Support
Integrations

Integrating Invicti Standard with TFS

This document is for:
Invicti Standard

TFS (Team Foundation Server) is a Microsoft product that covers the entire application development lifecycle, including issue tracking, reporting, project management, and testing capabilities. TFS 2012 and later versions are supported.

This topic explains how to configure Invicti Standard to send a detected vulnerability to TFS.

For further information, see Configuring the User Interface for Custom Send To Actions in Invicti Standard and Configuring Auto Send To Actions in Invicti Standard and What Systems Does Invicti Integrate With?.

TFS Fields

This table lists and explains the TFS fields in the Send to Actions tab.

Button/Section/Field

Description

Add

Click to add an integration.

Delete

Click to delete the integration and clear all fields.

Create Sample Issue

Once all relevant fields have been configured, click to create a sample issue.

Action

This section contains general fields about the Send To action.

Display Name

This is the name of the configuration that will be shown in menus.

Mandatory

This section contains fields that must be completed..

Project URL

This is the TFS project web address.

Username

This is the name of the user. If you are using a personal access token (see below), leave this field blank.

Password or Token

This is the password of the user or the personal access token.

Since March 2, 2020, Azure DevOps supports only Access Token.

Vulnerability

This section contains fields with vulnerability details.

Body Template

This is the template file that is used to create description fields.

Title Format

This is the string format that is used to create the vulnerability title.

Optional

This section contains optional fields.

Domain

This is the domain of the user.

Work Item Type

This is the type of the work item.

Assigned To

This is the user to whom the issue is assigned.

Tags

These are the work item tags, separated by a semicolon (;).

Custom Fields

Click the ellipsis to open the Custom Fields Editor dialog.

How to Integrate Invicti Standard with TFS

  1. Open Invicti Standard.
  2. From the Home tab on the ribbon, click Options. The Options dialog is displayed.
  3. Click Send To Actions.

  1. From the Add dropdown, select TFS. The TFS fields are displayed.

  1. In the Mandatory section, complete the connection details:
    • Project URL
    • Username
    • Password or Token

If you use a personal access token, leave the Username field empty. If you have alternate credentials, fill in the Username and Password fields. To learn how to create a token, read Authenticate access with personal access tokens.

  1. In the Vulnerability section, you can change the Body Template and Title Format.

Body templates are stored in %userprofile%\Documents\Invicti\Resources\Send To Templates. If you use your own custom templates, store them in this location.

  1. In the Optional settings you can specify:
    • Domain
    • Work Item Type
    • Assigned To
    • Tags
    • Custom Fields

To learn about the Work Item Type field, read Add and manage work type items. To learn about Custom fields, read Add and manage fields for an inherited process.

  1. To set custom field values, in the Custom Fields field, click the ellipsis button.
  2. In the Edit Custom Field Value field, enter the relevant value.

  1. Click OK.
  2. Click Create Sample Issue to confirm that Invicti Standard can connect to the configured system. The Send To Action Test confirmation dialog is displayed.

  1. In the Send To Action Test dialog, click the Issue number link to open the issue in TFS in the default browser.

How to Export Reported Vulnerabilities to Projects in TFS

Please ensure that you have first configured TFS integration (see How to Integrate Invicti Standard with TFS).

  1. Open Invicti Standard.
  2. From the ribbon, select the File tab. Local Scans are displayed. Double-click the relevant scan to display its results.

  1. In the Issues panel, right click the vulnerability you want to export to TFS and select Send to TFS. (Alternatively, from the ribbon, click the Vulnerability tab, then Send to TFS.) A confirmation message and link is displayed at the bottom of the screen.

  1. Click the TFS Send to Action is executed for the selected vulnerability. link to see the newly-created issue in TFS.
  2. The vulnerability is automatically exported to TFS. You can view it in TFS's Work tab.