Integrating Acunetix with JIRA

This document provides a step-by-step guide on integrating Acunetix with JIRA using two methods:

  • HTTP Basic Token
  • oAuth

Following the integration steps, you'll find instructions on configuring your target to link with your issue tracker, submit vulnerabilities to JIRA, and generate reports directly from JIRA.

Integration using HTTP Basic Token

Integrating Acunetix with JIRA involves a 4-step process:

  1. Prepare an API Token in JIRA for communication with Acunetix
  2. Configuring Acunetix for Integration
  3. Configuring a Target to Report Issues to your Issue Tracker
  4. Submitting Vulnerabilities to JIRA

Prerequisites:

Before successfully integrating Acunetix with JIRA using the HTTP Basic Token, ensure the following prerequisites are met:

  • You should already have a JIRA account.
  • A project in JIRA should be created, typically containing the source code for the Target Web Application.
  • Custom issue labels should be created, unless you are using the default built-in labels. The example assumes the existence of a custom issue label named "Vulnerability."
  • An API Token should be created to secure the communication channel between Acunetix and JIRA for your Target's repository.
  • If using Acunetix Online, ensure that your JIRA system allows incoming API requests from online.acunetix.com or app.invicti.com (For EU-based customers: app-eu.invicti.com).

Prepare an API Token in JIRA for communication with Acunetix

  1. From the Settings menu, select the Atlassian account settings:

  1. In the Atlassian account menu on the sidebar, click Security:

  1. Within the Security page, click Create and manage API tokens:

  1. Click the Create API token:

  1. On the Create an API token page, set the Name field to "Acunetix Integration" – this is just a friendly name for your reference:

  1. Ensure you keep a copy of the Token as it cannot be retrieved after you exit the page. Losing the Token will require creating a new one and repeating the process:

Configuring Acunetix for Integration

  1. In the Acunetix UI, navigate to Issue Trackers in the sidebar.
  2. Click on the Add Issue Tracker button.
  3. Set the Name to describe the integration; for example, use JIRA Issues:

  1. In the Target Groups Access panel, choose which Target Groups will be assigned to the Issue Tracker; note that only Targets inside an assigned Target Group can be integrated into this Issue Tracker:

  1. In the Proxy Settings panel, select the HTTP proxy settings for communication with this Issue Tracker:

  1. Choose JIRA from the dropdown labeled Platform.
  2. Set the Authentication to HTTP Basic Token.
  3. Set the URL to the format https://<jira-site-name>.atlassian.net. For example, if your JIRA site is named "acunetix-test," the URL will be "https://acunetix-test.atlassian.net/"
  4. Insert your JIRA API Token into the "Token" field.
  5. Click Test Connection; you should receive a Connection is Successful message.

  1. The Project and Issue Type panel will also be updated with your list of Projects and Issue Labels.
  2. Select the JIRA project you want the integration linked to; for example, use the pre-created "internal-wiki" project.
  3. Choose the JIRA Issue Type for Acunetix to create when a vulnerability is found; in this example, use the custom type Vulnerability.

  1. If the selected issue type has custom fields defined, add the custom fields and assign values.

  1. Click Save at the top of the Add Issue Tracker panel.

Integration using oAuth

Integrating Acunetix with JIRA involves a 5-step process:

  1. Create a public-private key pair
  2. Create an application link for Acunetix in JIRA
  3. Configuring Acunetix for Integration
  4. Configuring a Target to Report Issues to your Issue Tracker
  5. Submitting Vulnerabilities to JIRA

Prerequisites:

Before successfully integrating Acunetix with JIRA, ensure you have completed the following preparations:

  • Have a JIRA account in place.
  • Create a project, typically containing the source code for the Target Web Application.
  • Establish custom issue labels unless you're content with the default built-in labels for issues. In this example, we assume you've created a custom issue label named Vulnerability.
  • If using Acunetix Online, confirm that your JIRA system allows incoming API requests from online.acunetix.com or app.invicti.com (For EU-based customers: app-eu.invicti.com).

