Acunetix 360 Extension

Acunetix 360 is an automated, yet fully configurable, online web application security scanner that enables you to scan websites, web applications and web services, and identify security flaws.

Acunetix 360 can scan all types of web applications, regardless of the platform or the language with which they are built.

Key Features

This extension provides the following components:

• Launch a new scan during build or release
• Perform instant scan monitoring
• Manage build fail and stop scan options by specifying severity
• Examine scan results with 10 different report options

Getting Started

Installation

The following steps can be used in installing the shared extension within an organization.

1. From the Visual Studio Marketplace page, select Get it free.

2. Select the proper Azure DevOps organization followed by Install.

The Acunetix 360 extension and task will now be available to add in build and release pipelines.

Configuration

The following steps can be used in configuring the extension within a project's build or release pipeline. If a Service Connection has already been configured for Acunetix 360, you can skip the Service Connection step.

Service Connection

Before configuring the build or release pipeline, first, generate a Acunetix 360 API key. This API key is used to authorize the Azure DevOps Extension to interact with the Acunetix 360 API. For further information, see API Settings.

Once an API key has been generated, a Service Connection in Azure DevOps, that is used for connecting to the Acunetix 360 API, can be configured as the following:

1. Navigate to the desired project in Azure DevOps.

2. Select Project Settings, then Service Connections.

3. Select + New service connection.

4. In the search bar, enter Acunetix 360 and select Acunetix 360. Then, click Next. The New Acunetix 360 service connection window is displayed.
   • In the URL field, keep the default value or enter your preferred URL
   • In the User ID and Token, enter the required information
   • In the Service Connection name, enter a friendly name

5. Click Save.

Please ensure Acunetix 360 appears in the list of service connections for that project.

Pipeline Configuration

Once you created a service connection, you can add the Acunetix 360 extension into the build and release pipelines. The steps below are generalized for adding to either a build or release pipeline:

1. From within Azure DevOps, create or find the pipeline where the task will be added.

2. Edit the pipeline within scope.

3. Identify the agent used for running the task and select the + (plus) icon.

4. Search or scroll the list tasks until you find Acunetix 360 and select Add.

5. Complete the required and optional fields.

6. Save your pipeline to keep the changes.

Scan Reports

There are many report options that you can view once the scan is completed. However, this requires the scan to be completed successfully.

When the scan is completed, you can view the selected report in a new tab as "Acunetix 360 Scan Report" in the Pipelines section.

• Detailed Scan Report
• SANS Top 25
• OWASP Top Ten 2013
• OWASP Top Ten 2017
• WASC Threat Classification
• PCI DSS Compliance
• HIPAA Compliance
• Executive Summary
• Knowledge Base
• ISO 27001 Compliance
• Full Scan Detail

Release Notes :

v1.9.5:

• Added support for Node.js v16 and Node.js v20.

v1.9.4:

• Retry mechanism added for when Acunetix 360 Web Application experience down time.

v1.9:

• Security package updates were performed.

v1.8:

• Fixed difference between UI and extension reports.

v1.7:

• Fixed issue about generate report checkbox not working accordingly.

v1.5.1:

• Added the scan report output to the release pipeline.

v1.4:

• Fixed version display.

v1.3:

• Fixed the issue of build failing when source directory is missing.

v1.2:

• When any report is selected for the scan result, the report is created even if the build fails.

v1.1:

• Added Accepted Risk, Confirmed and False Positive as build fail options.
• Allowed skipping scan stages in build steps.