Integrating Acunetix with JIRA is a 4-step process:
- Prepare an API Token in JIRA for communication with Acunetix (Steps to do for our Clients)
- Configuring Acunetix for Integration (Securiace does it for you, only for reference)
- Configuring a Target to Report Issues to your Issue Tracker (Securiace does it for you, only for reference)
- Submitting Vulnerabilities to JIRA (Securiace does it for you, only for reference)
Integrating Acunetix with JIRA - Prerequisites
Before you can successfully integrate Acunetix with JIRA, you will need to have completed some preparation beforehand:
Create an API Token in your JIRA Account Settings
- From the "Settings" menu, click the "Atlassian account settings" menu item
- Click the "Security" menu item in the "Atlassian account" menu in the sidebar
- Click the "Create and manage API tokens" link in the Security page
- Click the "Create API token" button
- In the "Create an API token" page, set the "Name" field to "Acunetix Integration" – this is only a friendly name to remind you of its use
- Make sure you keep a copy of the Token - it cannot be retrieved after you exit the page. If you lose the Token, you will need to create a new one and repeat the process.
Configuring Acunetix for Integration
- In the Acunetix UI, click on "Issue Trackers" in the sidebar
- Click on the "Add Issue Tracker" button
- Set the "Name" field to describe the integration – for this example, we have used "JIRA Issues"
- Select "JIRA" from the dropdown labelled "Platform"
- Set the "Authentication" field to "HTTP Basic Token"
- Set the URL to the format https://<jira-site-name>.atlassian.net; this example assumes that your JIRA site was named "acunetix-test"; therefore the URL will be "https://acunetix-test.atlassian.net/"
- Insert your JIRA API Token into the "Token" field
- Click on "Test Connection" - you should receive a "Connection is Successful" message; also, the "Project and Issue Type" panel will be updated with your list of Projects and Issue Labels
- Select the JIRA project you want the integration to be linked to – in this example you would be using the pre-created "internal-wiki" project
- Select the JIRA Issue Type you want Acunetix to create when a vulnerability is found – in this example you would be using the custom type "Vulnerability"
- Click the "Save" button at the top of the "Add Issue Tracker" panel
Configuring a Target to Report Issues to your Issue Tracker
From your list of Targets, select the Target you wish to work with.
- In the Target Information panel, scroll to the bottom of the panel and expand the "Advanced" link.
- Enable the "Issue Tracker" slider
- From the "Issue Tracker" dropdown, select the name of the JIRA Integration configuration you wish to use
- At the top of the "Target Information" panel, click the "Save" button
Now that your Target is configured to link to JIRA, you need to Scan your Target. When the Scan is completed, you will be able to select the Vulnerabilities to submit to your Issue Tracker.
Submitting Vulnerabilities to JIRA
Once you have completed a Scan on your Target:
- select "Vulnerabilities" in the sidebar
- adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your Issue Tracker
- use the checkboxes next to vulnerability to select the vulnerabilities to send to the Issue Tracker
- click the "Send to Issue Tracker" button at the top of the "Vulnerabilities" panel
Check your JIRA Issues page
Your JIRA Issues page will show the issues you have submitted to the Issue Tracker: