Bring your own image scan
learn how to integrate secure image scan tools with the secure dashboard presents vulnerability details for static scan, license compliance, dependency check and container vulnerability scan in accordance with the following list staticscan shows vulnerabilities from sonarqube license scan shows license compliance details license compliance information is sent to using bring your own license compliance apis dependency check shows vulnerabilities from dependency track container vulnerabilities scan shows image vulnerabilities container vulnerability scan information is sent to using bring your own image scan apis secure functionality is applicable only for premium plan in bringing data into to bring your own deploy tools complete the following steps go to the tools configuration page and navigate to the tokens tab click on create token and give a unique token name select token type as secure, then click on the create button a new entry will be added to the table in the table entry click on the vertical ellipsis icon on the respective row and select the view/regenerate token option copy that token by clicking copy icon in the token field note to post data to the apis mentioned below, add the service token (see create service token docid\ j2wcdgqowtc5mnoocztya ) to the authorization header of the request see curl example for reference format step 1 token {the service token from step1} example token 74h5cr8setsjrvofkdbsisy3lsgfngu v5anur4pxu1jh8kp0nqbjhuwqsrmgztx step 2 api reference api /technical services/{technicalserviceid}/image scan?scannedby=anchore\&scannedtime=2021 06 28t12%3a07%3a29 104834%2b05%3a37 url https //{devops intelligence host}/dash/api/build/v3/technical services/{technicalserviceid}/image scan?scannedby=anchore\&scannedtime=2021 06 28t12%3a07%3a29 104834%2b05%3a37 parameters parameter type explanation example value servicename path servicename is a repository in on which container vulnerability scan runs(repo name) dev secops authorization header authorization has service token 74h5cr8setsjrvofkdbsisy3lsgfngu v5anur4pxu1jh8kp0nqbjhuwqsrmgztx scannedby query parameter tool which is used to scan the container vulnerability of the repositories anchore scannedtime query parameter the time at which container vulnerability are scanned and time(2006 01 02t15 04 05 999999999z07 00) should be url encoded 2021 06 28t12%3a07%3a29 104834%2b05%3a37 scan body build data in json { "provider href" "string", "vulnerable image scan" \[ { "cvss score" 0, "description" "string", "image digest" "string", "package name" "string", "package path" "string", "package version" "string", "severity" "string", "url datasource" "string", "vulnerability id" "string" } ] } curl example request curl location request post 'https //{devops intelligence host}/dash/api/build/v1/services/{servicename}/image scan?scannedby=anchore\&scannedtime=2021 06 28t12%3a07%3a29 104834%2b05%3a37' \\ \ header 'authorization token 74h5cr8setsjrvofkdbsisy3lsgfngu v5anur4pxu1jh8kp0nqbjhuwqsrmgztx' \\ \ header 'content type application/json' \\ \ data raw '{ "provider href" "https //github kyndryl net/" "vulnerable image scan" \[ { "cvss score" 0, "description" "description of vulnerability", "image digest" "unique id for image digest", "package name" "crypto", "package path" "https //github kyndryl net/multicloud/crypto", "package version" "0 1", "severity" "high", "url datasource" "http //host/datastoreurl", "vulnerability id" "xxxxxsfsdxxx" } ] }' response 200 "total number of records inserted successfully is 1" secure container vulnerability scan request body explained field data type explanation example value provider href string provider url on which container vulnerability is scanned https //github kyndryl net/ cvss score int cvss score 1 description string description description for vulnerability image digest string image digest github com/luzifer/go openssl package name string package name luzifer package path string location of package installed in system /users/anilsahu/go/pkg/mod/github com/!luzifer/go openssl/v3\@v3 1 0 package version string package version 0 1 2 severity string lseverity of vulnerability critical, high, low, medium url datasource string datastore url github com/luzifer/go openssl vulnerability id string vul id xxxxxsfsdxxx