Integrating Invicti Standard with TFS
TFS (Team Foundation Server) is a Microsoft product that covers the entire application development lifecycle, including issue tracking, reporting, project management, and testing capabilities. TFS 2012 and later versions are supported.
This document explains how to configure Invicti Standard to send a detected vulnerability to TFS for comprehensive application development lifecycle management.
For further information, see Configuring the User Interface for Custom Send To Actions in Invicti Standard and Configuring Auto Send To Actions in Invicti Standard and What Systems Does Invicti Integrate With? external documentation.
TFS Fields
This table lists and explains the TFS fields in the Send to Actions tab.
| Button/Section/Field | Description |
|---|---|
| Add | Click to add an integration. |
| Delete | Click to delete the integration and clear all fields. |
| Create Sample Issue | Once all relevant fields have been configured, click to create a sample issue. |
| Action | This section contains general fields about the Send To action. |
| Display Name | This is the name of the configuration that will be shown in menus. |
| Mandatory | This section contains fields that must be completed. |
| Project URL | This is the TFS project web address. |
| Username | This is the name of the user. If you are using a personal access token (see below), leave this field blank. |
| Password or Token | This is the password of the user or the personal access token. (Since March 2, 2020, Azure DevOps supports only Access Token.) |
| Vulnerability | This section contains fields with vulnerability details. |
| Body Template | This is the template file that is used to create description fields. |
| Title Format | This is the string format that is used to create the vulnerability title. |
| Optional | This section contains optional fields. |
| Domain | This is the domain of the user. |
| Work Item Type | This is the type of the work item. |
| Assigned To | This is the user to whom the issue is assigned. |
| Tags | These are the work item tags, separated by a semicolon (;). |
| Custom Fields | Click the ellipsis to open the Custom Fields Editor dialog. |
How to Integrate Invicti Standard with TFS
Follow these steps to configure the TFS integration in Invicti Standard:
- Open Invicti Standard.
- From the Home tab on the ribbon, click Options. The Options dialog is displayed.
- Click Send To Actions.
- From the Add dropdown, select TFS. The TFS fields are displayed.
- In the Mandatory section, complete the connection details:
- Project URL
- Username
- Password or Token
If you use a personal access token, leave the Username field empty. If you have alternate credentials, fill in the Username and Password fields. To learn how to create a token, read Authenticate access with personal access tokens external documentation.
- In the Vulnerability section, you can change the Body Template and Title Format.
Body templates are stored in %userprofile%\Documents\Invicti\Resources\Send To Templates. If you use your own custom templates, store them in this location.
- In the Optional settings you can specify:
- Domain
- Work Item Type
- Assigned To
- Tags
- Custom Fields
To learn about the Work Item Type field, read Add and manage work type items external documentation. To learn about Custom fields, read Add and manage fields for an inherited process external documentation.
- To set custom field values, in the Custom Fields field, click the ellipsis button.
- In the Edit Custom Field Value field, enter the relevant value.
- Click OK.
- Click Create Sample Issue to confirm that Invicti Standard can connect to the configured system. The Send To Action Test confirmation dialog is displayed.
- In the Send To Action Test dialog, click the Issue number link to open the issue in TFS in the default browser.
How to Export Reported Vulnerabilities to Projects in TFS
Please ensure that you have first configured TFS integration (see How to Integrate Invicti Standard with TFS).
- Open Invicti Standard.
- From the ribbon, select the File tab. Local Scans are displayed. Double-click the relevant scan to display its results.
- In the Issues panel, right click the vulnerability you want to export to TFS and select Send to TFS. (Alternatively, from the ribbon, click the Vulnerability tab, then Send to TFS.) A confirmation message and link is displayed at the bottom of the screen.
- Click the TFS Send to Action is executed for the selected vulnerability link to see the newly-created issue in TFS.
- The vulnerability is automatically exported to TFS. You can view it in TFS's Work tab.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center