Integrating with Webhooks
Kondukto presents six different webhook endpoints;
- Test connection
- Create Issue
- Get Issue Details
- Update Issue Status
- Add Attachment
- Get Issue Comments
Test Connection
Valid Test Connection: Response Status Code 200
Sample Request:
curl --location --request GET '{IssueManagerURL}/api/v1/test' --header 'X-Kondukto-Secret: {IssueManagerToken}'
Expected Response:
{
"connection": true
}
Missing Security Header Example: Response Status Code 403
Sample Request:
curl --location --request GET '{IssueManagerURL}/api/v1/test'
Expected Response:
{
"message": "missing secret key"
}
Create Issue
Valid Create Issue Request: Response Status Code 201
Sample Request:
curl --location --request POST '{IssueManagerURL}/api/v1/issues' \
--header 'Accept: application/json' \
--header 'X-Kondukto-Secret: {IssueManagerToken}' \
--header 'Content-Type: application/json' \
--data-raw '{{data-raw}}'
Payload (Raw Data):
{
"status": "open",
"title": "Denial_Of_Service_Resource_Exhaustion (CWE-400)",
"fp": false,
"link": "http://172.16.192.212/CxWebClient/ViewerMain.aspx?scanid=1020487&projectid=10255&pathid=16",
"name": "Denial_Of_Service_Resource_Exhaustion",
"path": "vendor/github.com/magiconair/properties/load.go",
"severity": "medium",
"template_md": 'A **medium** severity vulnerability has been discovered in your project.\n\nProject Name: **Kdt**\n\nScanner Name: **checkmarx**\n\n\nCwe ID: **400**\n\nCwe Name: **Uncontrolled Resource Consumption (Resource Exhaustion)**\n\nCwe Link: https://cwe.mitre.org/data/definitions/400.html\n\n\n\n\n\n\nFile: vendor/github.com/magiconair/properties/load.go\n\n\n\nLine: 284\n\n\n\n<details><summary>Code:</summary>\n<pre>\n<code>\n-279 - \tswitch enc {\n-280 - \tcase utf8Default, UTF8:\n-281 - \t\treturn string(buf)\n-282 - \tcase ISO_8859_1:\n-283 - \t\trunes := make([]rune, len(buf))\n*284 - \t\tfor i, b := range buf {\n-285 - \t\t\trunes[i] = rune(b)\n-286 - \t\t}\n-287 - \t\treturn string(runes)\n-288 - \tdefault:\n-289 - \t\tErrorHandler(fmt.Errorf("unsupported encoding %v", enc))\n\n</code>\n</pre>\n</details>\n\n\n\nLanguage: go\n\n\n\nCommit Author: Rojhat Sinan Balka\n\n\n\nCommit Link: (https://gitlab.com/yeyisan/kdt.git/-/commit/1b9743426cc5b2de8470d5b207928d44bb1140ea)\n\n\n\n\n\n\n\n\n \n\n\n \n\n\n \n\n\n\n \n\n\n\n\n\n<details><summary>Kondukto Remediation</summary>\n<i>1: remediation for CWE-400\n</i>\n</details>\n\n\n\n\n\n\n\n\nCustom Description: test\n\n',
"project_name": "project1",
"due_date": "2006-01-02T15:04:05Z07:00",
"assignee": {
"email": "",
"username": ""
},
"labels": [
"Bug",
"KONDUKTO"
],
"vulnerability": {
"cvssv3": {
"score": 6
},
"detail": {
"scan_parameters": {
"branch": "master",
"custom": {
"params": {
"forceScan": false,
"isIncremental": false,
"projectId": 10255
},
"type": 1105
}
},
"scanner": {
"id": "5eb46b769acc227b01437cd6",
"name": "checkmarx",
"type": "sast"
},
"comment": {
"last_edited": "2021-12-23T08:42:56.671Z",
"text": "test comments"
},
"cs": {
"ok": false
},
"cwe": {
"_id": "5b893aa1e5c38799ad21ebe1",
"classification": {
"owasp_2017": {},
"owasp_2021": {},
"pci_dss": {},
"sans": {}
},
"cwe_id": 400,
"desc": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
"desc_ext": "",
"isActive": 0,
"name": "Uncontrolled Resource Consumption (Resource Exhaustion)",
"parent_id": 399,
"stride": null,
"wasc": 0
},
"dast": {
"ok": false,
"plugin": {
"id": "",
"name": ""
}
},
"iac": {
"commit_detail": {
"committer_name": ""
},
"ok": false
},
"infra": {
"cve_id": "",
"exploitable": false,
"fqdn": "",
"ip": "",
"ok": false,
"os": "",
"plugin": {
"id": "",
"name": ""
},
"port": "",
"proof": "",
"protocol": "",
"service": "",
"vpr": ""
},
"project": {
"id": "61bca4e52838a24af8dbb31a",
"name": "Kdt",
"team": "default"
},
"sast": {
"code": "for i, b := range buf {",
