Integrating Acunetix with JIRA

This document shows, step-by-step, how to integrate Acunetix with JIRA using 2 methods:

  • HTTP Basic Token
  • oAuth

Following that, you will also see how to configure your target to link with your issue tracker, submit vulnerabilities to JIRA, and generate reports from JIRA.

Integrating Acunetix with JIRA (HTTP Basic Token)

Integrating Acunetix with JIRA is a 4-step process:

  • Prepare an API Token in JIRA for communication with Acunetix
  • Configuring Acunetix for Integration
  • Configuring a Target to Report Issues to your Issue Tracker
  • Submitting Vulnerabilities to JIRA

🔍 Integrating Acunetix with JIRA (HTTP Basic Token) - Prerequisites

Before you can successfully integrate Acunetix with JIRA, you will need to have completed some preparation beforehand:

  • you should already have a JIRA account
  • you should already have created a project - typically this would contain the source code for the Target Web Application
  • you should already have your custom issue labels created – unless you are satisfied using the default built-in labels for your issues; the included example assumes that you have created a custom issue label named "Vulnerability"
  • you should already have created an API Token to secure the communication channel between Acunetix and JIRA for your Target's repository
  • if you are using Acunetix Online, you should ensure that your JIRA system allows incoming API requests from online.acunetix.com

Create an API Token in your JIRA Account Settings

  • From the "Settings" menu, click the "Atlassian account settings" menu item

  • Click the "Security" menu item in the "Atlassian account" menu in the sidebar

  • Click the "Create and manage API tokens" link in the Security page

  • Click the "Create API token" button

  • In the "Create an API token" page, set the "Name" field to "Acunetix Integration" – this is only a friendly name to remind you of its use

  • Make sure you keep a copy of the Token - it cannot be retrieved after you exit the page. If you lose the Token, you will need to create a new one and repeat the process.

Configuring Acunetix for Integration

  • In the Acunetix UI, click on "Issue Trackers" in the sidebar
  • Click on the "Add Issue Tracker" button

  • Set the "Name" field to describe the integration – for this example, we have used "JIRA Issues"

  • In the "Target Groups Access" panel, select which Target Groups will be assigned to the Issue Tracker; only Targets inside an assigned Target Group can be integrated into this Issue Tracker

  • In the "Proxy Settings" panel, choose which HTTP proxy settings will be used to communicate with this Issue Tracker

  • Select "JIRA" from the dropdown labelled "Platform"
  • Set the "Authentication" field to "HTTP Basic Token"
  • Set the URL to the format https://<jira-site-name>.atlassian.net; this example assumes that your JIRA site was named "acunetix-test"; therefore the URL will be "https://acunetix-test.atlassian.net/"
  • Insert your JIRA API Token into the "Token" field
  • Click on "Test Connection" - you should receive a "Connection is Successful" message; also, the "Project and Issue Type" panel will be updated with your list of Projects and Issue Labels

  • Select the JIRA project you want the integration to be linked to – in this example you would be using the pre-created "internal-wiki" project
  • Select the JIRA Issue Type you want Acunetix to create when a vulnerability is found – in this example you would be using the custom type "Vulnerability"

  • If the selected issue type has custom fields defined, you can add the custom fields and assign values to those fields
  • Click the "Save" button at the top of the "Add Issue Tracker" panel

Integrating Acunetix with JIRA (oAuth)

Integrating Acunetix with JIRA is a 5-step process:

  • Create a public-private key pair
  • Create an application link for Acunetix in JIRA
  • Configuring Acunetix for Integration
  • Configuring a Target to Report Issues to your Issue Tracker
  • Submitting Vulnerabilities to JIRA

🔍 Integrating Acunetix with JIRA (oAuth) - Prerequisites

Before you can successfully integrate Acunetix with JIRA, you will need to have completed some preparation beforehand:

  • you should already have a JIRA account
  • you should already have created a project - typically this would contain the source code for the Target Web Application
  • you should already have your custom issue labels created – unless you are satisfied using the default built-in labels for your issues; the included example assumes that you have created a custom issue label named "Vulnerability"
  • if you are using Acunetix Online, you should ensure that your JIRA system allows incoming API requests from online.acunetix.com

