Integrating Acunetix with GitHub for issue tracking

Integrating Acunetix with GitHub is a four-step process:

Create a Personal Access Token in GitHub for communication with Acunetix
Configure Acunetix for integration
Configure a Target to report issues to your issue tracker
Submit vulnerabilities to Github

Prerequisites: Before integrating Acunetix with Github, ensure you have completed the following preparations:

You should already have a GitHub account.
Have a repository created, typically containing the source code for the Target Web Application.
Establish custom issue labels unless you're content with the default built-in labels for your issues. In this example, we assume you've created a custom issue label named vulnerability.
Generate a Personal Access Token to secure the communication channel between Acunetix and GitHub for your Target's repository.
If using Acunetix Online, ensure that your GitHub system allows incoming API requests from online.acunetix.com or app.invicti.com (For EU-based customers: app-eu.invicti.com).

Step 1: Create a Personal Access Token in your GitHub Profile

From your GitHub profile dropdown, select Settings, then click Developer settings.

Select Personal access tokens. Then click Generate new token.

On the New personal access token page:

In the Note field, enter Acunetix Integration for identification purposes.
In the Scopes section, select the repo scope in the Select scopes list. This will automatically select all the sub-items within the repo scope.
Scroll to the bottom of the page and click Create personal access token.

Ensure you keep a copy of the token as it cannot be retrieved after leaving the page. Losing the token will necessitate creating a new one and repeating the process.

Step 2: Configure Acunetix for integration

In Acunetix, select Issue Trackers from the side menu.
Click + Add Issue Tracker.

Enter a name for the issue tracker. For this example, we have used Github Issues.

In the Target Groups Access panel, select the Target Groups that will be assigned to the Issue Tracker. Only Targets within an assigned Target Group can be integrated into this Issue Tracker.

Select Github from the Platform dropdown.
Set the Authentication field to Personal Access Token.
In this example, assuming you are using the github.com online service, set the URL to https://github.com.
Enter your Github Personal Access Token into the Token field.
Click Test Connection. You should receive a Connection is Successful message.

The Project and Issue Type panel will also be updated with your list of Projects and Issue Labels.
Choose the Github project to link the integration. For exampel, use the pre-created internal-wiki project.
Select the Github Issue Type for Acunetix to create when a vulnerability is found; in this example, use the custom type vulnerability.

Click Save at the top of the Add New Issue Tracker page.

Step 3: Configure a Target to report issues to your issue tracker

Select Targets from the Acunetix side menu.
From your list of Targets, select the Target you want to work with.
On the Target Settings page, scroll down and expand the Advanced section.
Enable the Issue Tracker toggle.
From the Issue Tracker dropdown, select the name of the Github Integration configuration you intend to use.

Click Save at the top of the Target Settings page.

Now that your Target is configured to link to Github, you need to scan your Target. When the Scan is completed, you will be able to select the vulnerabilities to submit to your issue tracker.

Step 4: Submit vulnerabilities to Github

After completing a scan on your Target:

Select Vulnerabilities in the Acunetix side menu.
Adjust your filter to obtain a shortlist of the vulnerabilities you want to send to your issue tracker.
Use the checkboxes next to vulnerabilities to select the ones you want to send to the issue tracker.
Click Send to Issue Tracker.

Check your Github Issues page. Your Github Issues page will display the issues you've submitted to the issue tracker.

« Back to the Acunetix Support Page