Integrating with Webhooks

For using webhooks, you will require six endpoints, which are;

  • Test connection
  • Create Issue
  • Get Issue Details
  • Update Issue Status
  • Add Attachment
  • Get Issue Comments

Test Connection

Valid Test Connection: Response Status Code 200

Sample Request:

curl --location --request GET '{Server URL}/api/v1/test'  --header 'X-Kondukto-Secret: {Kondukto Secret} '

Expected Response:

{
    "connection": true
}

Missing Security Header Example: Response Status Code 403

Sample Request:

curl --location --request GET '{Server URL}/api/v1/test'

Expected Response:

{
    "message": "missing secret key"
}

Create Issue

Valid Create Issue Request: Response Status Code 201

Sample Request:

curl --location --request POST '{Server URL}/api/v1/issues' \
--header 'Accept: application/json' \
--header 'X-Kondukto-Secret: {Kondukto Secret)} \
--header 'Content-Type: application/json' \
--data-raw '{{data-raw}}'

Payload (Raw Data):

{
    "status": "open",
    "title": "Denial_Of_Service_Resource_Exhaustion (CWE-400)",
    "fp": false,
    "link": "http://172.16.192.212/CxWebClient/ViewerMain.aspx?scanid=1020487&projectid=10255&pathid=16",
    "name": "Denial_Of_Service_Resource_Exhaustion",
    "path": "vendor/github.com/magiconair/properties/load.go",
    "severity": "medium",
    "status": "new",
    "project_name": "project1",
    "template_md": 'A **medium** severity vulnerability has been discovered in your project.\n\nProject Name: **Kdt**\n\nScanner Name: **checkmarx**\n\n\nCwe ID: **400**\n\nCwe Name: **Uncontrolled Resource Consumption (Resource Exhaustion)**\n\nCwe Link: https://cwe.mitre.org/data/definitions/400.html\n\n\n\n\n\n\nFile: vendor/github.com/magiconair/properties/load.go\n\n\n\nLine: 284\n\n\n\n<details><summary>Code:</summary>\n<pre>\n<code>\n-279 - \tswitch enc {\n-280 - \tcase utf8Default, UTF8:\n-281 - \t\treturn string(buf)\n-282 - \tcase ISO_8859_1:\n-283 - \t\trunes := make([]rune, len(buf))\n*284 - \t\tfor i, b := range buf {\n-285 - \t\t\trunes[i] = rune(b)\n-286 - \t\t}\n-287 - \t\treturn string(runes)\n-288 - \tdefault:\n-289 - \t\tErrorHandler(fmt.Errorf(&#34;unsupported encoding %v&#34;, enc))\n\n</code>\n</pre>\n</details>\n\n\n\nLanguage: go\n\n\n\nCommit Author: Rojhat Sinan Balka\n\n\n\nCommit Link: (https://gitlab.com/yeyisan/kdt.git/-/commit/1b9743426cc5b2de8470d5b207928d44bb1140ea)\n\n\n\n\n\n\n\n\n \n\n\n \n\n\n \n\n\n\n \n\n\n\n\n\n<details><summary>Kondukto Remediation</summary>\n<i>1: remediation for CWE-400\n</i>\n</details>\n\n\n\n\n\n\n\n\nCustom Description: test\n\n',
    "assignee": {
        "email": "",
        "username": ""
    },
    "labels": [
        "Bug",
        "KONDUKTO"
    ],
    "vulnerability": {
        "cvssv3": {
            "score": 6
        },
        "detail": {
            "scan_parameters": {
                "branch": "master",
                "custom": {
                    "params": {
                        "forceScan": false,
                        "isIncremental": false,
                        "projectId": 10255
                    },
                    "type": 1105
                }
            },
            "scanner": {
                "id": "5eb46b769acc227b01437cd6",
                "name": "checkmarx",
                "type": "sast"
            },
            "comment": {
                "last_edited": "2021-12-23T08:42:56.671Z",
                "text": "test comments"
            },
            "cs": {
                "ok": false
            },
            "cwe": {
                "_id": "5b893aa1e5c38799ad21ebe1",
                "classification": {
                    "owasp_2017": {},
                    "owasp_2021": {},
                    "pci_dss": {},
                    "sans": {}
                },
                "cwe_id": 400,
                "desc": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
                "desc_ext": "",
                "isActive": 0,
                "name": "Uncontrolled Resource Consumption (Resource Exhaustion)",
                "parent_id": 399,
                "stride": null,
                "wasc": 0
            },
            "dast": {
                "ok": false,
                "plugin": {
                    "id": "",
                    "name": ""
                }
            },
            "iac": {
                "commit_detail": {
                    "committer_name": ""
                },
                "ok": false
            },
            "infra": {
                "cve_id": "",
                "exploitable": false,
                "fqdn": "",
                "ip": "",
                "ok": false,
                "os": "",
                "plugin": {
                    "id": "",
                    "name": ""
                },
                "port": "",
                "proof": "",
                "protocol": "",
                "service": "",
                "vpr": ""
            },
            "project": {
                "id": "61bca4e52838a24af8dbb31a",
                "name": "Kdt",
                "team": "default"
            },
            "sast": {
                "code": "for i, b := range buf {",
                "code_lines": [
                    {
                        "content": "\tswitch enc {\n",
                        "number": 279
                    },
                    {
                        "content": "\tcase utf8Default, UTF8:\n",
                        "number": 280
                    },
                    {
                        "content": "\t\treturn string(buf)\n",
                        "number": 281
                    },
                    {
                        "content": "\tcase ISO_8859_1:\n",
                        "number": 282
                    },
                    {
                        "content": "\t\trunes := make([]rune, len(buf))\n",
                        "number": 283
                    },
                    {
                        "content": "\t\tfor i, b := range buf {\n",
                        "number": 284,
                        "vulnerable": true
                    },
                    {
                        "content": "\t\t\trunes[i] = rune(b)\n",
                        "number": 285
                    },
                    {
                        "content": "\t\t}\n",
                        "number": 286
                    },
                    {
                        "content": "\t\treturn string(runes)\n",
                        "number": 287
                    },
                    {
                        "content": "\tdefault:\n",
                        "number": 288
                    },
                    {
                        "content": "\t\tErrorHandler(fmt.Errorf(\"unsupported encoding %v\", enc))\n",
                        "number": 289
                    }
                ],
                "commit_detail": {
                    "commit_diff": "diff --git a/vendor/github.com/magiconair/properties/load.go b/vendor/github.com/magiconair/properties/load.go\nnew file mode 100644\nindex 0000000000000000000000000000000000000000..c8e1b580417ca5612dced6131578a4fd2715ba2b\n--- /dev/null\n+++ b/vendor/github.com/magiconair/properties/load.go\[email protected]@ -0,0 +1,292 @@\n+// Copyright 2018 Frank Schroeder. All rights reserved.\n+// Use of this source code is governed by a BSD-style\n+// license that can be found in the LICENSE file.\n+\n+package properties\n+\n+import (\n+\t\"fmt\"\n+\t\"io/ioutil\"\n+\t\"net/http\"\n+\t\"os\"\n+\t\"strings\"\n+)\n+\n+//",
                    "commit_link": "https://gitlab.com/yeyisan/kdt.git/-/commit/1b9743426cc5b2de8470d5b207928d44bb1140ea",
                    "commit_no": "1b9743426cc5b2de8470d5b207928d44bb1140ea",
                    "committer": "",
                    "committer_name": "",
                    "snippet": "for i, b := range buf {"
                },
                "file_name": "vendor/github.com/magiconair/properties/load.go",
                "flow": {
                    "nodes": [
                        {
                            "Code": "data, err := ioutil.ReadFile(filename)",
                            "Filename": "vendor/github.com/magiconair/properties/load.go",
                            "Line": 94,
                            "Message": "",
                            "Name": "ReadFile"
                        },
                        {
                            "Code": "data, err := ioutil.ReadFile(filename)",
                            "Filename": "vendor/github.com/magiconair/properties/load.go",
                            "Line": 94,
                            "Message": "",
                            "Name": "data"
                        },
                        {
                            "Code": "return l.loadBytes(data, l.Encoding)",
                            "Filename": "vendor/github.com/magiconair/properties/load.go",
                            "Line": 102,
                            "Message": "",
                            "Name": "data"
                        },
                        {
                            "Code": "func (l *Loader) loadBytes(buf []byte, enc Encoding) (*Properties, error) {",
                            "Filename": "vendor/github.com/magiconair/properties/load.go",
                            "Line": 148,
                            "Message": "",
                            "Name": "buf"
                        },
                        {
                            "Code": "p, err := parse(convert(buf, enc))",
                            "Filename": "vendor/github.com/magiconair/properties/load.go",
                            "Line": 149,
                            "Message": "",
                            "Name": "buf"
                        },
                        {
                            "Code": "func convert(buf []byte, enc Encoding) string {",
                            "Filename": "vendor/github.com/magiconair/properties/load.go",
                            "Line": 278,
                            "Message": "",
                            "Name": "buf"
                        },
                        {
                            "Code": "runes := make([]rune, len(buf))",
                            "Filename": "vendor/github.com/magiconair/properties/load.go",
                            "Line": 283,
                            "Message": "",
                            "Name": "buf"
                        },
                        {
                            "Code": "for i, b := range buf {",
                            "Filename": "vendor/github.com/magiconair/properties/load.go",
                            "Line": 284,
                            "Message": "",
                            "Name": "buf"
                        },
                        {
                            "Code": "for i, b := range buf {",
                            "Filename": "vendor/github.com/magiconair/properties/load.go",
                            "Line": 284,
                            "Message": "",
                            "Name": "len"
                        },
                        {
                            "Code": "for i, b := range buf {",
                            "Filename": "vendor/github.com/magiconair/properties/load.go",
                            "Line": 284,
                            "Message": "",
                            "Name": "<"
                        }
                    ]
                },
                "language": "go",
                "line_number": 284,
                "ok": true
            },
            "sca": {
                "file_name": "",
                "license": "",
                "ok": false,
                "packages": null,
                "references": null
            },
        },
    }

