replace the 3 highlighted fields:
  • To set the correct X-Auth value, replace the [API KEY] text with the API key you retrieved in Step 1
  • The suggested value for profile_id is 11111111-1111-1111-1111-111111111111 - this default value is for a Full Scan. If you wish to specify a different scan profile, you can set one of the following values:
  • For the Online version of Acunetix:
  • Full Scan: 11111111-1111-1111-1111-111111111111
  • High Risk Vulnerabilities: 11111111-1111-1111-1111-111111111112
  • SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
  • Weak Passwords: 11111111-1111-1111-1111-111111111115
  • Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
  • Crawl Only: 11111111-1111-1111-1111-111111111117
  • Malware Scan: 11111111-1111-1111-1111-111111111120
  • Full Web and Network Scan: 11111111-1111-1111-1111-211111111111
  • Network Scan: 11111111-1111-1111-1111-211111111112
  • Network Scan (Safe Checks): 11111111-1111-1111-1111-211111111113
  • Network Scan Quick: 11111111-1111-1111-1111-211111111114
  • For the On-Premises version of Acunetix:
  • Full Scan: 11111111-1111-1111-1111-111111111111
  • High Risk: 11111111-1111-1111-1111-111111111112
  • SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
  • Weak Passwords: 11111111-1111-1111-1111-111111111115
  • Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
  • Crawl Only: 11111111-1111-1111-1111-111111111117
  • High / Medium Risk: 11111111-1111-1111-1111-111111111119
  • Malware Scan: 11111111-1111-1111-1111-111111111120
  • ...or alternatively the scan profile id of any custom scan profiles you may have created; you can retrieve the scan profile id of custom scan profiles programmatically via the Acunetix API, or by navigating to the custom scan profile, and checking the URL:

  • To set the correct target_id value, replace the [Target ID] text with the target ID you retrieved in Step 1

  • Click on the Start commit button to save your settings

  • Click on the Commit new file button
  • This will trigger a manual run of the workflow, and therefore add an immediate scan request to Acunetix:

  • All future commits will now also trigger a scan request to Acunetix

 

« Back to the Acunetix Support Page