SBN

Step-by-Step Configuration with GitLab


You can manage web vulnerabilities internally with Acunetix. However, these vulnerabilities will need to be fixed by developers and the developers may already use an issue management system. Therefore, managing them internally might not be an optimal choice. In such a case, your vulnerability scanner should be able to work directly with the issue management system.

Acunetix can export discovered vulnerabilities as issues to external issue trackers such as GitLab. In this article, you will learn how to set up a GitLab account and how to set up Acunetix to work with GitLab.

Step 1. Prepare Your GitLab Account for Integration

Create your GitLab Account

  1. Go to the GitLab site
  2. Click on the Register button
  3. In the Register panel:
    • Enter a Full name for your new account
    • Enter a Username for your new account
    • Enter a valid Email for your new account
    • Choose a Password for your new account
    • Solve the CAPTCHA component prior to account creation
    • Click on the Register button
    • Check your mailbox and click on the link in the account verification email you received; this will send you to the GitLab Projects page

     
    Integrating Acunetix with GitLab
     

Create a project

  1. On your GitLab Projects page, click on Create a project
     
    Integrating Acunetix with GitLab
     
  2. Click on the New button
     
    Integrating Acunetix with GitLab
     
  3. In the Blank project tab:
    • Choose the Project name
    • Choose the Project slug
    • Optionally, enter a description for the project
    • Set the repository to Private (unless you want this project to be visible o the general public)
    • Select the checkbox labelled Initialize repository with a README to allow you to work with the repository immediately
    • Click on the Create project button

     
    Integrating Acunetix with GitLab
     

Create Issue Labels for Your Project

  1. On your project sidebar, click on the Issues → Labels menu item
     
    Integrating Acunetix with GitLab
     
  2. Start by creating a default set of labels – click on the Generate a default set of labels button
     
    Integrating Acunetix with GitLab
     
  3. At the top of the Labels page, click on the New label button
     
    Integrating Acunetix with GitLab
     
  4. In the Title field, enter vulnerability
  5. In the Description field, enter Identified by Acunetix
  6. Click on the Create label button
     
    Integrating Acunetix with GitLab
     

Create a Personal Access Token for Acunetix Integration Authentication

  1. From your GitLab profile dropdown, select Settings
     
    Integrating Acunetix with GitLab
     
  2. Click on the Access Tokens menu item in the User Settings menu in the sidebar
     
    Integrating Acunetix with GitLab
     
  3. On the Personal Access Tokens page:
    • In the Name field, enter Acunetix Integration – this is only a friendly name to remind you of its use
    • Set the Expires at field to the value that you require
    • Select the api scope from the Scopes list
    • Scroll to the bottom of the page and click on the Create personal access token button
       
      Integrating Acunetix with GitLab
       
    • Make sure you keep a copy of the token – it cannot be retrieved after you exit the page; if you lose the token, you will need to create a new one and repeat the process
       
      Integrating Acunetix with GitLab
       

Step 2. Configure Acunetix for Integration

  1. In the Acunetix UI, click on Issue Trackers option in the sidebar
  2. Click on the Add Issue Tracker button
  3. In the Name field, describe the integration – for this example, we have used GitLab Issues
  4. Select GitLab from the dropdown labelled Platform
  5. Set the Authentication field to Personal Access Token
  6. This example assumes you are using the gitlab.com online service, so you would set the URL to https://gitlab.com
  7. Paste your GitLab personal access token into the Token field
  8. Click on the Test Connection button – you should receive a Connection is Successful message; also, the Project and Issue Type panel will be updated with your list of projects and issue labels
     
    Integrating Acunetix with GitLab
     
  9. Select the GitLab project you want the integration to be linked to – in this example you would be using the pre-created internal-wiki project
     
    Integrating Acunetix with GitLab
     
  10. Select the GitLab issue type you want Acunetix to create when a vulnerability is found – in this example you would be using the custom type vulnerability
  11. Click on the Save button at the top of the Add Issue Tracker panel

Configure a Target to Report Issues to Your Issue Tracker

From your list of Targets, select the Target you wish to work with.

  1. In the Target Information panel, scroll to the bottom of the panel and expand the Advanced link
  2. Enable the Issue Tracker slider
     
    Integrating Acunetix with GitLab
     
  3. From the Issue Tracker dropdown, select the name of the GitLab integration configuration you wish to use
  4. At the top of the Target Information panel, click on the Save button

Now that your target is configured to link to GitLab, you need to scan your target. When the scan is completed, you will be able to select the vulnerabilities to submit to your issue tracker.

Submit Vulnerabilities to GitLab

Once you have completed a scan on your target:

  1. Select Vulnerabilities in the sidebar
  2. Adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your issue tracker
     
    Integrating Acunetix with GitLab
     
  3. Use the checkboxes next to vulnerabilities to select the vulnerabilities to send to the issue tracker
  4. Click on the Send to Issue Tracker button at the top of the Vulnerabilities panel

Check Your GitLab Issues Page

Your GitLab Issues page will show the issues you have submitted to the issue tracker.
 
Integrating Acunetix with GitLab

THE AUTHOR
Kevin Attard Compagno
Technical Writer

Kevin Attard Compagno is a Technical Writer working for Acunetix. A technical writer, translator, and general IT buff for over 30 years, Kevin used to run Technical Support teams and create training documents and other material for in-house technical staff.


*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Kevin Attard Compagno. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/4wDIP3sbbyc/