Get Issue Details

Valid Get Issue Request: Response status Code 200

Sample Request:

curl --location --request GET '{Server URL}/api/v1/issues/1640249015470395000' \
--header 'X-Kondukto-Secret: {Kondukto Secret}'

Expected Response:

{
    "id": "1640249015470395000",
    "status": "open",
    "title": "Denial_Of_Service_Resource_Exhaustion (CWE-400)",
    "template_md": "",
    "assignee": {
        "email": "",
        "username": "[email protected]"
    },
    "labels": [
        "Bug",
        "KONDUKTO"
    ], 

}

Update Issue Status

Valid Issue Update Request: Response Status Code 200

Sample Request:

curl --location --request PATCH '{Server URL}/api/v1/issues/1639981740332776000' \
--header 'Accept: application/json' \
--headr `X-Kondukto-Secret: {Kondukto Secret}`\
--header 'Content-Type: application/json' \
--data-raw '{
       "status": "closed" # allowed values are open,closed }'

Expected Response:

{
  "id": "1640331222914174000",
  "status": "closed"
   ....       

}

Add attachments

Valid Add Attachments Request: Response Status Code 200

Sample Request:

curl --location --request POST '{Server URL}/api/v1/issues/1640241035417634000/attachments' \
--header 'Accept: application/json' \
--header 'X-Kondukto-Secret: {Kondukto Secret}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "attachments": [
        {
            "title": "image1",
            "base64_content": "byte array"
        },
        {
            "title": "image1",
            "base64_content": "byte array"
        }
    ]
}'

Expected Response:

{
    "message": "attachments added successfully"
}

Get Issue Comments

Valid Get Comments Request: Response Status Code 200

Sample Request:

curl --location --request GET '{Server URL}/api/v1/issues/1640174964942146000/comments' \
--header 'Accept: application/json' \
--header 'X-Kondukto-Secret: {Kondukto Secret}'

Expected Response:

{
    "comments": [
        {
            "created_at": "2021-12-22T15:58:46.779745+03:00",
            "body": "something something",
            "author": {
                "email": "",
                "username": ""
            }
        },
        {
            "created_at": "2021-12-22T16:00:52.490011+03:00",
            "body": "kondukto: something new for resolving the vuln",
            "author": {
                "email": "",
                "username": ""
            }
        }
    ] 

}