Invicti Enterprise Extension
Invicti Enterprise is an automated, yet fully configurable, web application security scanner. It enables you to scan websites, web applications, and web services identify security flaws.
Invicti can scan all types of web applications, regardless of the platform or the language with which they are built.
This extension provides the following components:
The following steps can be used in installing the shared extension within an organization.
The Invicti Enterprise extension and task will now be available to add in build and release pipelines.
The following steps can be used in configuring the extension within a project's build or release pipeline. If a Service Connection has already been configured for Invicti Enterprise, you can skip the
Before configuring the build or release pipeline, first, generate a Invicti Enterprise API key. This API key is used to authorize the Azure DevOps Extension to interact with the Invicti Enterprise API. For further information, see API Settings.
Once an API key has been generated, a Service Connection in Azure DevOps, that is used for connecting to the Invicti Enterprise API, can be configured as the following:
Please ensure Invicti appears in the list of service connections for that project.
Once you created a service connection, you can add the Invicti Enterprise extension into the build and release pipelines. The steps below are generalized for adding to either a build or release pipeline:
There are many report options that you can view once the scan is completed. However, this requires the scan to be completed successfully.
When the scan is completed, you can view the selected report in a new tab as "Invicti Enterprise Scan Report" in the Pipelines section.
Release Notes :