Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Support
Issue Tracking Systems

Integrating Invicti Enterprise with an issue-tracking system

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

Integrating Invicti Enterprise with an issue-tracking system means that you can have vulnerabilities identified during a web application security scan automatically created as issues in your issue-tracking system. This type of integration is called Endpoint Integration. Integrations, regardless of the issue tracking system used, are configured in Invicti Enterprise. Refer to the Integrations document for information on supported issue-tracking systems.

Alternatively, you can send issues manually to your issue tracking system.

This document explains how to create a new integration of Invicti Enterprise and your issue-tracking system.

Configure endpoint integration

In this example, for the purposes of illustration, we integrate Invicti Enterprise with Jira.

How to integrate Invicti Enterprise with an issue-tracking system

  • Select Integrations > New Integration from the left-side menu.
  • Click on Jira to open a configuration window.
  • Complete the connection details:
  • Name: the name of the integration.
  • URL: the URL that must be specified as the domain name.
  • Username or Email: use username or email address for login.
  • Access Token or Password: the access token (API) or the password of the user.

  • Click Load Jira Details to continue the configuration.
  • Fill in the Project Configuration fields:
  • Choose your project from the Project Key drop-down.
  • From the Issue Type drop-down, choose the issue type.
  • Title Format: the string used to create the issue title. Leave it as it is or type your title format including {0}.
  • Template: choose a template type for the issue description: Standard or Detailed which displays more information, such as Request and Response detail.

  • Click Create Sample Issue to test the integration. A confirmation message will appear to confirm that the issue was created successfully.
  • After clicking Save you are taken to the Manage Integrations page where you can see the integration.

TIP:

Prevent reopening tickets in issue trackers

When the option “Do not re-open issues marked as False Positive or Accepted Risk” is enabled and the vulnerabilities previously marked as False Positive or Accepted Risk are revived during scans, the system doesn’t reopen the issues in the integrated Issue Tracker. This option is disabled by default.

IMPORTANT:

The option is only available for the following issue trackers:

How to enable the option in your issue tracker

  • Select Integrations > Manage Integrations from the left-side menu.
  • Click Edit next to your issue tracker integration.
  • Navigate to Webhook Settings.
  • Enable the Do not re-open issues marked as False Positive or Accepted Risk checkbox.

  • Click Save to confirm the change.

NOTE:

When reviewing the history of detected issues, a message will appear if the option is enabled: “The issue will not be reopened in the Issue Tracking System because it has been marked as either a False Positive or an Accepted Risk”.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports