Integrating Invicti Enterprise with TFS
TFS (Team Foundation Server) is a Microsoft product that covers the entire application lifecycle, including issue tracking, reporting, project management, and testing capabilities. TFS 2012 and later versions are supported.
This topic explains how to configure Invicti Enterprise to send a detected vulnerability to TFS.
For further information, see What Systems Does Invicti Integrate With?.
TFS Fields
This table lists and explains the TFS Fields in the New TFS Integration window.
| Field/Section | Description |
|---|---|
| Name | This is the name of the configuration that will be shown elsewhere. |
| Mandatory | This section contains fields that must be completed. |
| Project URI | This is the TFS project web address. |
| Username | This is the name of the user. |
| Password | This is the password of the user. Note: Since March 2, 2020, Azure DevOps supports only Access Token. |
| Title Format | This is the string format that is used to create the vulnerability title. |
| Optional | This section contains optional fields. |
| Domain | This is domain of the user |
| Work Item Type Name | Name of the work item type (bug, task). |
| Assigned To | This is the user to whom the issue is assigned. |
| Tags | These are the work item tags, separated by a semicolon (;). |
| Custom Fields | This section contains user-defined custom fields. |
| New Custom Field | Select to create a new custom field. |
| Name | Enter a name for the new custom field. |
| Value | Enter a value for the new custom field. |
| Dropdown | Select the drop-down to change the input type. The options are: Text, Password, Textarea, File upload, Complex |
| Create Sample Issue | Once all relevant fields have been configured, click to create a sample issue. |
| Save | Once all relevant fields have been configured, click to save the integration settings |
How to Integrate Invicti Enterprise with TFS
-
Log in to Invicti Enterprise.
-
From the main menu, select Integrations > New Integration.
-
From the Issue Tracking Systems section, select TFS.
-
In the Name field, enter a name for the integration.
-
In the Mandatory section, complete the connection details:
- Project URI
- Username
- Password
- Title Format
-
In the Optional section, you can specify:
- Domain
- Work Item Type Name
- Assigned To
- Tags
-
In the Custom Fields section, select New Custom Field. New Name and Value fields are displayed.
-
In the Name field, enter a name for the custom field.
-
Next to the Value field, select the drop-down, select a field type, then complete the field.
-
Select Create Sample Issue to confirm that Invicti Enterprise can connect to the configured system. A confirmation message is displayed to confirm that the sample issue has been successfully created.
-
In the confirmation message, select the Issue number link to open the issue in your default browser.
If the TFS integration is not configured correctly, Invicti Enterprise will correctly route the following descriptive error messages to you.
- Click Save to save the integration.
How to Export Reported Vulnerabilities to Projects in TFS
There are several ways to send issues to TFS with Invicti Enterprise:
Once notifications have been configured, you can configure Invicti Enterprise to automatically send vulnerabilities after scanning has been completed (see How to Configure a Notification to Report Vulnerabilities to an Issue Tracking System).
You can send one or more issues from the Issues window:
- You must have Manage Issue permission.
- From the main menu, select Issues, then All Issues.
- From the Issues page, select one or more issues you want to send.
- Select Send To > TFS.
A pop-up is displayed, with a link to the issue you have sent to TFS. If there is an error, this information will be displayed instead.
You can send an issue from the Recent Scans window:
- From the main menu, select Scans > Recent Scans.
- Next to the relevant scan, select Report.
- Scroll down to the Technical Report section.
- From the list of detected vulnerabilities, click to select an issue and display its details.
- Select Send To > TFS.
If you have previously submitted this vulnerability to TFS, it will already be accessible. You cannot submit the same issue twice.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center