Integrating Acunetix with GitHub for issue tracking
Integrating Acunetix with GitHub is a 4-step process:
- Prepare a Personal Access Token in GitHub for communication with Acunetix
- Configuring Acunetix for Integration
- Configuring a Target to Report Issues to your Issue Tracker
- Submitting Vulnerabilities to Github
Before successfully integrating Acunetix with Github, ensure you have completed the following preparations:
- You should already have a GitHub account.
- Have a repository created, typically containing the source code for the Target Web Application.
- Establish custom issue labels unless you're content with the default built-in labels for your issues. In this example, we assume you've created a custom issue label named vulnerability.
- Generate a Personal Access Token to secure the communication channel between Acunetix and GitHub for your Target's repository.
- If using Acunetix Online, ensure that your GitHub system allows incoming API requests from online.acunetix.com or app.invicti.com (For EU-based customers: app-eu.invicti.com).
Create a Personal Access Token in your GitHub Profile
- From your GitHub profile dropdown, select Settings, then click Developer settings.
- Select Personal access tokens. Then click Generate new token.
- On the new personal access token page:
- In the Note field, enter Acunetix Integration for identification purposes.
- In the Scopes section, select the "repo" scope in the "Select scopes" list – this will automatically select all the sub-items within the "repo" scope.
- Scroll to the bottom of the page and click Create personal access token.
- Ensure you keep a copy of the token as it cannot be retrieved after leaving the page. Losing the token will necessitate creating a new one and repeating the process.
Configuring Acunetix for integration
- In Acunetix, select Issue Trackers from the sidebar, then click Add Issue Tracker. For this example, Github Issues is used.
- In the Target Groups Access panel, choose the Target Groups that will be assigned to the Issue Tracker. Only Targets within an assigned Target Group can be integrated into this Issue Tracker.
- In the Proxy Settings panel, specify the HTTP proxy settings for communication with this Issue Tracker.
- Choose Github from the Platform dropdown.
- Set the Authentication field to Personal Access Token.
- In this example, assuming you are using the github.com online service, set the URL to https://github.com.
- Insert your Github Personal Access Token into the Token field.
- Click Test Connection; you should receive a Connection is Successful message.
- The Project and Issue Type panel will also be updated with your list of Projects and Issue Labels.
- Choose the Github project to link the integration; for instance, use the pre-created internal-wiki project.
- Select the Github Issue Type for Acunetix to create when a vulnerability is found; in this example, use the custom type vulnerability.
- Click Save at the top of the Add Issue Tracker panel.
Configuring a Target to Report Issues to your Issue Tracker
From your list of Targets, choose the Target you want to work with.
- Scroll down in the Target Information panel and expand the Advanced link.
- Activate the Issue Tracker slider.
- From the Issue Tracker dropdown, select the name of the Github Integration configuration you intend to use.
- Click Save at the top of the Target Information panel.
Now that your Target is configured to link to Github, you need to Scan your Target. When the Scan is completed, you will be able to select the Vulnerabilities to submit to your Issue Tracker.
Submitting Vulnerabilities to Github
After completing a scan on your Target:
- Select Vulnerabilities in the sidebar.
- Adjust your filter to obtain a shortlist of the vulnerabilities you want to send to your Issue Tracker.
- Use the checkboxes next to vulnerabilities to select the ones you want to send to the Issue Tracker.
- Click the Send to Issue Tracker button at the top of the Vulnerabilities panel.
Check your Github Issues page
Your Github Issues page will display the issues you've submitted to the Issue Tracker.