Integrating Acunetix with Azure Active Directory DevOps Services for CI/CD

This integration has two steps: first, prepare your Acunetix Target information, and then configure Azure AD DevOps Services to integrate seamlessly with Acunetix. Follow the instructions below to integrate Acunetix with Azure Active Directory DevOps Services for CI/CD.

Step 1: Prepare your Acunetix Target information

  1. Log in to Acunetix.
  2. Select Targets from the left-side menu.
  3. Click on the desired target.

  1. Retrieve the Target ID from the URL. You will use this information to configure Azure AD DevOps Services to integrate with Acunetix.

  1. Click on your name in the top-left corner and select Profile.

  1. Scroll down to the API Key section and click Generate new API key to obtain your API Key. You will use your API key to configure Azure AD DevOps Services to integrate with Acunetix.

Step 2: Configure Azure AD DevOps Services to Integrate with Acunetix

  1. Log in to your Azure DevOps Services account.
  2. Navigate to your list of pipelines and select the specific pipeline you want to work with.

  1. Click Edit to access your pipeline settings.

  1. Add a task by clicking Add Task within one of your Agent Jobs.
  2. Follow the steps for your preferred script configuration option:
  1. Option 1: Command Line
  2. Option 2: PowerShell Script

  1. When you have finished configuring the script, click Save & queue, and then, in the drop-down menu, select Save & queue again.

  1. In the Run pipeline window, click Save and run. This will initiate a manual run of the pipeline and trigger an immediate scan request to Acunetix.

Subsequently, all future pipeline runs will also trigger scan requests to Acunetix.

Script configuration

Option 1: Command Line

  1. Choose the Command line option and click Add.
  2. Click on the new Command Line Script. You can optionally provide a name for clarity.
  3. Edit the Script field to read as follows:

curl -k -i --request POST --url https://online.acunetix.com/api/v1/scans --header "X-Auth: [API KEY]" --header "content-type: application/json" --data "{ \"profile_id\" : \"11111111-1111-1111-1111-111111111111\" , \"incremental\" : false , \"schedule\" : { \"disable\" : false , \"start_date\" : null , \"time_sensitive\" : false } , \"user_authorized_to_scan\" : \"yes\" , \"target_id\" : \"[Target ID]\" }"

Option 2: PowerShell Script

  1. Select the PowerShell Script option and click Add.
  2. Click on the new PowerShell Script. You can optionally provide a name for clarity.
  3. Set the Type to Inline.
  4. Edit the Script field to read as follows:

# Declare Variables

$MyAXURL="https://online.acunetix.com/api/v1"

$MyAPIKEY="[API KEY]"

$FullScanProfileID="11111111-1111-1111-1111-111111111111"

$MyRequestHeaders=@{

 'X-Auth' = $MyAPIKEY

 'Content-Type' = 'application/json'

}

$MyTargetID="[Target ID]"

# Trigger a scan on the target - Scan ID is in the HTTP Response Headers

$MyRequestBody='{"profile_id":"' + $FullScanProfileID + '" , "incremental" : false , "schedule" : { "disable" : false , "start_date" : null , "time_sensitive" : false } , "user_authorized_to_scan" : "yes" , "target_id" : "' + $MyTargetID + '" } '

Invoke-RestMethod -Uri $MyAXURL/scans -Headers $MyRequestHeaders -Method Post -Body $MyRequestBody

Additional configuration information

  • To set the correct X-Auth value, replace the "[API KEY]" text with the API key you retrieved in Step 1 from your Acunetix account.
  • The suggested value for profile_id is "11111111-1111-1111-1111-111111111111" - this default value is for a Full Scan. If you wish to specify a different scan profile, you can set one of the following values:

For Acunetix Online:

  • Full Scan: 11111111-1111-1111-1111-111111111111
  • High Risk Vulnerabilities: 11111111-1111-1111-1111-111111111112
  • SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
  • Weak Passwords: 11111111-1111-1111-1111-111111111115
  • Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
  • Crawl Only: 11111111-1111-1111-1111-111111111117
  • Malware Scan: 11111111-1111-1111-1111-111111111120
  • Full Web and Network Scan: 11111111-1111-1111-1111-211111111111
  • Network Scan: 11111111-1111-1111-1111-211111111112
  • Network Scan (Safe Checks): 11111111-1111-1111-1111-211111111113
  • Network Scan Quick: 11111111-1111-1111-1111-211111111114

For Acunetix On-Premises:

  • Full Scan: 11111111-1111-1111-1111-111111111111
  • High Risk: 11111111-1111-1111-1111-111111111112
  • SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
  • Weak Passwords: 11111111-1111-1111-1111-111111111115
  • Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
  • Crawl Only: 11111111-1111-1111-1111-111111111117
  • High / Medium Risk: 11111111-1111-1111-1111-111111111119
  • Malware Scan: 11111111-1111-1111-1111-111111111120

  • Alternatively, use the scan profile ID of any custom scan profiles you've created. You can retrieve the scan profile ID of custom scan profiles via the Acunetix API or by checking the URL when navigating to the custom scan profile.

  • To set the correct target_id value, replace the "[Target ID]" text with the target ID you retrieved in Step 1.

 

« Back to the Acunetix Support Page