Skip to main content
availability

Package: Invicti AppSec Core (on-demand), Invicti AppSec Enterprise (on-premise, on-demand)

Assign issue to vulnerability

You can assign issues to vulnerabilities to track remediation efforts in your issue manager. Invicti AppSec supports creating new issues, adding vulnerabilities to existing issues, or linking to issues that already exist in your issue manager.

Prerequisites

  • You need to configure an issue manager integration in your project settings.
  • You must have write permission on vulnerability issues.

Supported issue managers

Invicti AppSec supports the following issue manager integrations:

  • Jira
  • GitHub
  • GitLab Cloud
  • GitLab On-prem
  • Azure DevOps Services (Cloud)
  • Azure DevOps Server
  • ServiceNow
  • Ivanti
  • Trello
  • 4me
  • Webhook
  • Servicecore

Create a new issue for a vulnerability

  1. Navigate to the project where you want to assign an issue. You can do this in one of the following ways:

    • Core: select Inventory > Targets from the left-side menu and click the project. Then click the Vulnerabilities tab.
    • Core: select Inventory > Projects from the left-side menu and click the project. Then click the Vulnerabilities tab and select AppSec.
    • Enterprise: select Projects and Products > Projects from the left-side menu and click the project. Then click the Vulnerabilities tab and select AppSec or Infra.

  2. Click the page icon on the right side of the vulnerability row to open the vulnerability details.

  3. In the vulnerability details drawer, click Assign Issue. The issue assignment modal opens.

  4. On the Create New Issue tab, choose an assignee for the issue:

    • Assign to committer: Assigns the issue to the person who committed the vulnerable code.
    • Assign to custom assignee specified in project settings: Assigns the issue to the custom assignee configured in your project's issue assignment settings.
    • Assign to issue responsible of the team: Assigns the issue to the person responsible for issues in the associated team.
    • Assign to Invicti user: Assigns the issue to a specific Invicti AppSec user you choose from a dropdown.

  5. Fill in the following fields:

    • Issue title: the title for the issue in the issue manager. If you leave this blank, Invicti AppSec generates a default title.
    • Description: a description for the issue.

  6. Depending on the issue manager, additional fields may appear:

    • Jira: Instance, Project Key, Issue Type, Priority, and any custom fields configured in your Jira integration.
    • ServiceNow: Issue Categories, Issue Subcategories.
    • Ivanti: Owner Team, Owner.

  7. Click Assign.

Instead of creating a new issue, you can link a vulnerability to an issue that already exists in your issue manager.

  1. Navigate to the project where you want to assign an issue. You can do this in one of the following ways:
    • Core: select Inventory > Targets from the left-side menu and click the project. Then click the Vulnerabilities tab.
    • Core: select Inventory > Projects from the left-side menu and click the project. Then click the Vulnerabilities tab and select AppSec.
    • Enterprise: select Projects and Products > Projects from the left-side menu and click the project. Then click the Vulnerabilities tab and select AppSec or Infra.
  2. Click the page icon on the right side of the vulnerability row to open the vulnerability details.
  3. In the vulnerability details drawer, click Assign Issue. The issue assignment modal opens.
  4. Click the Link to an existing issue tab.
  5. Search for the issue by its ID.
  6. Click Link.

Use the correlation assistant

When assigning an issue to a single vulnerability, you can use the Correlation Assistant to group similar vulnerabilities into a single ticket.

  1. In the issue assignment modal, enable the Correlation Assistant toggle.
  2. The modal displays a list of correlated vulnerabilities with their scanner, first seen date, status, and severity.
  3. Check the vulnerabilities you want to group into the same issue.
  4. Complete the issue fields and click Save.

Assign issues in bulk

You can assign issues to multiple vulnerabilities at once.

  1. In the vulnerability list, check the boxes for the vulnerabilities you want to assign.
  2. Click the Actions dropdown and choose Assign Issue.
  3. Choose one of the following strategies:
    • Assign separate issues for selected vulns: Creates an individual issue for each selected vulnerability.
    • Assign one issue for selected vulns: Creates a single issue for all selected vulnerabilities.
caution

You can't use sync and automation features when assigning one issue for multiple vulnerabilities.

  1. Complete the issue fields and click Assign.

To remove the link between a vulnerability and an issue, open the vulnerability details and click Unlink next to the linked issue.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?