Back to Integrations
Shortcut logo

Connect APVISO with Shortcut

Project Management

Create Shortcut stories from APVISO pentest findings. Track vulnerability remediation within your team's existing development workflow.

Why connect APVISO with Shortcut?

Story-Based Vulnerability Tracking

Every APVISO finding becomes a Shortcut story with severity labels, detailed descriptions, and links to full finding evidence.

Workflow Integration

APVISO stories flow through your existing Shortcut workflows, appearing alongside feature work in your team's iteration planning.

Automated Retest on Completion

When a Shortcut story is moved to Done, APVISO can schedule a targeted retest to verify the vulnerability is fixed.

Setup Guide

1

Generate a Shortcut API Token

In your Shortcut settings, generate an API token. APVISO uses this to create stories and update their status in your workspace.

2

Configure in APVISO

Enter your Shortcut API token in Settings > Integrations > Shortcut. Select the default project and workflow state for new findings.

3

Set Routing Rules

Optionally configure rules to route findings to different Shortcut projects or assign labels based on vulnerability type or severity.

Features

  • Auto-create Shortcut stories from vulnerability findings
  • Map severity to Shortcut labels and story types
  • Attach evidence and reproduction steps to stories
  • Bi-directional status sync with retest triggers
  • Route findings to different projects based on type

How APVISO Integrates with Shortcut

APVISO's Shortcut integration creates development-ready stories from penetration testing findings. For engineering teams that use Shortcut for project management, this integration ensures vulnerability remediation is tracked alongside feature development in the same tool your team uses every day.

Automatic Story Creation

When APVISO's AI agents discover a vulnerability, the integration creates a Shortcut story in your configured project. The story includes a clear title, a detailed description with reproduction steps, severity labels, the affected endpoint, and a link to the full finding in APVISO. Evidence such as HTTP request/response pairs is included in the story description or attached as files.

Stories are created with the appropriate story type (typically Bug) and can be automatically assigned to specific team members or left unassigned for triage during sprint planning.

Workflow Integration

APVISO stories flow through your existing Shortcut workflow states. When a story is created, it starts in your configured initial state (e.g., Backlog or Triage). As developers work on the fix, they move the story through your normal workflow states. When the story reaches your Done state, APVISO detects the transition and can automatically schedule a retest.

This approach means security remediation is managed identically to other development work. No special processes, no separate tools — just stories in your backlog that happen to be security fixes.

Labels and Categorization

APVISO applies labels to Shortcut stories for easy filtering. Standard labels include the severity level (critical, high, medium, low), the vulnerability category (xss, sqli, auth-bypass, etc.), and an apviso tag. Your team can use these labels to filter the backlog view, create saved searches, and set up automation rules.

Iteration Planning

During sprint planning, security findings appear in the backlog alongside feature stories. Teams can prioritize Critical and High findings for the current iteration while scheduling Medium and Low findings for future iterations. The severity labels make it easy to identify and prioritize security work within the broader development context.

Deduplication and Scan History

APVISO tracks findings across scans. If the same vulnerability appears in a subsequent scan, the existing Shortcut story is updated with a comment noting the re-identification rather than creating a duplicate. This keeps your Shortcut workspace clean and provides a history of when each vulnerability was observed.

Frequently Asked Questions

Does APVISO create bugs or stories in Shortcut?

By default, APVISO creates stories with a 'Bug' story type. You can configure this to use any story type available in your Shortcut workspace.

Can findings be assigned to specific iterations?

Yes. You can configure APVISO to assign findings to the current iteration or a dedicated security iteration. Critical findings can be automatically added to the current sprint.

Related Integrations

APVISO + LinearAPVISO + JiraAPVISO + ClickUp

Related Terms

Vulnerability ManagementDevsecopsContinuous Pentesting

Connect APVISO with Shortcut today

Set up the Shortcut integration in minutes and start routing security findings to your team.

Get Started