Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Application Security Platform
Issue trackers

GitLab Issues

This document is for:
Invicti Platform

Integrating Invicti Platform with GitLab Issues streamlines your vulnerability management by automatically creating and tracking security issues within your GitLab projects. This integration enables seamless collaboration between development and security teams, ensuring vulnerabilities are identified, assigned, and resolved efficiently.

This document walks you through the steps required to connect Invicti with GitLab, configure issue tracking, and automate vulnerability reporting.

Prerequisites

Before integrating Invicti with GitLab, ensure you have completed the following prerequisites:

  • Active GitLab Account: You must have an active GitLab account.
  • Project Setup: Create a project that houses the source code for your target web application.
  • Personal Access Token: Generate a Personal Access Token to securely establish communication between Invicti and your GitLab repository.
  • API Access Verification: Confirm that your GitLab system allows incoming API requests from online.acunetix.com or app.invicti.com (for EU-based customers: app-eu.invicti.com).

Integrating Invicti Platform with GitLab is a four-step process:

  1. Create an Access Token
  2. Create GitLab labels
  3. Configure Invicti
  4. Configure a Target to report issues to your issue tracker
  5. Submit vulnerabilities to GitLab

Step 1: Create an access token

  • From your GitLab profile dropdown, click Preferences.

  • Navigate to the Access tokens option within the User settings menu.

  • Click Add new token.

  • On the Personal Access Tokens page:
  • In the Name field, enter Invicti Integration for identification purposes.
  • Set the Expiration date according to your requirements.
  • In the Scopes section, select api.
  • Scroll to the bottom of the page and click Create personal access token.

  • Ensure you keep a copy of the token as it cannot be retrieved after leaving the page. Losing the token will necessitate creating a new one and repeating the process.

Step 2:  Create GitLab labels

  • Open the GitLab project where the discovered issues are going to be sent.
  • Select Manage > Labels from the left-side menu.

  • Use the New label button to create new labels. These will be used during Invicti configuration.

  • Refer to the screenshot below for an example of GitLab labels.

Step 3: Configure Invicti

  • In Invicti, select Integrations from the left-side menu.
  • Switch to the All integrations tab.


  • Scroll down to the Issues trackers and select Configure in the GitLab issues tile.

  • In the Configure and authorize section
  • Enter a name for your integration. For this example, we have used GitLab and Invicti integration.
  • Fill in the GitLab base URL.

  • In the Authentication type, enter your Account Email and the Personal Access Token you generated in Step 1.
  • Click Validate account, which loads your projects and issue types.
  • In the Project mappings section, provide the following details:
  • Project: The GitLab project where the discovered vulnerabilities will be sent.
  • Issue type: The issue type to be assigned to all reported vulnerabilities.
  • Issue title formatting: Choose the format for the issue title.
  • Included details: Use the drop-down menu to select the information to include in the issue details.
  • Optionally, select Yes to include a link to the report and attach a PDF report.

  • Click Next.
  • In the Issue mappings section, assign Field values and Field mappings.
  • Field values: Here, you decide whether the issue is to be marked as confidential, who the assignee will be, and what the due date should be. The due date is calculated from the date the vulnerability is reported. You can also assign any GitLab labels.
  • Field mappings: Map Invicti Vulnerability Severities to GitLab Issues Labels.

  • Click Create sample issue to test the configuration. A green Success message appears at the top of the page.

  • The vulnerability is now created in the specified GitLab project.

Vulnerability is created in GitLab.

  • In Invicti, click Save and finish to complete the GitLab integration.

Click Save and finish.

Step 4: Submit vulnerabilities to Gitlab

After identifying vulnerabilities, you can forward them to the designated issue tracker. There are two ways to do this:

  • Manually, through the Vulnerabilities page
  • Automatically, using Automations

The process is consistent across all supported issue trackers. For detailed instructions, refer to the linked documents above.

Top Articles

What is Invicti?

Overview of Scan Policies

Scheduling Scans

Managing Integrations

Built-In Reports

Share This Article