"code_lines": [
{
"content": "\tswitch enc {\n",
"number": 279
},
{
"content": "\tcase utf8Default, UTF8:\n",
"number": 280
},
{
"content": "\t\treturn string(buf)\n",
"number": 281
},
{
"content": "\tcase ISO_8859_1:\n",
"number": 282
},
{
"content": "\t\trunes := make([]rune, len(buf))\n",
"number": 283
},
{
"content": "\t\tfor i, b := range buf {\n",
"number": 284,
"vulnerable": true
},
{
"content": "\t\t\trunes[i] = rune(b)\n",
"number": 285
},
{
"content": "\t\t}\n",
"number": 286
},
{
"content": "\t\treturn string(runes)\n",
"number": 287
},
{
"content": "\tdefault:\n",
"number": 288
},
{
"content": "\t\tErrorHandler(fmt.Errorf(\"unsupported encoding %v\", enc))\n",
"number": 289
}
],
"commit_detail": {
"commit_diff": "diff --git a/vendor/github.com/magiconair/properties/load.go b/vendor/github.com/magiconair/properties/load.go\nnew file mode 100644\nindex 0000000000000000000000000000000000000000..c8e1b580417ca5612dced6131578a4fd2715ba2b\n--- /dev/null\n+++ b/vendor/github.com/magiconair/properties/load.go\n@@ -0,0 +1,292 @@\n+// Copyright 2018 Frank Schroeder. All rights reserved.\n+// Use of this source code is governed by a BSD-style\n+// license that can be found in the LICENSE file.\n+\n+package properties\n+\n+import (\n+\t\"fmt\"\n+\t\"io/ioutil\"\n+\t\"net/http\"\n+\t\"os\"\n+\t\"strings\"\n+)\n+\n+//",
"commit_link": "https://gitlab.com/yeyisan/kdt.git/-/commit/1b9743426cc5b2de8470d5b207928d44bb1140ea",
"commit_no": "1b9743426cc5b2de8470d5b207928d44bb1140ea",
"committer": "",
"committer_name": "",
"snippet": "for i, b := range buf {"
},
"file_name": "vendor/github.com/magiconair/properties/load.go",
"flow": {
"nodes": [
{
"Code": "data, err := ioutil.ReadFile(filename)",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 94,
"Message": "",
"Name": "ReadFile"
},
{
"Code": "data, err := ioutil.ReadFile(filename)",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 94,
"Message": "",
"Name": "data"
},
{
"Code": "return l.loadBytes(data, l.Encoding)",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 102,
"Message": "",
"Name": "data"
},
{
"Code": "func (l *Loader) loadBytes(buf []byte, enc Encoding) (*Properties, error) {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 148,
"Message": "",
"Name": "buf"
},
{
"Code": "p, err := parse(convert(buf, enc))",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 149,
"Message": "",
"Name": "buf"
},
{
"Code": "func convert(buf []byte, enc Encoding) string {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 278,
"Message": "",
"Name": "buf"
},
{
"Code": "runes := make([]rune, len(buf))",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 283,
"Message": "",
"Name": "buf"
},
{
"Code": "for i, b := range buf {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 284,
"Message": "",
"Name": "buf"
},
{
"Code": "for i, b := range buf {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 284,
"Message": "",
"Name": "len"
},
{
"Code": "for i, b := range buf {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 284,
"Message": "",
"Name": "<"
}
]
},
"language": "go",
"line_number": 284,
"ok": true
},
"sca": {
"file_name": "",
"license": "",
"ok": false,
"packages": null,
"references": null
},
},
}
Expected Response:
{
"id":"1640249015470395000",
"status": "open",
"title": "Denial_Of_Service_Resource_Exhaustion (CWE-400)",
"fp": false,
"link": "http://172.16.192.212/CxWebClient/ViewerMain.aspx?scanid=1020487&projectid=10255&pathid=16",
"name": "Denial_Of_Service_Resource_Exhaustion",
"path": "vendor/github.com/magiconair/properties/load.go",
"severity": "medium",
