Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-19182

Enhanced Xray webhook payload

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Xray
    • Labels:
      None

      Description

      Hi,

      Today only email notifications of policy rule display link to the scanned component and link to the triggered watch.

      In our team we would like those links in webhook notifications with something like watch_url and issues.impacted_artifacts[*].url new fields :

      {
        "created": "2019-04-24T12:57:22.237366105Z",
        "top_severity": "High",
        "watch_name": "atom",
        "watch_url": "https://xray.example.com/web/#/watches/atom/edit",
        "policy_name": "atom-sec-policy",
        "issues": [
          {
            "severity": "High",
            "type": "security",
            "provider": "JFrog",
            "created": "2019-02-17T09:32:55.548Z",
            "summary": "A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.",
            "description": "A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.",
            "impacted_artifacts": [
              {
                "name": "lodash-3.10.1.tgz",
                "display_name": "lodash:3.10.1",
                "url": "https://xray.example.com/web/#/component/details/npm:~2F~2Flodash/3.10.1",
                "path": "artifactory/npm-atom-local/lodash/-/",
                "pkg_type": "Npm",
                "sha256": "4578a0a45fae7bfc8f0ea464e9ca3b1330ad6d2c4696d61dc7e7afdcf4e2c925",
                "sha1": "",
                "depth": 0,
                "parent_sha": "4578a0a45fae7bfc8f0ea464e9ca3b1330ad6d2c4696d61dc7e7afdcf4e2c925",
                "infected_files": [
                  {
                    "path": "",
                    "depth": 0,
                    "pkg_type": "Generic"
                  }
                ]
              }
            ],
            "cve": "CVE-2018-16487"
          }
        ]
      }
      

      Thanks!

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            mkilt Maxime Kilt
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: