Integrating Invicti Enterprise with FogBugz
FogBugz is an issue tracking and project management system. FogBugz software helps you to monitor your tasks and processes by gathering all features, forums and customer requests in a central location.
This topic explains how to configure Invicti Enterprise to send a detected vulnerability to FogBugz.
Invicti Enterprise has out-of-the-box support for resolving and reactivating FogBugz cases according to the scan results, in addition to automatic case creation. Invicti Enterprise uses default Resolved and Reactivated statuses in FogBugz for this purpose.
To enhance issue synchronization support, Invicti Enterprise also offers webhook support. This enables you to detect any status changes in FogBugz cases opened by Invicti Enterprise
- Invicti Enterprises generates a Webhook URL after you save your integration settings. When you register this link as a webhook in your FogBugz Project, you will complete Invicti Enterprise issue synchronization for your integration.
- When you resolve your FogBugz case, your Invicti Enterprise issue is automatically marked as Fixed (Unconfirmed) and a retest scan is started. And, when you reactivate your FogBugz case, the Invicti Enterprise issue is automatically marked as Revived.
For further information, see Integrating Invicti Enterprise with an Issue Tracking System.
FogBugz Fields
This table lists and explains the FogBugz fields in the New FogBugz Integration window.
Button/Section/Field |
Description |
Name |
This is the name of the configuration that will be shown elsewhere. |
Mandatory |
This section contains fields that must be completed. |
URL |
This is the FogBugz instance URL. |
Token |
This is the API token for the user. |
Title Format |
This is the string format that is used to create the vulnerability title. |
Category |
This is the category in which to assign cases. |
Optional |
This section contains optional fields. |
Area |
This is the area in which to assign cases. |
Milestone |
This is the valid target milestone for the product. |
Project |
This is the project identifier in which to create an issue. |
Assigned To |
This is the user to whom the issue is assigned. |
Tags |
These are the work item tags, separated by a semicolon (;). |
Custom Fields |
This section contains user-defined custom fields. |
New Custom Field |
Click to create a new custom field. |
Name |
Enter a name for the new custom field. |
Value |
Enter a value for the new custom field. |
Dropdown |
Click the dropdown to change the input type. The options are:
|
Create Sample Issue |
Once all relevant fields have been configured, click to create a sample issue. |
How to Integrate Invicti Enterprise with FogBugz
- Log in to Invicti Enterprise.
- From the main menu, go to Integrations > New Integration.
- From the Issue Tracking Systems section, select FogBugz.
- In the Name field, enter a name for the integration.
- In the Mandatory section, complete the connection details:
- URL
- Token
- Title Format
- Category
- Select Create Sample Issue to confirm that Invicti Enterprise can connect to the configured system. A confirmation message is displayed to confirm that the sample issue has been successfully created.
- In the confirmation message, select the Issue number link to open the issue in your default browser.
- Select Save to save the integration.
How to Edit the FogBugz Integration
- Log in to Invicti Enterprise.
- From the main menu, select Integrations > Manage Integration.
- Next to the FogBugz, select Edit.
- Make the necessary changes and select Save.
How to Delete the FogBugz Integration
- Log in to Invicti Enterprise.
- From the main menu, select Integrations > Manage Integration.
- Next to the FogBugz, select Delete.
- On the confirmation dialog, select Delete.
How to Export Reported Vulnerabilities to Projects in FogBugz
There are several ways to send issues to FogBugz with Invicti Enterprise:
- Once notifications have been configured, you can configure Invicti Enterprise to automatically send vulnerabilities to FogBugz after scanning has been completed (see How to Configure a Notification to Report Vulnerabilities to an Issue Tracking System).
- You can send one or more issues from the Issues window:
- From the main menu, select Issues > All Issues.
- From the Issues window, select one or more issues you want to send.
- Select Send To > FogBugz.
A pop-up is displayed, with a link to the issue you have sent to FogBugz. If there is an error, this information will be displayed instead.
- You can also send an issue from the Recent Scans window:
- From the main menu, select Scans > Recent Scans.
- Next to the relevant scan, select Report.
- Scroll down to the Technical Report section.
- From the list of detected vulnerabilities, select an issue and display its details.
- Select Send To > FogBugz.
If you have previously submitted this vulnerability to FogBugz, it will already be accessible. You cannot submit the same issue twice.
How to Register Invicti Enterprise FogBugz Integration Webhook
- Log in to Invicti Enterprise.
- From the main menu, select Integrations > Manage Integrations.
- Next to the relevant FogBugz integration, select Edit. The Update FogBugz Integration window is displayed. In the Webhook URL field, select Copy to clipboard ().
- In FogBugz, in the Webhooks window, select Add New Hook.
- Paste in the Webhook URL (from Step 1). Add a filter, select the CaseResolved, CaseClosed, CaseReactivated, and CaseReactivated Event Types. From the Hook Type dropdown, select POST.
- Select OK.
- Select Save to save the integration.