"template_md": 'A **medium** severity vulnerability has been discovered in your project.\n\nProject Name: **Kdt**\n\nScanner Name: **checkmarx**\n\n\nCwe ID: **400**\n\nCwe Name: **Uncontrolled Resource Consumption (Resource Exhaustion)**\n\nCwe Link: https://cwe.mitre.org/data/definitions/400.html\n\n\n\n\n\n\nFile: vendor/github.com/magiconair/properties/load.go\n\n\n\nLine: 284\n\n\n\n<details><summary>Code:</summary>\n<pre>\n<code>\n-279 - \tswitch enc {\n-280 - \tcase utf8Default, UTF8:\n-281 - \t\treturn string(buf)\n-282 - \tcase ISO_8859_1:\n-283 - \t\trunes := make([]rune, len(buf))\n*284 - \t\tfor i, b := range buf {\n-285 - \t\t\trunes[i] = rune(b)\n-286 - \t\t}\n-287 - \t\treturn string(runes)\n-288 - \tdefault:\n-289 - \t\tErrorHandler(fmt.Errorf("unsupported encoding %v", enc))\n\n</code>\n</pre>\n</details>\n\n\n\nLanguage: go\n\n\n\nCommit Author: Rojhat Sinan Balka\n\n\n\nCommit Link: (https://gitlab.com/yeyisan/kdt.git/-/commit/1b9743426cc5b2de8470d5b207928d44bb1140ea)\n\n\n\n\n\n\n\n\n \n\n\n \n\n\n \n\n\n\n \n\n\n\n\n\n<details><summary>Kondukto Remediation</summary>\n<i>1: remediation for CWE-400\n</i>\n</details>\n\n\n\n\n\n\n\n\nCustom Description: test\n\n',
"project_name": "project1",
"due_date": "2006-01-02T15:04:05Z07:00",
"assignee_id": "user789",
"labels": [
"Bug",
"KONDUKTO"
],
"vulnerability": {
"cvssv3": {
"score": 6
},
"detail": {
"scan_parameters": {
"branch": "master",
"custom": {
"params": {
"forceScan": false,
"isIncremental": false,
"projectId": 10255
},
"type": 1105
}
},
"scanner": {
"id": "5eb46b769acc227b01437cd6",
"name": "checkmarx",
"type": "sast"
},
"comment": {
"last_edited": "2021-12-23T08:42:56.671Z",
"text": "test comments"
},
"cs": {
"ok": false
},
"cwe": {
"_id": "5b893aa1e5c38799ad21ebe1",
"classification": {
"owasp_2017": {},
"owasp_2021": {},
"pci_dss": {},
"sans": {}
},
"cwe_id": 400,
"desc": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
"desc_ext": "",
"isActive": 0,
"name": "Uncontrolled Resource Consumption (Resource Exhaustion)",
"parent_id": 399,
"stride": null,
"wasc": 0
},
"dast": {
"ok": false,
"plugin": {
"id": "",
"name": ""
}
},
"iac": {
"commit_detail": {
"committer_name": ""
},
"ok": false
},
"infra": {
"cve_id": "",
"exploitable": false,
"fqdn": "",
"ip": "",
"ok": false,
"os": "",
"plugin": {
"id": "",
"name": ""
},
"port": "",
"proof": "",
"protocol": "",
"service": "",
"vpr": ""
},
"project": {
"id": "61bca4e52838a24af8dbb31a",
"name": "Kdt",
"team": "default"
},
"sast": {
"code": "for i, b := range buf {",
"code_lines": [
{
"content": "\tswitch enc {\n",
"number": 279
},
{
"content": "\tcase utf8Default, UTF8:\n",
"number": 280
},
{
"content": "\t\treturn string(buf)\n",
"number": 281
},
{
"content": "\tcase ISO_8859_1:\n",
"number": 282
},
{
"content": "\t\trunes := make([]rune, len(buf))\n",
"number": 283
},
{
"content": "\t\tfor i, b := range buf {\n",
"number": 284,
"vulnerable": true
},
{
"content": "\t\t\trunes[i] = rune(b)\n",
"number": 285
},
{
"content": "\t\t}\n",
"number": 286
},
{
"content": "\t\treturn string(runes)\n",
"number": 287
},
{
"content": "\tdefault:\n",
"number": 288
},
{
"content": "\t\tErrorHandler(fmt.Errorf(\"unsupported encoding %v\", enc))\n",
"number": 289
}
],
"commit_detail": {
"commit_diff": "diff --git a/vendor/github.com/magiconair/properties/load.go b/vendor/github.com/magiconair/properties/load.go\nnew file mode 100644\nindex 0000000000000000000000000000000000000000..c8e1b580417ca5612dced6131578a4fd2715ba2b\n--- /dev/null\n+++ b/vendor/github.com/magiconair/properties/load.go\n@@ -0,0 +1,292 @@\n+// Copyright 2018 Frank Schroeder. All rights reserved.\n+// Use of this source code is governed by a BSD-style\n+// license that can be found in the LICENSE file.\n+\n+package properties\n+\n+import (\n+\t\"fmt\"\n+\t\"io/ioutil\"\n+\t\"net/http\"\n+\t\"os\"\n+\t\"strings\"\n+)\n+\n+//",
"commit_link": "https://gitlab.com/yeyisan/kdt.git/-/commit/1b9743426cc5b2de8470d5b207928d44bb1140ea",
"commit_no": "1b9743426cc5b2de8470d5b207928d44bb1140ea",
