Integrating Acunetix with Microsoft Azure Active Directory DevOps Server (TFS)

Integrating Acunetix with Azure AD DevOps Services (TFS) is a 4-step process:

  1. Configure Acunetix for integration
  2. Configure a Target to report issues to your issue tracker
  3. Submit vulnerabilities to Azure DevOps Server
  4. Check your Azure AD DevOps Server Work Items page

Prerequisites: Before integrating Acunetix with Azure AD DevOps Server, ensure you have completed the following preparations:

  • Create a project. Typically, this would contain the source code for the Target Web Application.
  • Create custom work item types (unless you are satisfied with using the default built-in work item types). The example in these instructions assumes that you have created a custom work item type named Vulnerability.
  • If using Acunetix Online, ensure that your Azure AD DevOps Server system allows incoming API requests from online.acunetix.com and app.invicti.com (For EU-based customers: app-eu.invicti.com).
  • Create a Personal Access Token to secure the communication channel between Acunetix and Azure DevOps for your Target's project

Step 1: Configure Acunetix for integration

  1. Select Issue Trackers from the Acunetix side menu.

  1. Click + Add Issue Tracker.

  1. Set the Name field to describe the integration. In this example, we have used Azure DevOps Server Issues.

  1. In the Target Groups Access panel, select the Target Groups that will be assigned to the Issue Tracker. Only Targets inside an assigned Target Group can be integrated into this Issue Tracker.

  1. Set the Platform to Azure DevOps (TFS).
  2. Set the URL to the format https://<AzureDevOpsServer>. For example, if your Azure DevOps Server is installed on IP Address 192.168.1.242 then the URL will be http://192.168.1.242.
  3. Enter your Azure DevOps Server Username into the Username or Email field.
  4. Enter your Azure DevOps Server Password into the Password field.
  5. Click Test Connection. You should receive a Connection is Successful message. The Project and Issue Type panel will update with your list of Projects and Issue Labels.

  1. Select the Azure DevOps Server project to link the integration. In this example, we have used the pre-created DefaultCollection\acunetix-test project.
  2. Select the Azure DevOps Server Work Item Type for Acunetix to create when a vulnerability is found. In this example, we have used the custom Issue Type Vulnerability.

  1. If the selected issue type has custom fields defined, you can add the custom fields and assign values to those fields.

  1. Click Save at the top of the Add New Issue Tracker page.

Step 2: Configure a Target to report issues to your issue tracker

  1. Select Targets from the Acunetix side menu.
  2. From your list of Targets, click the Target you want to work with.
  3. On the Target Settings page, scroll down, and expand the Advanced section.
  4. Enable the Issue Tracker toggle.
  5. Use the Issue Tracker dropdown to select the name of the Azure DevOps Server Integration configuration you wish to use.
  6. At the top of the Target Settings page, click Save.

Now that your Target is configured to link to Azure DevOps Server, proceed to scan your Target. After the scan is completed, you'll be able to select the vulnerabilities to submit to your Issue Tracker.

Step 3: Submit vulnerabilities to Azure AD DevOps Server

  1. Select Vulnerabilities in the Acunetix side menu.
  2. Adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your Issue Tracker.
  3. Use the checkboxes next to the vulnerabilities to select the ones you want to send to the Issue Tracker.
  4. Click Send to Issue Tracker.

Step 4: Check your Azure AD DevOps Server Work Items page

Your Azure DevOps Server Work Items page will now display the issues you've submitted to the Issue Tracker.

 

« Back to the Acunetix Support Page