Integrating Invicti Standard with GitLab
GitLab is a web-based application that covers the entire DevOps lifecycle from idea to production. It provides a Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features.
This topic explains how to configure Invicti Standard to send a detected vulnerability to GitLab.
For further information, see Configuring the User Interface for Custom Send To Actions in Invicti Standard and Configuring Auto Send To Actions in Invicti Standard and What Systems Does Invicti Integrate With?.
GitLab Fields
This table lists and explains the GitLab fields in the Send To Actions tab.
Button/Section/Field |
Description |
Add |
Click to add an integration. |
Delete |
Click to delete the integration and clear all fields. |
Configure Send To |
Click to configure the integration using the Settings Wizard instead of doing it manually. |
Create Sample Issue |
Once all relevant fields have been configured, click to create a sample issue. |
Action |
This section contains general fields about the Send to Action. |
Display Name |
This is the name of the configuration that will be shown on menus. |
Mandatory |
This section contains fields that must be completed. |
AccessToken |
This is the personalized access token of the user. |
Project ID |
This is the project identifier in which to create an issue. |
Vulnerability |
This section contains fields with vulnerability details. |
Body Template |
This is the template file that is used to create description fields. |
Title Format |
This is the string format that is used to create the vulnerability title. |
Optional |
This section contains optional fields. |
On-Premise Base URL |
This is the issue that can be sent to on-premises with your base URL. |
Assignee ID |
This is the assignee identifier. |
Milestone ID |
This is the issue milestone ID. |
Weight |
This is the value of the weight. |
Due Days |
This is the number of days from the date the issue was created to the date it's due. |
Labels |
These are the issue labels. |
How to Integrate Invicti Standard with GitLab
- Open Invicti Standard.
- From the Home tab on the ribbon, click Options. The Options dialog is displayed.
- Click Send To Actions.
- From the Add dropdown, select GitLab. The GitLab fields are displayed.
- The Display Name field is already populated.
- In the Mandatory section, complete the connection details:
- Access Token
- Project ID
- In the Vulnerability section you can change the Body Template and Title Format.
Body templates are stored in %userprofile%\Documents\Invicti\Resources\Send To Templates. If you use your own custom templates, store them in this location.
- In the Optional section you can specify:
- On-Premise Base URL
- Assignee ID
- Milestone ID
- Weight
- Due Days
- Labels
- Click Create Sample Issue to confirm that Invicti Standard can connect to the configured system. The Send To Action Test dialog is displayed.
- In the Send To Action Test dialog, click the Issue number link to open the GitLab issue in the default browser.
How to Integrate Invicti Standard with GitLab Using the Wizard
Instead of configuring the settings manually, the configuration wizard can help you with the settings.
- Open Invicti Standard.
- From the Home tab on the ribbon, click Options. The Options dialog is displayed.
- Click Send To Actions.
- From the Add dropdown, select GitLab. The GitLab fields are displayed.
- Click Configure Send To to launch the wizard. The Send To Configuration Dialog is displayed.
- Click Next. The Authentication step is displayed.
- Complete the URLand API Access Key fields, and click Test Credentials. ( If the Gitlab installation with which Netpsparker is integrated is not an on-premises installation, leave the On-Premise Base URL input empty.)
- When the confirmation message, Your credentials are confirmed, is displayed, click Next. The Project step is displayed.
- Select a project, and click Next. The Assignee step is displayed.
- After selecting Issue Type please click to Next. The Milestone step is displayed.
- After selecting Reporter, please click Next for next step: Labels.
- If required, complete Other Fields, and click Next. The Summary step is displayed.
- Review your settings, and click Finish. The Settings are applied automatically. You are returned to the Send To Actions fields.
- Click OK.
- Click Create Sample Issue to confirm that Invicti Standard can connect to the configured system. A Send To Action Test confirmation dialog is displayed.
- In the Send To Action Test dialog, click the Issue number link to open the issue in GitLab in the default browser.
How to Export Reported Vulnerabilities to Projects in GitLab
Please ensure that you have first configured GitLab integration (see How to Integrate Invicti Standard with GitLab).
- Open Invicti Standard.
- From the ribbon, select the File tab. Local Scans are displayed. Double-click the relevant scan to display its results.
- In the Issues panel, right click the vulnerability you want to export to GitLab and select Send to GitLab. (Alternatively, from the ribbon, click the Vulnerability tab, then Send to GitLab.) A confirmation message and link is displayed at the bottom of the screen.
- Click the GitLab Send to Action is executed for the selected vulnerability. link to view the newly-created issue in GitLab.
- The vulnerability is automatically exported to GitLab. You can view it in the GitLab Issues tab.