Integrating Acunetix with GitLab for CI/CD
Integrating Acunetix with GitLab for Continuous Integration and Deployment is a 2-step process:
Step 1 - Prepare your Acunetix Target information
- Login to your Acunetix installation
- Go to your list of targets and click on the target you wish to work with
- Retrieve the Target ID from the URL
- Go to your Profile page and retrieve your API Key
Step 2 - Configure Gitlab to Integrate with Acunetix
- Login to your GitLab account
- Go to your list of projects and click on the project you wish to work with
- Click the "Set up CI/CD" button
- This will require you to create a yml file; edit this file to have the following contents:
ScanJob: script: |- curl -k -i --request POST --url "https://online.acunetix.com/api/v1/scans" --header "X-Auth: [APIKEY]" --header "content-type: application/json" --data '{"profile_id":"11111111-1111-1111-1111-111111111111","schedule":{"disable":false,"start_date":null,"time_sensitive":false},"user_authorized_to_scan":"yes","target_id":"[Target ID]"}' |
- Replace the 3 highlighted fields:
- To set the correct X-Auth value, replace the "[API KEY]" text with the API key you retrieved in Step 1
- The suggested value for profile_id is "11111111-1111-1111-1111-111111111111" - this default value is for a "Full Scan". If you wish to specify a different scan profile, you can set one of the following values:
- For the Online version of Acunetix:
- Full Scan: 11111111-1111-1111-1111-111111111111
- High Risk Vulnerabilities: 11111111-1111-1111-1111-111111111112
- SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
- Weak Passwords: 11111111-1111-1111-1111-111111111115
- Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
- Crawl Only: 11111111-1111-1111-1111-111111111117
- Malware Scan: 11111111-1111-1111-1111-111111111120
- Full Web and Network Scan: 11111111-1111-1111-1111-211111111111
- Network Scan: 11111111-1111-1111-1111-211111111112
- Network Scan (Safe Checks): 11111111-1111-1111-1111-211111111113
- Network Scan Quick: 11111111-1111-1111-1111-211111111114
- For the On-Premises version of Acunetix:
- Full Scan: 11111111-1111-1111-1111-111111111111
- High Risk: 11111111-1111-1111-1111-111111111112
- SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
- Weak Passwords: 11111111-1111-1111-1111-111111111115
- Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
- Crawl Only: 11111111-1111-1111-1111-111111111117
- High / Medium Risk: 11111111-1111-1111-1111-111111111119
- Malware Scan: 11111111-1111-1111-1111-111111111120
- ...or alternatively the scan profile id of any custom scan profiles you may have created; you can retrieve the scan profile id of custom scan profiles programmatically via the Acunetix API, or by navigating to the custom scan profile, and checking the URL:
- To set the correct target_id value, replace the "[Target ID]" text with the target ID you retrieved in Step 1
- Click on the "Commit changes" button to save your settings
- This will trigger a manual run of the pipeline, and therefore add an immediate scan request to Acunetix:
- All future commits will now also trigger a scan request to Acunetix