Create public and private keys

On a Linux machine, create a public and private key pair:

mkdir ~/jira-keys

cd ~/jira-keys

openssl genrsa -out jira-private.pem 1024

openssl req -newkey rsa:1024 -x509 -key jira-private.pem -out jira-public.cer -days 9999

openssl x509 -pubkey -noout -in jira-public.cer  > jira-public.pem

Create an application link for Acunetix in JIRA

  • Navigate to the Applications option in the JIRA Administration Menu. If prompted, authenticate again to access administrative functions.

  • Choose Application links from the sidebar:

  • If a Configure Application URL dialog appears:
  • Select the Use this URL checkbox.
  • Click Continue.

  • In the first "Link applications" dialog:
  • Set the Application Name to Acunetix.
  • Choose Generic Application from the Application Type dropdown.
  • Select to enable the Create incoming link checkbox.
  • Leave the remaining fields blank, as they are only used for outgoing links, and the Acunetix integration requires only incoming link functionality.
  • Click Continue.

  • In the second Link applications dialog:
  • Set the Consumer Key field to AcunetixKey.
  • Set the Consumer Name field to Acunetix Integration.
  • Paste the contents of the jira-public.pem certificate file created earlier into the Public Key field.
  • Click Continue.

Configuring Acunetix for Integration

  • In the Acunetix UI, click Issue Trackers in the sidebar followed by Add Issue Tracker. Set the Name field to describe the integration – for this example, we have used JIRA Issues:

  • In the Target Groups Access panel, choose the Target Groups that will be assigned to the Issue Tracker. Note that only Targets inside an assigned Target Group can be integrated into this Issue Tracker:

  • In the "Proxy Settings" panel, select the HTTP proxy settings for communication with this Issue Tracker.

  • In the Issue Tracker Platform and Authentication panel:
  • Set the Platform dropdown to JIRA.
  • Set the Authentication field to OAuth.
  • In the URL field, enter the URL for your JIRA installation; for example, http://10.10.4.72:8080.
  • Set the Consumer Key field to AcunetixKey, matching the Consumer Key configured in JIRA earlier.
  • Paste the contents of the jira-private.pem certificate file created earlier into the Private Key field.
  • Click Test Connection.

  • Once Acunetix confirms the URL is responsive, click the here link. You will be redirected to your JIRA installation to verify access.

  • Click Allow:

  • Go back to your Acunetix browser window. Click Test Connection. You should receive a Connection is Successful message.

  • The Project and Issue Type panel will be updated with your list of Projects and Issue Labels:

  • Choose the JIRA project to link the integration; for instance, use the pre-created internal-wiki project.
  • Select the JIRA Issue Type for Acunetix to create when a vulnerability is found; in this example, use the custom type Vulnerability.

  • If the chosen issue type includes custom fields, you can add these fields and assign values as needed. Additionally, you can include a label for issues created when reporting from Acunetix to JIRA.

  • Click Save at the top of the Add Issue Tracker panel.

Configuring Target to Report Issues to the Issue Tracker

From your list of Targets, choose the one you want to work with.

  • In the Target Information panel, scroll down, and expand the Advanced link.

  • Activate the Issue Tracker slider.
  • From the Issue Tracker dropdown, select the JIRA Integration configuration you intend to use.
  • Click Save at the top of the Target Information panel.

Now that your Target is set up to link to JIRA, you need to scan your Target. When the Scan is completed, you will be able to select the Vulnaribilities to submit to your Issue Tracker.

Submitting Vulnerabilities to JIRA

  • After completing a scan on your Target, select Vulnerabilities in the sidebar.

  • Adjust the filter to obtain a shortlist of the vulnerabilities you want to send to your Issue Tracker.
  • Use the checkboxes next to vulnerabilities to select the ones to send to the Issue Tracker.
  • Click Send to Issue Tracker at the top of the Vulnerabilities panel.

Check your JIRA Issues page

Your JIRA Issues page will display the submitted issues:

 

« Back to the Acunetix Support Page