Integrating Acunetix with Azure Active Directory DevOps Services

Integrating Acunetix with Azure AD DevOps Services is a 4-step process:

  1. Configure Acunetix for integration
  2. Configure a Target to report issues to your issue tracker
  3. Submit vulnerabilities to Azure DevOps Services
  4. Check your Azure DevOps Work Items page

Prerequisites: Before integrating Acunetix with Azure DevOps Services, ensure you have completed the following preparations:

  • Create a project. Typically, this would contain the source code for the Target Web Application.
  • Create custom work item types (unless you are satisfied with using the default built-in work item types). The example in these instructions assumes that you have created a custom work item type named Vulnerability.
  • If using Acunetix Online, ensure that your Azure AD DevOps Server system allows incoming API requests from online.acunetix.com and app.invicti.com (For EU-based customers: app-eu.invicti.com).
  • Create a Personal Access Token to secure the communication channel between Acunetix and Azure DevOps Services for your Target's project

Step 1: Configure Acunetix for integration

  1. Select Issue Trackers from the Acunetix side menu.
  2. Click + Add Issue Tracker.

  1. Set the Name field to describe the integration. In this example, we have used Azure DevOps Services Issues.
  2. In the Target Groups Access panel, select the Target Groups that will be assigned to the Issue Tracker. Only Targets inside an assigned Target Group can be integrated into this Issue Tracker.

  1. Set the Platform to Azure DevOps Services.
  2. Set the URL to the format https://dev.azure.com/<organization-name>. For example, if your Azure DevOps Service organization is named acunetix, then the URL will be https://dev.azure.com/acunetix.
  3. Enter your Azure DevOps Services Personal Access Token into the Token field.
  4. Click Test Connection. You should receive a Connection is Successful message. The Project and Issue Type panel will update with your list of Projects and Issue Labels.

  1. Select the Azure DevOps Services project to link the integration. In this example, we have used the pre-created acunetix-test project.
  2. Select the Azure DevOps Services Work Item Type for Acunetix to create when a vulnerability is found. In this example, we haved used the custom Issue Type Vulnerability.

  1. If the selected issue type has custom fields defined, you can add the custom fields and assign values to those fields.

  1. Click Save at the top of the Add New Issue Tracker page.

Step 2: Configure a Target to report issues to your issue tracker

  1. Select Targets from the Acunetix side menu.
  2. From your list of Targets, select the Target you wish to work with.
  3. On the Target Settings page, scroll down expand the Advanced section.
  4. Enable the Issue Tracker toggle.
  5. From the Issue Tracker dropdown, select the name of the Azure DevOps Services Integration configuration you wish to use.

  1. Click Save at the top of the Target Settings page.

Now that your Target is configured to link to Azure DevOps Services, you need to Scan your Target. When the Scan is completed, you will be able to select the vulnerabilities to submit to your Issue Tracker.

Step 3: Submit vulnerabilities to Azure AD DevOps Services

Once you have completed a scan on your Target:

  1. Select Vulnerabilities in the side menu.
  2. Adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your issue tracker
  3. Use the checkboxes to select vulnerabilities to send to the issue tracker.
  4. Click Send to Issue Tracker.

Step 4: Check your Azure DevOps Work Items page

Your Azure DevOps Work Items page will show the issues you have submitted to the Issue Tracker:

 

« Back to the Acunetix Support Page