Integrating Acunetix with GitHub for CI/CD
Integrating Acunetix with GitHub for Continuous Integration and Deployment is a 2-step process:
Step 1: Prepare your Acunetix Target information
- Log in to Acunetix.
- Select Targets from the left-side menu.
- Click on the Target you wish to work with.
- Retrieve the Target ID from the URL. You will use this information to configure GitHub to integrate with Acuetix.
- Click on your name in the top-left corner and select Profile.
- Scroll down to the API Key section and click Generate new API key to obtain your API Key. You will use your API key to configure GitHub to integrate with Acunetix.
Step 2: Configure GitHub to integrate with Acunetix
- Log in to your GitHub account and click on the repository you wish to work with.
- Select Actions.
- Click Set up a workflow yourself.
- Create a yml file. Edit the file to have the following contents:
name: CI on: push: branches: [ main ] pull_request: branches: [ main ] workflow_dispatch: jobs: build: runs-on: ubuntu-latest steps: - name: Trigger Acuneitx Scan run: | curl -k -i --request POST --url "https://online.acunetix.com/api/v1/scans" --header "X-Auth: [APIKEY]" --header "content-type: application/json" --data '{"profile_id":"11111111-1111-1111-1111-111111111111", "schedule":{"disable":false,"start_date":null,"time_sensitive":false}, "user_authorized_to_scan":"yes", "target_id":"[Target ID]"}' |
- Replace the 3 highlighted fields:
- [API KEY] - To set the correct X-Auth value, replace the [API KEY] text with the API key you retrieved from Acunetix.
- profile_id - The suggested value for profile_id is 11111111-1111-1111-1111-111111111111 - this default value is for a Full Scan. If you wish to specify a different scan profile, you can set one of the following values:
- For Acunetix Online
- Full Scan: 11111111-1111-1111-1111-111111111111
- High Risk Vulnerabilities: 11111111-1111-1111-1111-111111111112
- SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
- Weak Passwords: 11111111-1111-1111-1111-111111111115
- Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
- Crawl Only: 11111111-1111-1111-1111-111111111117
- Malware Scan: 11111111-1111-1111-1111-111111111120
- Full Web and Network Scan: 11111111-1111-1111-1111-211111111111
- Network Scan: 11111111-1111-1111-1111-211111111112
- Network Scan (Safe Checks): 11111111-1111-1111-1111-211111111113
- Network Scan Quick: 11111111-1111-1111-1111-211111111114
- For Acunetix On-Premises
- Full Scan: 11111111-1111-1111-1111-111111111111
- High Risk: 11111111-1111-1111-1111-111111111112
- SQL Injection Vulnerabilities: 11111111-1111-1111-1111-111111111113
- Weak Passwords: 11111111-1111-1111-1111-111111111115
- Cross-site Scripting Vulnerabilities: 11111111-1111-1111-1111-111111111116
- Crawl Only: 11111111-1111-1111-1111-111111111117
- High / Medium Risk: 11111111-1111-1111-1111-111111111119
- Malware Scan: 11111111-1111-1111-1111-111111111120
- Custom scan profile - Alternatively, you can use the scan profile ID of any custom scan profiles you may have created. You can retrieve the scan profile ID of custom scan profiles via the Acunetix API, or by navigating to the custom scan profile, and checking the URL.
- [Target ID] - To set the correct target_id value, replace the [Target ID] text with the target ID you retrieved from Acunetix.
- Click Start commit to save your settings.
- Click Commit new file.
This will initiate a manual run of the workflow, consequently adding an immediate scan request to Acunetix. Subsequently, all future commits will also trigger a scan request to Acunetix.