Integrating Invicti Standard with GitLab

This document is for:

Invicti Standard

GitLab is a web-based application that covers the entire DevOps lifecycle from idea to production. It provides a Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features.

This topic explains how to configure Invicti Standard to send a detected vulnerability to GitLab, enabling seamless integration with your DevOps workflow for efficient vulnerability issue tracking and remediation management throughout the development lifecycle.

Related Information

For further information, see Configuring the User Interface for Custom Send To Actions in Invicti Standard and Configuring Auto Send To Actions in Invicti Standard and What Systems Does Invicti Integrate With?.

GitLab Fields

The following table lists and explains the GitLab fields available in the Send To Actions configuration:

Button/Section/Field	Description
Add	Click to add an integration.
Delete	Click to delete the integration and clear all fields.
Configure Send To	Click to configure the integration using the Settings Wizard instead of doing it manually.
Create Sample Issue	Once all relevant fields have been configured, click to create a sample issue.
Action	This section contains general fields about the Send to Action.
Display Name	This is the name of the configuration that will be shown on menus.
Mandatory	This section contains fields that must be completed.
Access Token	This is the personalized access token of the user.
Project ID	This is the project identifier in which to create an issue.
Vulnerability	This section contains fields with vulnerability details.
Body Template	This is the template file that is used to create description fields.
Title Format	This is the string format that is used to create the vulnerability title.
Optional	This section contains optional fields.
On-Premise Base URL	This is the issue that can be sent to on-premises with your base URL.
Assignee ID	This is the assignee identifier.
Milestone ID	This is the issue milestone ID.
Weight	This is the value of the weight.
Due Days	This is the number of days from the date the issue was created to the date it's due.
Labels	These are the issue labels.

How to Integrate Invicti Standard with GitLab

Follow these steps to configure GitLab integration for automated vulnerability issue creation:

1. Open Invicti Standard
2. From the Home tab on the ribbon, click Options. The Options dialog is displayed
3. Click Send To Actions

4. From the Add dropdown, select GitLab. The GitLab fields are displayed

5. The Display Name field is already populated

6. In the Mandatory section, complete the connection details:

   • Access Token
   • Project ID

7. In the Vulnerability section you can change the Body Template and Title Format

Template Location

Body templates are stored in %userprofile%\Documents\Invicti\Resources\Send To Templates. If you use your own custom templates, store them in this location.

8. In the Optional section you can specify:

   • On-Premise Base URL
   • Assignee ID
   • Milestone ID
   • Weight
   • Due Days
   • Labels

9. Click Create Sample Issue to confirm that Invicti Standard can connect to the configured system. The Send To Action Test dialog is displayed

10. In the Send To Action Test dialog, click the Issue number link to open the GitLab issue in the default browser

How to Integrate Invicti Standard with GitLab Using the Wizard

Instead of configuring the settings manually, the configuration wizard can help you with the settings:

1. Open Invicti Standard
2. From the Home tab on the ribbon, click Options. The Options dialog is displayed
3. Click Send To Actions
4. From the Add dropdown, select GitLab. The GitLab fields are displayed
5. Click Configure Send To to launch the wizard. The Send To Configuration Dialog is displayed

6. Click Next. The Authentication step is displayed

7. Complete the URL and API Access Key fields, and click Test Credentials. (If the Gitlab installation with which Invicti is integrated is not an on-premises installation, leave the On-Premise Base URL input empty.)

8. When the confirmation message, Your credentials are confirmed, is displayed, click Next. The Project step is displayed.

9. Select a project, and click Next. The Assignee step is displayed

10. After selecting Issue Type please click to Next. The Milestone step is displayed.

11. After selecting Reporter, please click Next for next step: Labels

12. If required, complete Other Fields, and click Next. The Summary step is displayed
13. Review your settings, and click Finish. The Settings are applied automatically. You are returned to the Send To Actions fields

14. Click OK
15. Click Create Sample Issue to confirm that Invicti Standard can connect to the configured system. A Send To Action Test confirmation dialog is displayed
16. In the Send To Action Test dialog, click the Issue number link to open the issue in GitLab in the default browser

How to Export Reported Vulnerabilities to Projects in GitLab

After configuring the GitLab integration, follow these steps to export specific vulnerabilities:

Prerequisites

Please ensure that you have first configured GitLab integration (see How to Integrate Invicti Standard with GitLab).

1. Open Invicti Standard
2. From the ribbon, select the File tab. Local Scans are displayed. Double-click the relevant scan to display its results
3. In the Issues panel, right click the vulnerability you want to export to GitLab and select Send to GitLab. (Alternatively, from the ribbon, click the Vulnerability tab, then Send to GitLab.) A confirmation message and link is displayed at the bottom of the screen

4. Click the GitLab Send to Action is executed for the selected vulnerability link to view the newly-created issue in GitLab
5. The vulnerability is automatically exported to GitLab. You can view it in the GitLab Issues tab

---

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center