Create public and private keys

On a linux machine, create a public and private key pair:

mkdir ~/jira-keys

cd ~/jira-keys

openssl genrsa -out jira-private.pem 1024

openssl req -newkey rsa:1024 -x509 -key jira-private.pem -out jira-public.cer -days 9999

openssl x509 -pubkey -noout -in jira-public.cer  > jira-public.pem

Create an application link for Acuntix in JIRA

  • Go to the Applications option in the JIRA Administration Menu (you may be required to authenticate again to access administrative functions)

  • Select Application links in the sidebar

  • Type https://acunetix.com in the URL field, and click the Create new link button

  • If you are presented with a Configure Application URL dialog:
  • enable the Use this URL checkbox
  • click the Continue button

  • In the first Link applications dialog:
  • set the Application Name field to "Acunetix"
  • set the Application Type dropdown to "Generic Application"
  • enable the Create incoming link checkbox
  • leave the remaining fields blank (only used for outgoing links; Acunetix integration requires only incoming link functionality)
  • click the Continue button

  • In the second Link applications dialog:
  • set the Consumer Key field to "AcunetixKey"
  • set the Consumer Name field to "Acunetix Integration"
  • set the Public Key field to the contents of the jira-public.pem certificate file created earlier
  • click the Continue button

Configuring Acunetix for Integration

  • In the Acunetix UI, click on Issue Trackers in the sidebar
  • Click on the Add Issue Tracker button

  • Set the Name field to describe the integration – for this example, we have used JIRA Issues

  • In the "Target Groups Access" panel, select which Target Groups will be assigned to the Issue Tracker; only Targets inside an assigned Target Group can be integrated into this Issue Tracker

  • In the "Proxy Settings" panel, choose which HTTP proxy settings will be used to communicate with this Issue Tracker

  • In the Issue Tracker Platform and Authentication panel:
  • set the Platform dropdown to "JIRA"
  • set the Authentication field to "OAuth"
  • set the URL field to the URL for your JIRA installation; in this example, JIRA was installed with URL http://10.10.4.72:8080
  • set the Consumer Key field to "AcunetixKey"; this must match the Consumer Key configured in JIRA earlier
  • set the Private Key field to the contents of the jira-private.pem certificate file created earlier
  • click the Test Connection button

  • Once Acunetix has checked the URL is responding to requests:
  • click the here link; you will be forwarded to your JIRA installation to verify access

  • Click the Allow button
  • Return to your Acunetix browser window

  • Click the Test Connection button - you should receive a Connection is Successful message; also, the Project and Issue Type panel will be updated with your list of Projects and Issue Labels

  • Select the JIRA project you want the integration to be linked to – in this example you would be using the pre-created "internal-wiki" project
  • Select the JIRA Issue Type you want Acunetix to create when a vulnerability is found – in this example you would be using the custom type "Vulnerability"

  • If the selected issue type has custom fields defined, you can add the custom fields and assign values to those fields

  • You can also add a Label to issues created when reporting issues from Acunetix to JIRA
  • Click the "Save" button at the top of the "Add Issue Tracker" panel

Configuring a Target to Report Issues to your Issue Tracker

From your list of Targets, select the Target you wish to work with.

  • In the Target Information panel, scroll to the bottom of the panel and expand the "Advanced" link.

  • Enable the "Issue Tracker" slider
  • From the "Issue Tracker" dropdown, select the name of the JIRA Integration configuration you wish to use
  • At the top of the "Target Information" panel, click the "Save" button

Now that your Target is configured to link to JIRA, you need to Scan your Target. When the Scan is completed, you will be able to select the Vulnerabilities to submit to your Issue Tracker.

Submitting Vulnerabilities to JIRA

Once you have completed a Scan on your Target:

  • select "Vulnerabilities" in the sidebar

  • adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your Issue Tracker
  • use the checkboxes next to vulnerability to select the vulnerabilities to send to the Issue Tracker
  • click the "Send to Issue Tracker" button at the top of the "Vulnerabilities" panel

Check your JIRA Issues page

Your JIRA Issues page will show the issues you have submitted to the Issue Tracker:

 

« Back to the Acunetix Support Page