Cloud Services

DevOps Intelligence

Bring Your Own Static Scan
Published On Aug 27, 2024 - 1:12 PM

Bring Your Own Static Scan

Learn how to integrate Staticscan tools to Kyndryl Modern Operations – DevOps Intelligence
Devops Intelligence Secure dashboard represents vulnerability details for static scan, license compliance, dependency check & container vulnerability scan.
With
Bring Your Own Static Scan
APIs, vulnerability scan information is transmitted to DevOps Intelligence. Every time a piece of code violates a coding guideline, tools like Sonarquebe highlight a problem. Each issue has one of five severity levels:
Blocker
,
Critical
,
High
,
Major
,
Minor
, and
Info
. DevOps Intelligence allows users to provide a list of vulnerabilities, generate metrics based on these vulnerabilities, and display severity ratings based on the parameters listed below.
A
= 0 Vulnerabilities
B
= at least 1 Minor Vulnerability
C
= at least 1 Major Vulnerability
D
= at least 1 Critical Vulnerability
E
= at least 1 Blocker Vulnerability
Secure functionality is applicable only for premium plan in DevOps Intelligence.

Bring Data into DevOps Intelligence

To bring your own Build tools complete the following steps:
  1. Go to the DevOps Intelligence Tools Configuration page and navigate to the Tokens tab.
  2. Click on Create Token and give a unique Token name.
  3. Select Token Type as Build, then click on the Create button.
  4. A new entry will be added to the table in the table entry.
  5. Click on the vertical ellipsis icon on the respective row and select the view/regenerate token option.
  6. Copy that token by clicking copy icon in the token field.
To Post Data to the APIs mentioned below, Add the service Token (see: Create Service Token) to the
Authorization
header of the request. See cURL Example for reference

Format

Step 1: TOKEN {the-service-token-from-step1}
Example :
TOKEN 74h5cR8sETSJRvOFkdbsISY3lsgfNGu_V5aNur4Pxu1Jh8kP0NQBJhuWQsRmGzTX
Step 2:  API Reference
API : technical-services/static-scan
URL : https://{devops-intelligence-host}/dash/api/build/v3/technical-services/staticscan
Parameters
Parameter
Type
Explanation
Example Value
Authorization*
Header
Authorization has a service token
74h5cR8sETSJRvOFkdbsISY3lsgfNGu_V5aNur4Pxu1Jh8kP0NQBJhuWQsRmGzTX
vulscan *
BODY
Scan Data in Json
{ "endpoint_hostname": "string", "provider_href": "string", "scannedby": "string", "scanned_time": "string", "technical_service": "string", "technical_service_tag": { "additionalProp1": "string", "additionalProp2": "string", "additionalProp3": "string" }, "technicalserviceoverride": true, "vulnerabilities": [ { "actions": [ "string" ], "attr": { "jira-issue-key": "string" }, "author": "string", "closeDate": "string", "comments": [ { "createdAt": "string", "htmlText": "string", "key": "string", "login": "string", "markdown": "string", "updatable": true } ], "component": "string", "creationDate": "string", "debt": "string", "effort": "string", "hash": "string", "key": "string", "line": 0, "message": "string", "project": "string", "resolution": "string", "rule": "string", "severity": "string", "status": "string", "tags": [ "string" ], "textRange": { "endLine": 0, "endOffset": 0, "startLine": 0, "startOffset": 0 }, "transitions": [ "string" ], "type": "string", "updateDate": "string" } ], "vulnerability_density": 0 }

URL Example :

Request
curl -X 'POST' \ 'dash/api/dev_secops/v3/technical-services/static-scan' \ -H 'accept: application/json' \ -H 'Authorization: Token aJzv1zn_G-XmerycnRhX1uzUGyPZZWvbK-bcRdAZoRs6XzIUnThfLnolc0sTrzoL' \ -H 'Content-Type: application/json' \ -d '{ "endpoint_hostname": "123", "provider_href": "http://mytest.com", "scannedby": "BYO", "scanned_time": "2022-12-05T07:20:50.52Z", "technical_service": "myservice", "technical_service_tag": { "additionalProp1": "string", "additionalProp2": "string", "additionalProp3": "string" }, "technicalserviceoverride": true, "vulnerabilities": [ { "actions": [ "string" ], "attr": { "jira-issue-key": "string" }, "author": "string", "closeDate": "string", "comments": [ { "createdAt": "string", "htmlText": "string", "key": "string", "login": "string", "markdown": "string", "updatable": true } ], "component": "string", "creationDate": "string", "debt": "string", "effort": "string", "hash": "string", "key": "newkey", "line": 0, "message": "string", "project": "string", "resolution": "string", "rule": "string", "severity": "Critical", "status": "OPEN", "tags": [ "string" ], "textRange": { "endLine": 0, "endOffset": 0, "startLine": 0, "startOffset": 0 }, "transitions": [ "string" ], "type": "string", "updateDate": "string" } ], "vulnerability_density": 0 }'
Response 200
"Total Number of records inserted successfully is 1"

Secure-Static-Scan-vulnerability Request Body Explained

Field
Data Type
Explanation
Example Value
endpoint_hostname
string
Name of the endpoints
"myOrg/myRepo"
provider_href *
string
Provider URL on which vulnerability is scanned
"http://mytest.com
scannedby *
string
Tool which is used to scan the Vunerabilities of the repositories
"BYO",
scanned_time *
string
Time of the scan in UTC
"2022-12-05T07:20:50.52Z" technical_service *
technicalserviceoverride
boolean
Override flag for the service
true
Vulnerabilities
Details of the fields
Key *
string
Value of the Key
"new_key"
Severity*
string
Severity of Vulnerability
critical, high, low, medium
Component
string
Name of the Component
"/var/lib/comp"
Project
string
Name of the Project
"DI-SecOps"
Rule
string
Rule Name
unused variable
Line
int32
Line number
124
Hash
string
Hash value
d94d76ad5f5cecd413e
Resolution
string
Reason of remediation
resolved
Status *
string
Status of the Vulnerability
OPEN, CONFIRMED, REOPEND
Message
string
Details of the Vulnerability
"This is created for BYO"
Effort
string
Time taken to resolve
30 min
Debt
string
Author
string
Name of the Author
Alice
Tags
[]string
Tages for the vulnerability
unused
CreationDate
string
Date of creation
"2022-12-05T07:20:50.52Z"
UpdateDate
string
Date of update
"2022-12-05T07:20:50.52Z"
CloseDate
string
Date of close
"2022-12-05T07:20:50.52Z"
Type
string
Type of Vulnerability
internal
TextRange
string
Range of texts
Comments
string
Comments on the vulnerability
"Created for the internal services"
Attr
[]string
Attributes
Transitions
string
transitions
Actions
string
Actions taken
Do you have two minutes for a quick survey?
Take Survey