Cloud Services

DevOps Intelligence

Expand menu Collapse menu

Bring Your Own Image Scan

Published On Nov 05, 2024 - 1:34 PM

Bring Your Own Image Scan

Learn how to integrate secure image scan tools with DevOps Intelligence

The Devops Intelligence Secure dashboard presents vulnerability details for static scan, license compliance, dependency check and container vulnerability scan in accordance with the following list:

Staticscan shows vulnerabilities from SonarQube

License scan shows license compliance details: License Compliance information is sent to DevOps Intelligence using Bring Your Own License Compliance APIs.

Dependency check shows vulnerabilities from Dependency Track

Container vulnerabilities scan shows image vulnerabilities: Container Vulnerability scan information is sent to DevOps Intelligence using Bring Your Own Image Scan APIs

Secure functionality is applicable only for premium plan in DevOps Intelligence.

Bring Data into DevOps Intelligence

To bring your own Deploy tools complete the following steps:

Go to the DevOps Intelligence Tools Configuration page and navigate to the Tokens tab.

Click on Create Token and give a unique Token name.

Select Token Type as Secure, then click on the Create button.

A new entry will be added to the table. In the table entry.

Click on the vertical ellipsis icon on the respective row and select the view/regenerate token option.

Copy that token by clicking copy icon in the token field.

To Post Data to the APIs mentioned below, Add the service Token (see: Create Service Token) to the Authorization
header of the request. See cURL Example for reference

Format

Step 1: TOKEN {the-service-token-from-step1}

Example :

TOKEN 74h5cR8sETSJRvOFkdbsISY3lsgfNGu_V5aNur4Pxu1Jh8kP0NQBJhuWQsRmGzTX

Step 2: API Reference

API : /technical-services/{technicalServiceID}/image-scan?scannedBy=anchore&scannedTime=2021-06-28T12%3A07%3A29.104834%2B05%3A37

URL : https://{devops-intelligence-host}/dash/api/build/v3/technical-services/{technicalServiceID}/image-scan?scannedBy=anchore&scannedTime=2021-06-28T12%3A07%3A29.104834%2B05%3A37

Parameters

Parameter	Type	Explanation	Example Value
serviceName*	PATH	serviceName is a repository in DevOps intelligence on which Container Vulnerability scan runs(repo name)	dev_secops
Authorization*	Header	Authorization has service token	74h5cR8sETSJRvOFkdbsISY3lsgfNGu_V5aNur4Pxu1Jh8kP0NQBJhuWQsRmGzTX
scannedBy*	Query Parameter	Tool which is used to scan the Container Vulnerability of the repositories	anchore
scannedTime*	Query Parameter	The time at which Container Vulnerability are scanned and time(2006-01-02T15:04:05.999999999Z07:00) should be URL encoded	2021-06-28T12%3A07%3A29.104834%2B05%3A37
scan *	BODY	Build Data in Json	{ "provider_href": "string", "vulnerable_image_scan": [ { "cvss_score": 0, "description": "string", "image_digest": "string", "package_name": "string", "package_path": "string", "package_version": "string", "severity": "string", "url_datasource": "string", "vulnerability_id": "string" } ] }

cURL Example :

Request


curl --location --request POST 'https://{devops-intelligence-host}/dash/api/build/v1/services/{serviceName}/image-scan?scannedBy=anchore&scannedTime=2021-06-28T12%3A07%3A29.104834%2B05%3A37' \
--header 'Authorization: TOKEN 74h5cR8sETSJRvOFkdbsISY3lsgfNGu_V5aNur4Pxu1Jh8kP0NQBJhuWQsRmGzTX' \
--header 'Content-Type: application/json' \
--data-raw '{
   "provider_href": "https://github.kyndryl.net/"
   "vulnerable_image_scan": [
   {
     "cvss_score": 0,
     "description": "description of vulnerability",
     "image_digest": "unique id for image digest",
     "package_name": "crypto",
     "package_path": "https://github.kyndryl.net/multicloud/crypto",
     "package_version": "0.1",
     "severity": "high",
     "url_datasource": "http://host/datastoreurl",
     "vulnerability_id": "xxxxxsfsdxxx"
   }
 ]
 }'

Response 200

"Total Number of records inserted successfully is 1"

Secure-Container-Vulnerability-Scan Request Body Explained

Field	Data Type	Explanation	Example Value
provider_href	string	Provider URL on which container vulnerability is scanned	https://github.kyndryl.net/
cvss_score	int	cvss score	1
description	string	description	description for vulnerability
image_digest	string	image digest	github.com/Luzifer/go-openssl
package_name	string	package name	luzifer
package_path	string	location of package installed in system	/Users/anilsahu/go/pkg/mod/github.com/!luzifer/go-openssl/[email protected]
package_version	string	package version	0.1.2
severity	string	lseverity of vulnerability	critical, high, low, medium
url_datasource	string	datastore url	github.com/Luzifer/go-openssl
vulnerability_id	string	Vul ID	xxxxxsfsdxxx

Bring Your Own Tools

Do you have two minutes for a quick survey?

Take Survey