The Send To Action feature in Netsparker Desktop allows you to integrate the web application security scanner with your issue tracking system, or source code management system. This integration allows you to import identified vulnerabilities as issues with just a few mouse clicks. It is possible to integrate Netsparker with the following systems:
- TFS (Team Foundation Server)
This article explains how to integrate Netsparker Desktop with JIRA. You can use the same procedure to Integrate Netsparker Desktop with the other systems mentioned above. Alternatively create your own custom 'Send To Action' to integrate Netsparker web security scanner with any other system for which we do not have out of the box support.
Configuring the Netsparker Integration with JIRA
Open the Netsparker Desktop Options
- Navigate to Netsparker Desktop options by clicking Options from the Tools drop down menu.
- Click the Extensions tab in the bottom left corner of the options.
- Click the Add+ button and select the system you would like to integrate Netsparker Desktop with. For this example, we'll select JIRA.
Specify the Connection Settings
- Enter the mandatory connection details;
- URL of JIRA setup
- Username and Password
- Project Key
- the Issue Type
- In the Vulnerability section you can specify the Body Template and Title format. Body templates are stored in "%userprofile%\Documents\Netsparker\Resources\Send To Templates" hence, to use your own custom templates store them in this location.
- In the Optional settings you can specify:
- to whom should the vulnerability be assigned
- the reporter of the vulnerability
- priority of the vulnerability
- due date
Once you complete the required fields click Test to confirm that Netsparker Desktop can connect to the configured system. The below screenshot shows a connection test confirmation with JIRA.
Exporting Reported Vulnerabilities to Projects on JIRA
Now that the integration is ready, to export an identified vulnerability to JIRA just right click the reported vulnerability and select Send to JIRA. Below is a screenshot of the SQL Injection that was automatically exported to JIRA.
Integrating Netsparker with Other Systems
Take advantage of this easy to setup integration and integrate Netsparker web application security scanner with your bug tracking and code management systems to improve automation, thus allowing you to do more in a shorter time. And don't forget, if you use another system that is not listed above, or you would like to do any other sort of integration you can create a custom Send To Action.