Integrating Acunetix 360 with Entra ID (Azure AD) Pipelines

Azure DevOps is a web-based DevOps manager that provides CI/CD pipeline features called Azure Pipelines.

You can integrate Acunetix 360 with Azure Pipelines using cURL or PowerShell scripts generated by our Integration Script Generator, in order to enable our advanced integration functionality.

For further information, see What Systems Does Acunetix 360 Integrate With?.

Generating and Using Acunetix 360’s Azure Integration Scripts

Acunetix 360 uses cURL and PowerShell command-line tools to integrate with Azure Pipelines. In order to integrate with Acunetix 360, the Pipeline agent’s execution environment must support cURL or PowerShell.

How to Generate Acunetix 360's Azure Pipelines Integration Scripts

1. Log in to Acunetix 360.
2. From the main menu, go to  Integrations > New Integration > Azure Pipelines.
3. From the Integration Script Generator section, select the relevant Scan Settings:

• From the Scan Type field, select an option
• From the Website drop-down, select a website
• From the Scan Profile drop-down, select a scan profile (this is not displayed if you select Full with Primary Profile as the Scan Type)
• Enable the Stop the scan if the Build fails, if required
• Enable the Fail the Build if one of the selected scan severity is detected, if required
• Enable the Fail the Build if one of the selected scan severity is detected, if required (For further information, see Using Build Fail in Azure Pipelines Project.)

4. In the PowerShell field, select Copy to copy the PowerShell script. You will then paste this into the file described in How to Use Acunetix 360’s Azure Pipeline Integration Script Step 6.

How to Use Acunetix 360's Azure Pipeline Integration Script

1. Log in to your Azure DevOps account.
2. Navigate to your Azure DevOps Project window.

3. Go to  Pipelines > select a Pipeline > Edit.
4. Add PowerShell Task to the pipeline.
5. Add the PowerShell script copied from the Integration Script Generator. (See How to Generate Acunetix 360’s Azure Pipelines Integration Scripts.)
6. Select Variables. Add your Acunetix 360 API credentials as USERID and APITOKEN variables.

8. From the Save & Queue dropdown, select Save.

Using Build Fail in Azure Pipelines Project

It is possible to configure a failure in the Azure Pipelines build to stop the scan when a vulnerability severity is detected.

This can be configured using the Severity, Confirmed, False Positive, and Accepted Risk parameters.

1. Scan Severity: With this option, you choose which severity will fail this build when found in a related scan. If you choose “DoNotFail”, the detected vulnerability does not affect your Azure build.

The options for Scan Severity are:

• DoNotFail
• Critical
• High or above
• Medium or above
• Low or above
• Best Practice or above
  

2. Confirmed: With this option, you choose to fail this build when a vulnerability found in a related scan is confirmed.

For example, if you choose the Medium or above option from the Scan Severity drop-down and select the Is Confirmed checkbox, the build fails only if the vulnerability has medium or higher severity and that vulnerability is confirmed. Otherwise, the build continues.

3. False Positive: With this option, you choose not to fail this Azure build when the scan identifies a vulnerability set as a False Positive.

For example, if you choose the Medium or above option from the Scan Severity drop-down and select the False Positive checkbox, the build will not fail if the vulnerability has medium or higher severity and that vulnerability is false positive. Otherwise, the build fails.

4. Accepted Risk: With this option, you choose not to fail this Azure build when the scan identifies a vulnerability set as an Accepted Risk.

For example, if you choose the Medium or above option from the Scan Severity drop-down and select the Accepted Risk checkbox, the build will not fail if the vulnerability has medium or higher severity and that vulnerability is accepted risk. Otherwise, the build fails.