Cloud Services

DevOps Intelligence

Expand menu Collapse menu

Bring Your Own Static Scan

Published On Nov 05, 2024 - 1:34 PM

Bring Your Own Static Scan

Learn how to integrate Staticscan tools to Kyndryl Modern Operations – DevOps Intelligence

Devops Intelligence Secure dashboard represents vulnerability details for static scan, license compliance, dependency check & container vulnerability scan.

With Bring Your Own Static Scan
APIs, vulnerability scan information is transmitted to DevOps Intelligence. Every time a piece of code violates a coding guideline, tools like Sonarquebe highlight a problem. Each issue has one of five severity levels: Blocker
, Critical
, High
, Major
, Minor
, and Info
. DevOps Intelligence allows users to provide a list of vulnerabilities, generate metrics based on these vulnerabilities, and display severity ratings based on the parameters listed below.

A
= 0 Vulnerabilities
B
= at least 1 Minor Vulnerability C
= at least 1 Major Vulnerability D
= at least 1 Critical Vulnerability E
= at least 1 Blocker Vulnerability

Secure functionality is applicable only for premium plan in DevOps Intelligence.

Bring Data into DevOps Intelligence

To bring your own Build tools complete the following steps:

Go to the DevOps Intelligence Tools Configuration page and navigate to the Tokens tab.

Click on Create Token and give a unique Token name.

Select Token Type as Build, then click on the Create button.

A new entry will be added to the table in the table entry.

Click on the vertical ellipsis icon on the respective row and select the view/regenerate token option.

Copy that token by clicking copy icon in the token field.

To Post Data to the APIs mentioned below, Add the service Token (see: Create Service Token) to the Authorization
header of the request. See cURL Example for reference

Format

Step 1: TOKEN {the-service-token-from-step1}

Example :
TOKEN 74h5cR8sETSJRvOFkdbsISY3lsgfNGu_V5aNur4Pxu1Jh8kP0NQBJhuWQsRmGzTX

Step 2: API Reference

API : technical-services/static-scan

URL : https://{devops-intelligence-host}/dash/api/build/v3/technical-services/staticscan

Parameters

Parameter	Type	Explanation	Example Value
Authorization*	Header	Authorization has a service token	74h5cR8sETSJRvOFkdbsISY3lsgfNGu_V5aNur4Pxu1Jh8kP0NQBJhuWQsRmGzTX
vulscan *	BODY	Scan Data in Json	{ "endpoint_hostname": "string", "provider_href": "string", "scannedby": "string", "scanned_time": "string", "technical_service": "string", "technical_service_tag": { "additionalProp1": "string", "additionalProp2": "string", "additionalProp3": "string" }, "technicalserviceoverride": true, "vulnerabilities": [ { "actions": [ "string" ], "attr": { "jira-issue-key": "string" }, "author": "string", "closeDate": "string", "comments": [ { "createdAt": "string", "htmlText": "string", "key": "string", "login": "string", "markdown": "string", "updatable": true } ], "component": "string", "creationDate": "string", "debt": "string", "effort": "string", "hash": "string", "key": "string", "line": 0, "message": "string", "project": "string", "resolution": "string", "rule": "string", "severity": "string", "status": "string", "tags": [ "string" ], "textRange": { "endLine": 0, "endOffset": 0, "startLine": 0, "startOffset": 0 }, "transitions": [ "string" ], "type": "string", "updateDate": "string" } ], "vulnerability_density": 0 }

URL Example :

Request

curl -X 'POST' \
 'dash/api/dev_secops/v3/technical-services/static-scan' \
 -H 'accept: application/json' \
 -H 'Authorization: Token aJzv1zn_G-XmerycnRhX1uzUGyPZZWvbK-bcRdAZoRs6XzIUnThfLnolc0sTrzoL' \
 -H 'Content-Type: application/json' \
 -d '{
 "endpoint_hostname": "123",
 "provider_href": "http://mytest.com",
 "scannedby": "BYO",
 "scanned_time": "2022-12-05T07:20:50.52Z",
 "technical_service": "myservice",
 "technical_service_tag": {
   "additionalProp1": "string",
   "additionalProp2": "string",
   "additionalProp3": "string"
 },
 "technicalserviceoverride": true,
 "vulnerabilities": [
   {
     "actions": [
       "string"
     ],
     "attr": {
       "jira-issue-key": "string"
     },
     "author": "string",
     "closeDate": "string",
     "comments": [
       {
         "createdAt": "string",
         "htmlText": "string",
         "key": "string",
         "login": "string",
         "markdown": "string",
         "updatable": true
       }
     ],
     "component": "string",
     "creationDate": "string",
     "debt": "string",
     "effort": "string",
     "hash": "string",
     "key": "newkey",
     "line": 0,
     "message": "string",
     "project": "string",
     "resolution": "string",
     "rule": "string",
     "severity": "Critical",
     "status": "OPEN",
     "tags": [
       "string"
     ],
     "textRange": {
       "endLine": 0,
       "endOffset": 0,
       "startLine": 0,
       "startOffset": 0
     },
     "transitions": [
       "string"
     ],
     "type": "string",
     "updateDate": "string"
   }
 ],
 "vulnerability_density": 0
}'

Response 200

"Total Number of records inserted successfully is 1"

Secure-Static-Scan-vulnerability Request Body Explained

Field	Data Type	Explanation	Example Value
endpoint_hostname	string	Name of the endpoints	"myOrg/myRepo"
provider_href *	string	Provider URL on which vulnerability is scanned	"http://mytest.com
scannedby *	string	Tool which is used to scan the Vunerabilities of the repositories	"BYO",
scanned_time *	string	Time of the scan in UTC	"2022-12-05T07:20:50.52Z" technical_service *
technicalserviceoverride	boolean	Override flag for the service	true
Vulnerabilities	Details of the fields
Key *	string	Value of the Key	"new_key"
Severity*	string	Severity of Vulnerability	critical, high, low, medium
Component	string	Name of the Component	"/var/lib/comp"
Project	string	Name of the Project	"DI-SecOps"
Rule	string	Rule Name	unused variable
Line	int32	Line number	124
Hash	string	Hash value	d94d76ad5f5cecd413e
Resolution	string	Reason of remediation	resolved
Status *	string	Status of the Vulnerability	OPEN, CONFIRMED, REOPEND
Message	string	Details of the Vulnerability	"This is created for BYO"
Effort	string	Time taken to resolve	30 min
Debt	string
Author	string	Name of the Author	Alice
Tags	[]string	Tages for the vulnerability	unused
CreationDate	string	Date of creation	"2022-12-05T07:20:50.52Z"
UpdateDate	string	Date of update	"2022-12-05T07:20:50.52Z"
CloseDate	string	Date of close	"2022-12-05T07:20:50.52Z"
Type	string	Type of Vulnerability	internal
TextRange	string	Range of texts
Comments	string	Comments on the vulnerability	"Created for the internal services"
Attr	[]string	Attributes
Transitions	string	transitions
Actions	string	Actions taken

Bring Your Own Tools

Do you have two minutes for a quick survey?

Take Survey