Cloud Services

DevOps Intelligence

Bring your own image scan
Published On Dec 12, 2024 - 1:59 PM

Bring your own image scan

Learn how to integrate secure image scan tools with DevOps Intelligence
The Devops Intelligence Secure dashboard presents vulnerability details for static scan, license compliance, dependency check and container vulnerability scan in accordance with the following list:
  • Staticscan shows vulnerabilities from SonarQube
  • License scan shows license compliance details: License Compliance information is sent to DevOps Intelligence using Bring Your Own License Compliance APIs.
  • Dependency check shows vulnerabilities from Dependency Track
  • Container vulnerabilities scan shows image vulnerabilities: Container Vulnerability scan information is sent to DevOps Intelligence using Bring Your Own Image Scan APIs
Secure functionality is applicable only for premium plan in DevOps Intelligence.

Bringing data into DevOps Intelligence

To bring your own Deploy tools complete the following steps:
  1. Go to the DevOps Intelligence Tools Configuration page and navigate to the Tokens tab.
  2. Click on Create Token and give a unique Token name.
  3. Select Token Type as Secure, then click on the Create button.
  4. A new entry will be added to the table. In the table entry.
  5. Click on the vertical ellipsis icon on the respective row and select the view/regenerate token option.
  6. Copy that token by clicking copy icon in the token field.
To Post Data to the APIs mentioned below, Add the service Token (see: Create Service Token) to the
Authorization
header of the request. See cURL Example for reference

Format

Step 1: TOKEN {the-service-token-from-step1}
Example:
TOKEN 74h5cR8sETSJRvOFkdbsISY3lsgfNGu_V5aNur4Pxu1Jh8kP0NQBJhuWQsRmGzTX
Step 2:  API Reference
API /technical-services/{technicalServiceID}/image-scan?scannedBy=anchore&scannedTime=2021-06-28T12%3A07%3A29.104834%2B05%3A37
URL: https://{devops-intelligence-host}/dash/api/build/v3/technical-services/{technicalServiceID}/image-scan?scannedBy=anchore&scannedTime=2021-06-28T12%3A07%3A29.104834%2B05%3A37
Parameters
Parameter
Type
Explanation
Example Value
serviceName*
PATH
serviceName is a repository in DevOps intelligence on which Container Vulnerability scan runs(repo name)
dev_secops
Authorization*
Header
Authorization has service token
74h5cR8sETSJRvOFkdbsISY3lsgfNGu_V5aNur4Pxu1Jh8kP0NQBJhuWQsRmGzTX
scannedBy*
Query Parameter
Tool which is used to scan the Container Vulnerability of the repositories
anchore
scannedTime*
Query Parameter
The time at which Container Vulnerability are scanned and time(2006-01-02T15:04:05.999999999Z07:00) should be URL encoded
2021-06-28T12%3A07%3A29.104834%2B05%3A37
scan *
BODY
Build Data in Json
{ "provider_href": "string", "vulnerable_image_scan": [ { "cvss_score": 0, "description": "string", "image_digest": "string", "package_name": "string", "package_path": "string", "package_version": "string", "severity": "string", "url_datasource": "string", "vulnerability_id": "string" } ] }

cURL example

Request
curl --location --request POST 'https://{devops-intelligence-host}/dash/api/build/v1/services/{serviceName}/image-scan?scannedBy=anchore&scannedTime=2021-06-28T12%3A07%3A29.104834%2B05%3A37' \ --header 'Authorization: TOKEN 74h5cR8sETSJRvOFkdbsISY3lsgfNGu_V5aNur4Pxu1Jh8kP0NQBJhuWQsRmGzTX' \ --header 'Content-Type: application/json' \ --data-raw '{ "provider_href": "https://github.kyndryl.net/" "vulnerable_image_scan": [ { "cvss_score": 0, "description": "description of vulnerability", "image_digest": "unique id for image digest", "package_name": "crypto", "package_path": "https://github.kyndryl.net/multicloud/crypto", "package_version": "0.1", "severity": "high", "url_datasource": "http://host/datastoreurl", "vulnerability_id": "xxxxxsfsdxxx" } ] }'
Response 200
"Total Number of records inserted successfully is 1"

Secure-Container-Vulnerability-Scan request body explained

Field
Data Type
Explanation
Example Value
provider_href
string
Provider URL on which container vulnerability is scanned
https://github.kyndryl.net/
cvss_score
int
cvss score
1
description
string
description
description for vulnerability
image_digest
string
image digest
github.com/Luzifer/go-openssl
package_name
string
package name
luzifer
package_path
string
location of package installed in system
/Users/anilsahu/go/pkg/mod/github.com/!luzifer/go-openssl/[email protected]
package_version
string
package version
0.1.2
severity
string
lseverity of vulnerability
critical, high, low, medium
url_datasource
string
datastore url
github.com/Luzifer/go-openssl
vulnerability_id
string
Vul ID
xxxxxsfsdxxx
Do you have two minutes for a quick survey?
Take Survey