Integrating Acunetix with JIRA using oAuth
Integrating Acunetix with JIRA using oAuth involves a five-step process:
- Create a public-private key pair
- Create an application link for Acunetix in JIRA
- Configure Acunetix for integration
- Configure a Target to report issues to your issue tracker
- Submit vulnerabilities to JIRA
Prerequisites Before integrating Acunetix with JIRA, ensure you have completed the following preparations:
|
Step 1: Create public and private keys
- On a Linux machine, create a public and private key pair as follows:
mkdir ~/jira-keys cd ~/jira-keys openssl genrsa -out jira-private.pem 1024 openssl req -newkey rsa:1024 -x509 -key jira-private.pem -out jira-public.cer -days 9999 openssl x509 -pubkey -noout -in jira-public.cer > jira-public.pem |
Step 2: Create an application link for Acunetix in JIRA
- Navigate to the Applications option in the JIRA Administration Menu. If prompted, authenticate again to access administrative functions.
- Select Application links from the sidebar.
- Enter https://acunetix.com in the URL field, then click Create new link.
- If a Configure Application URL dialog appears:
- Select the Use this URL checkbox.
- Click Continue.
- In the first Link applications dialog:
- Set the Application Name to Acunetix.
- Choose Generic Application from the Application Type dropdown.
- Enable the Create incoming link checkbox.
- Leave the remaining fields blank, as they are only used for outgoing links and the Acunetix integration requires only incoming link functionality.
- Click Continue.
- In the second Link applications dialog:
- Set the Consumer Key field to AcunetixKey.
- Set the Consumer Name field to Acunetix Integration.
- Paste the contents of the jira-public.pem certificate file created earlier into the Public Key field.
- Click Continue.
Step 3: Configure Acunetix for integration
- Select Issue Trackers from the Acunetix side menu.
- Click + Add Issue Tracker.
- Set the Name field to describe the integration. For this example, we have used JIRA Issues.
- In the Target Groups Access panel, select the Target Groups that will be assigned to the issue tracker. Note that only Targets inside an assigned Target Group can be integrated into this issue tracker.
- In the Issue Tracker Platform and Authentication panel:
- Set the Platform dropdown to JIRA.
- Set the Authentication field to OAuth.
- In the URL field, enter the URL for your JIRA installation; for example, http://10.10.4.72:8080.
- Set the Consumer Key field to AcunetixKey (matching the Consumer Key configured in JIRA earlier).
- Paste the contents of the jira-private.pem certificate file created earlier into the Private Key field.
- Click Test Connection.
- Once Acunetix confirms the URL is responsive, click the here link. You will be redirected to your JIRA installation to verify access.
- Click Allow.
- Go back to Acunetix and click Test Connection. You should receive a Connection is Successful message.
- The Project and Issue Type panel will be updated with your list of Projects and Issue Labels.
- Choose the JIRA project to link the integration. For example, use the pre-created internal-wiki project.
- Select the JIRA Issue Type for Acunetix to create when a vulnerability is found. In this example, we have used the custom type Vulnerability.
- If the chosen issue type includes custom fields, you can add these fields and assign values as needed. Additionally, you can include a label for issues created when reporting from Acunetix to JIRA.
- Click Save at the top of the Add New Issue Tracker page.
Step 4: Configure a Target to report issues to the issue tracker
- Select Targets from the Acunetix side menu.
- From your list of Targets, select the one you want to work with.
- On the Target Settings page, scroll down and expand the Advanced section.
- Enable the Issue Tracker toggle.
- From the Issue Tracker dropdown, select the JIRA Integration configuration you intend to use.
- Click Save at the top of the Target Settings page.
Now that your Target is set up to link to JIRA, you need to scan your Target. When the scan is completed, you will be able to select the vulnerabilities to submit to your issue tracker.
Step 5: Submit vulnerabilities to JIRA
After completing a scan on your Target:
- Select Vulnerabilities in the Acunetix side menu.
- Adjust the filter to obtain a shortlist of the vulnerabilities you want to send to your issue tracker.
- Use the checkboxes next to the vulnerabilities to select the ones to send to the issue tracker.
- Click Send to Issue Tracker.
- Check your JIRA Issues page. Your JIRA Issues page will display the submitted issues.