Integrating Acunetix with GitLab for issue tracking

Integrating Acunetix with Gitlab is a 4-step process:

  • Prepare a Personal Access Token in Gitlab for communication with Acunetix
  • Configuring Acunetix for Integration
  • Configuring a Target to Report Issues to your Issue Tracker
  • Submitting Vulnerabilities to Gitlab

πŸ” Integrating Acunetix with Gitlab - Prerequisites

Before you can successfully integrate Acunetix with Gitlab, you will need to have completed some preparation beforehand:

  • you should already have a Gitlab account
  • you should already have created a project - typically this would contain the source code for the Target Web Application
  • you should already have your custom issue labels created – unless you are satisfied using the default built-in labels for your issues; the included example assumes that you have created a custom issue label named "vulnerability"
  • you should already have created a Personal Access Token to secure the communication channel between Acuneti and Gitlab for your Target's repository
  • if you are using Acunetix Online, you should ensure that your Gitlab system allows incoming API requests from online.acunetix.com

Create a Personal Access Token in your Gitlab Profile

  • From your Gitlab profile dropdown, select "Settings"

  • Click the "Access Tokens" menu item in the "User Settings" menu in the sidebar

  • In the "Personal Access tokens" page:
  • Set the "Name" field to "Acunetix Integration" – this is only a friendly name to remind you of its use
  • Set the "Expires at" field to the value that you require
  • Select the "api" scope in the "Scopes" list
  • Scroll to the bottom of the page and click the "Create personal access token" button

  • Make sure you keep a copy of the Token - it cannot be retrieved after you exit the page. If you lose the Token, you will need to create a new one and repeat the process.

Configuring Acunetix for Integration

  • In the Acunetix UI, click on "Issue Trackers" in the sidebar
  • Click on the "Add Issue Tracker" button

  • Set the "Name" field to describe the integration – for this example, we have used "Gitlab Issues"

  • In the "Target Groups Access" panel, select which Target Groups will be assigned to the Issue Tracker; only Targets inside an assigned Target Group can be integrated into this Issue Tracker

  • In the "Proxy Settings" panel, choose which HTTP proxy settings will be used to communicate with this Issue Tracker

  • Select "Gitlab" from the dropdown labelled "Platform"
  • Set the "Authentication" field to "Personal Access Token"
  • This example assumes you are using the gitlab.com online service, so you would set the URL to "https://gitlab.com"
  • Insert your Gitlab Personal Access Token into the "Token" field
  • Click on "Test Connection" - you should receive a "Connection is Successful" message; also, the "Project and Issue Type" panel will be updated with your list of Projects and Issue Labels

  • Select the Gitlab project you want the integration to be linked to – in this example you would be using the pre-created "internal-wiki" project
  • Select the Gitlab Issue Type you want Acunetix to create when a vulnerability is found – in this example you would be using the custom type "vulnerability"
  • Click the "Save" button at the top of the "Add Issue Tracker" panel

Configuring a Target to Report Issues to your Issue Tracker

From your list of Targets, select the Target you wish to work with.

  • In the Target Information panel, scroll to the bottom of the panel and expand the "Advanced" link.

  • Enable the "Issue Tracker" slider
  • From the "Issue Tracker" dropdown, select the name of the Gitlab Integration configuration you wish to use
  • At the top of the "Target Information" panel, click the "Save" button

Now that your Target is configured to link to Gitlab, you need to Scan your Target. When the Scan is completed, you will be able to select the Vulnerabilities to submit to your Issue Tracker.

Submitting Vulnerabilities to Gitlab

Once you have completed a Scan on your Target:

  • select "Vulnerabilities" in the sidebar

  • adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your Issue Tracker
  • use the checkboxes next to vulnerability to select the vulnerabilities to send to the Issue Tracker
  • click the "Send to Issue Tracker" button at the top of the "Vulnerabilities" panel

Check your Gitlab Issues page

Your Gitlab Issues page will show the issues you have submitted to the Issue Tracker:

 

Β« Back to the Acunetix Support Page