Integrating Acunetix with GitLab for CI/CD
This integration has two steps. The first step is to prepare the Acunetix Target information. In step 2, you integrate Acunetix with GitLab for Continuous Integration and Deployment.
Step 1: Prepare your Acunetix Target information
- Log in to Acunetix.
- Select Targets from the left-side menu.
- Click on the Target you wish to work with.
- Retrieve the Target ID from the URL. You will use this information to configure GitLab to integrate with Acunetix.
- Click on your name in the top-left corner and select Profile.
- Scroll down to the API Key section and click Generate new API key to obtain your API Key. You will use your API key to configure GitLab to integrate with Acunetix.
Step 2: Configure Gitlab to Integrate with Acunetix
- Log in to your GitLab account.
- Navigate to your list of projects and click on the project you wish to work with.
- Click Set up CI/CD.
- This will require you to create a yml file. Edit this file to have the following contents:
ScanJob: script: |- curl -k -i --request POST --url "https://online.acunetix.com/api/v1/scans" --header "X-Auth: [APIKEY]" --header "content-type: application/json" --data '{"profile_id":"11111111-1111-1111-1111-111111111111","schedule":{"disable":false,"start_date":null,"time_sensitive":false},"user_authorized_to_scan":"yes","target_id":"[Target ID]"}' |
- Replace the 3 highlighted fields:
- [API KEY] - To set the correct X-Auth value, replace the "[API KEY]" text with the API key you retrieved in Step 1.
- profile_id - The suggested value for profile_id is "11111111-1111-1111-1111-111111111111". This default value is for a Full Scan. If you wish to specify a different scan profile, you can set one of the following values:
- For Acunetix Online
- Full Scan: 11111111-1111-1111-1111-111111111111
- High Risk Vulnerabilities: 11111111-1111-1111-1111-111111111112
- SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
- Weak Passwords: 11111111-1111-1111-1111-111111111115
- Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
- Crawl Only: 11111111-1111-1111-1111-111111111117
- Malware Scan: 11111111-1111-1111-1111-111111111120
- Full Web and Network Scan: 11111111-1111-1111-1111-211111111111
- Network Scan: 11111111-1111-1111-1111-211111111112
- Network Scan (Safe Checks): 11111111-1111-1111-1111-211111111113
- Network Scan Quick: 11111111-1111-1111-1111-211111111114
- For Acunetix On-Premises
- Full Scan: 11111111-1111-1111-1111-111111111111
- High Risk: 11111111-1111-1111-1111-111111111112
- SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
- Weak Passwords: 11111111-1111-1111-1111-111111111115
- Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
- Crawl Only: 11111111-1111-1111-1111-111111111117
- High / Medium Risk: 11111111-1111-1111-1111-111111111119
- Malware Scan: 11111111-1111-1111-1111-111111111120
- Custom scan profile - Alternatively, use the scan profile ID of any custom scan profiles you've created. You can retrieve the scan profile ID of custom scan profiles via the Acunetix API or by checking the URL when navigating to the custom scan profile.
- [Target ID] - To set the correct target_id value, replace the "[Target ID]" text with the target ID you retrieved in Step 1.
- Click Commit changes to save your settings. This will trigger a manual run of the pipeline, and therefore add an immediate scan request to Acunetix.
Subsequently, all future pipeline runs will also trigger scan requests to Acunetix.