[go: up one dir, main page]
Request a Demo

Invicti Integration

The integration allows users to create a seamless workflow within Opsera Pipelines, ensuring that security checks are an integral part of the build process.

Users can conduct scans based on their specific configurations set in Scan Profiles. This flexibility allows teams to tailor their security assessments according to their unique requirements and compliance standards. By executing scans through Opsera Pipeline, users also save valuable time by streamlining the process of vulnerability detection.

The supported scan types are:

  • Incremental: An incremental scan in Invicti is designed to identify new vulnerabilities that may have appeared since the last full scan. It focuses on changes made to the application, such as newly added pages or features, rather than re-evaluating the entire application.

  • Full (with primary profile): An incremental scan in Invicti is designed to identify new vulnerabilities that may have appeared since the last full scan. It focuses on changes made to the application, such as newly added pages or features, rather than re-evaluating the entire application.

  • Full (with selected profile): A full scan with a selected profile allows users to choose from predefined profiles or create custom profiles tailored to specific needs. This enables targeted scanning based on particular requirements or compliance standards while still covering all areas of the application.

Create Invicti Tool

Register the Invicti tool in Opsera, to use the tool in your Pipeline configuration. For more info, see Invicti Tool Registration.

Configure Pipeline using Invicti

To configure the pipeline step:

  1. Login to Opsera and navigate to Pipelines.

  2. Create a new pipeline or open an existing pipeline.

  3. In the Step Setup, enter the step name. Example: Invicti scan.

  4. Choose the Tool as Invicti.

  5. Click Save.

  6. In the Step Settings, enter the following details:

  • Netsparker Tool: Select the created Invicti tool from the dropdown.

  • Scan Type: Choose the scan type. The supported types are Incremental, Full (With primary profile) and Full (With selected profile).

  • Scan Profile: Choose the scan profile name from the dropdown. The scan types available for the chosen Invicti tool will be available for selection.

  • Target URL: Enter the target URL.

  • Target URL Path: Enter the path of the target URL.

  • Enable Client Side thresholds: Enable this to set client side thresholds for vulnerabilities. Vulnerability threshold: Critical, High, Medium, Low, Information and Best Practice. Choose a numeric threshold count.

9. Click Save.

Click the Start Pipeline button to start the execution of the pipeline.

View Pipeline Logs

Once the pipeline is executed, you can view the logs regarding the scans and vulnerabilities identified.

  • To view logs, navigate to the Summary tab of the Pipeline, and scroll down to view Pipeline Logs

  • To view the report, click Report in the Action column of a step. The report includes an overview summary that lists all identified vulnerabilities along with details such as Severity, Type, State, CWE, OWSP AND CVSS. Users can download this detailed report in various formats for offline analysis and record-keeping. In addition to the overview summary, a threshold report is generated that outlines the specific vulnerabilities detected, the defined thresholds for acceptable risk levels and the current status of each vulnerability in relation to these thresholds.

  • To view the console logs, click Console Report in the Action column of the step.

PreviousSpeedscale IntegrationNextAccelQ Integration

Last updated

Was this helpful?