Integrating Netsparker with Bug Tracking Systems to Easily Export Identified Vulnerabilities as Issues

The Send To Action feature in Netsparker Desktop allows you to integrate the web application security scanner with your issue tracking system, or source code management system. This integration allows you to import identified vulnerabilities as issues with just a few mouse clicks. It is possible to integrate Netsparker with the following systems:

  • Github
  • JIRA
  • TFS (Team Foundation Server)
  • FogBugz

This article explains how to integrate Netsparker Desktop with JIRA. You can use the same procedure to Integrate Netsparker Desktop with the other systems mentioned above. Alternatively create your own custom 'Send To Action' to integrate Netsparker web security scanner with any other system for which we do not have out of the box support.

Configuring the Netsparker Integration with JIRA

Open the Netsparker Desktop Options

  1. Navigate to Netsparker Desktop options by clicking Options from the Tools drop down menu.
  2. Click the Extensions tab in the bottom left corner of the options.

Select a bug tracking system from the Send to Actions settings page

  1. Click the Add+ button and select the system you would like to integrate Netsparker Desktop with. For this example, we'll select JIRA.

Specify the Connection Settings

Configure the connection details for the bug tracking system integration

  1. Enter the mandatory connection details;
    1. URL of JIRA setup
    2. Username and Password
    3. Project Key
    4. the Issue Type
  1. In the Vulnerability section you can specify the Body Template and Title format. Body templates are stored in "%userprofile%\Documents\Netsparker\Resources\Send To Templates" hence, to use your own custom templates store them in this location.
  2. In the Optional settings you can specify:
    1. to whom should the vulnerability be assigned
    2. the reporter of the vulnerability
    3. priority of the vulnerability
    4. due date

Once you complete the required fields click Test to confirm that Netsparker Desktop can connect to the configured system. The below screenshot shows a connection test confirmation with JIRA.

Once all is configured use the test to confirm connectivity

Exporting Reported Vulnerabilities to Projects on JIRA

Export the identified vulnerability as an issue on your bug tracking system with just a mouse click

Now that the integration is ready, to export an identified vulnerability to JIRA just right click the reported vulnerability and select Send to JIRA. Below is a screenshot of the SQL Injection that was automatically exported to JIRA.

An SQL injection identified with Netsparker and exported to JIRA automatically

Integrating Netsparker with Other Systems

Take advantage of this easy to setup integration and integrate Netsparker web application security scanner with your bug tracking and code management systems to improve automation, thus allowing you to do more in a shorter time. And don't forget, if you use another system that is not listed above, or you would like to do any other sort of integration you can create a custom Send To Action.


Keep up to date with web security news from Netsparker