Details

    • Type: Improvement
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Xray
    • Labels:
      None

      Description

      Hi,

      Today only email notifications of policy rule display link to the scanned component and link to the triggered watch.

      In our team we would like those links in webhook notifications with something like watch_url and issues.impacted_artifacts[*].url new fields :

      {
        "created": "2019-04-24T12:57:22.237366105Z",
        "top_severity": "High",
        "watch_name": "atom",
        "watch_url": "https://xray.example.com/web/#/watches/atom/edit",
        "policy_name": "atom-sec-policy",
        "issues": [
          {
            "severity": "High",
            "type": "security",
            "provider": "JFrog",
            "created": "2019-02-17T09:32:55.548Z",
            "summary": "A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.",
            "description": "A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.",
            "impacted_artifacts": [
              {
                "name": "lodash-3.10.1.tgz",
                "display_name": "lodash:3.10.1",
                "url": "https://xray.example.com/web/#/component/details/npm:~2F~2Flodash/3.10.1",
                "path": "artifactory/npm-atom-local/lodash/-/",
                "pkg_type": "Npm",
                "sha256": "4578a0a45fae7bfc8f0ea464e9ca3b1330ad6d2c4696d61dc7e7afdcf4e2c925",
                "sha1": "",
                "depth": 0,
                "parent_sha": "4578a0a45fae7bfc8f0ea464e9ca3b1330ad6d2c4696d61dc7e7afdcf4e2c925",
                "infected_files": [
                  {
                    "path": "",
                    "depth": 0,
                    "pkg_type": "Generic"
                  }
                ]
              }
            ],
            "cve": "CVE-2018-16487"
          }
        ]
      }
      

      Thanks!

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mkilt Maxime Kilt
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: