You can integrate your Acunetix Premium account with Azure DevOps Services. This integration lets you send all the vulnerabilities discovered using Acunetix to Azure DevOps, where you can manage them as issues. This article shows how to set up your Azure DevOps account and how to integrate with it in Acunetix Premium.
Part 1: Prepare your Azure DevOps Services Account for Integration
If you already have an Azure DevOps account, you may skip relevant sections in this part of the article.
Step 1: Set Up Your Azure DevOps Services Account
- Open the Azure DevOps homepage and sign in to your Microsoft account
- Click on the Start free > button
- Select your Country or Region and click on the Continue button – this will send you to the Projects page
Step 2: Create a New Work Item Type for Your Projects
- In the Organizations menu, make sure the organization you want to work with is highlighted and click on the Organization Settings menu item
- In the Organization Settings menu, click on the Boards > Process menu item
- On the All processes page, click on the inline menu button for the Basic (default) process, and click on the Create inherited process menu item
- In the Create inherited process panel:
- Set the name of the process to Web Application Process
- Set the Description of the process to Process for Web Application Security
- Click on the Create process button; this will send you back to the All processes page showing (also) your newly-created process
- Click on the newly-created Web Application Process item; this will take you to the list of work item types for your process, showing you the predefined default types
- Click on the New work item type button
- In the Create new work item type panel:
- Set the Name field to Vulnerability
- Set the Description field to Identified by Acunetix
- Click on the Create button
Step 3: Create Your Azure DevOps Services Project
- In the Organizations menu, make sure the organization you want to work with is highlighted
- In the Create a project panel:
- Set the Project name for your Azure DevOps Services Project – for this example we used acunetix-test
- Set the Description field for your Azure DevOps Services project – this is simply a descriptive field; for this example we used Internal Web Application Project
- Set the Visibility to Private (unless you want this to be visible to the general public)
- Click on the Advanced button to expand the panel
- Set the Work item process to the process called Web Application Process (that you created earlier)
- Click on the Create project button – this will take you to the Project Summary page
Step 4: Create a Personal Access Token for Acunetix Integration Authentication
- In the User Settings menu, click on the Personal access tokens menu item
- On the Personal Access Tokens page, click on the New Token button
- On the Create a new personal access token page:
- Set the Name field to Acunetix Integration – this is only a friendly name to remind you of its use
- Set the Organization field to All accessible organizations – you may select a narrower definition if you wish to do so
- Set the Expiration field to 90 days – you may select a different expiry (up to one year)
- Set the Scopes option to Full access
- Click on the Create button
Note: Make sure you keep a copy of the token – it cannot be retrieved after you exit the page. If you lose the token, you will need to create a new one and repeat the process.
Part 2: Configuring Acunetix for Integration
- In the Acunetix UI, click on Issue Trackers in the sidebar
- Click on the Add Issue Tracker button
- Set the Name field to describe the integration – for this example, we have used Azure DevOps Services Issues
- Select Azure DevOps Services from the dropdown labelled Platform
- Set the URL to the format https://dev.azure.com/<organization-name>; this example assumes that your Azure DevOps Service organization was named kacacunetix, therefore the URL will be https://dev.azure.com/kacacunetix
- Insert your Azure DevOps Services Personal Access Token into the Token field
- Click on Test Connection – you should receive a Connection is Successful message; also, the Project and Issue Type panel will be updated with your list of projects and issue labels
- Select the Azure DevOps Services project you want the integration to be linked to – in this example you would be using the pre-created acunetix-test project
- Select the Azure DevOps Services work item type you want Acunetix to create when a vulnerability is found – in this example you would be using the custom type Vulnerability
- Click on the Save button at the top of the Add Issue Tracker panel
Part 3: Configuring a Target to Report Issues to Your Issue Tracker
From your list of targets, select the target you wish to work with.
- In the Target Information panel, scroll to the bottom of the panel and expand the Advanced link
- Enable the Issue Tracker slider
- In the Issue Tracker dropdown, select the name of the Azure DevOps Services Integration configuration you wish to use
- At the top of the Target Information panel, click on the Save button
Now that your target is configured to link to Azure DevOps Services, you need to scan your target. When the scan is completed, you will be able to select the vulnerabilities to submit to your issue tracker.
Part 4: Submitting Vulnerabilities to Azure DevOps Services
Once you have completed a scan on your target:
- Select Vulnerabilities in the sidebar
- Adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your issue tracker
- Use the checkboxes next to vulnerabilities to select the vulnerabilities to send to the issue tracker
- Click on the Send to Issue Tracker button at the top of the Vulnerabilities panel
Check Your Azure DevOps Work Items Page
Your Azure DevOps Work Items page will show the issues you have submitted to the issue tracker.
Get the latest content on web security
in your inbox each week.
THE AUTHOR
Kevin Attard Compagno
Technical Writer
Technical Writer