"committer": "",
"committer_name": "",
"snippet": "for i, b := range buf {"
},
"file_name": "vendor/github.com/magiconair/properties/load.go",
"flow": {
"nodes": [
{
"Code": "data, err := ioutil.ReadFile(filename)",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 94,
"Message": "",
"Name": "ReadFile"
},
{
"Code": "data, err := ioutil.ReadFile(filename)",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 94,
"Message": "",
"Name": "data"
},
{
"Code": "return l.loadBytes(data, l.Encoding)",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 102,
"Message": "",
"Name": "data"
},
{
"Code": "func (l *Loader) loadBytes(buf []byte, enc Encoding) (*Properties, error) {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 148,
"Message": "",
"Name": "buf"
},
{
"Code": "p, err := parse(convert(buf, enc))",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 149,
"Message": "",
"Name": "buf"
},
{
"Code": "func convert(buf []byte, enc Encoding) string {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 278,
"Message": "",
"Name": "buf"
},
{
"Code": "runes := make([]rune, len(buf))",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 283,
"Message": "",
"Name": "buf"
},
{
"Code": "for i, b := range buf {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 284,
"Message": "",
"Name": "buf"
},
{
"Code": "for i, b := range buf {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 284,
"Message": "",
"Name": "len"
},
{
"Code": "for i, b := range buf {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 284,
"Message": "",
"Name": "<"
}
]
},
"language": "go",
"line_number": 284,
"ok": true
},
"sca": {
"file_name": "",
"license": "",
"ok": false,
"packages": null,
"references": null
},
},
},
"links": {
"self": "{WebhookAPI_GetIssueRequestPathURL}",
"html": "{CustomIssueManager_IssueURL}"
}
}
Get Issue Details
Valid Get Issue Request: Response status Code 200
Sample Request:
curl --location --request GET '{IssueManagerURL}/api/v1/issues/1640249015470395000' \
--header 'X-Kondukto-Secret: {IssueManagerToken}'
Expected Response:
{
"id": "1640249015470395000",
"status": "open",
"title": "Denial_Of_Service_Resource_Exhaustion (CWE-400)",
"template_md": "",
"assignee": {
"email": "",
"username": "[email protected]"
},
"labels": [
"Bug",
"KONDUKTO"
],
"links": {
"self": "{WebhookAPI_GetIssueRequestPathURL}",
"html": "{CustomIssueManager_IssueURL}"
}
}
Update Issue Status
Valid Issue Update Request: Response Status Code 200
Sample Request:
curl --location --request PATCH '{IssueManagerURL}/api/v1/issues/1639981740332776000' \
--header 'Accept: application/json' \
--header 'X-Kondukto-Secret: {IssueManagerToken}' \
--header 'Content-Type: application/json' \
--data-raw '{
"status": "closed" # allowed values are open,closed }'
Expected Response:
{
"id": "1640331222914174000",
"status": "closed"
....
}
Add attachments
Valid Add Attachments Request: Response Status Code 200
Sample Request:
curl --location --request POST '{IssueManagerURL}/api/v1/issues/1640241035417634000/attachments' \
--header 'Accept: application/json' \
--header 'X-Kondukto-Secret: {Kondukto Secret}' \
--header 'Content-Type: application/json' \
--data-raw '{
"attachments": [
{
"title": "image1",
"base64_content": "byte array"
},
{
"title": "image1",
"base64_content": "byte array"
}
]
}'
Expected Response:
{
"message": "attachments added successfully"
}
Get Issue Comments
Valid Get Comments Request: Response Status Code 200
Sample Request:
curl --location --request GET '{IssueManagerURL}/api/v1/issues/1640174964942146000/comments' \
--header 'Accept: application/json' \
--header 'X-Kondukto-Secret: {IssueManagerToken}'
Expected Response:
{
"comments": [
{
"created_at": "2021-12-22T15:58:46.779745+03:00",
"body": "something something",
"author": {
"email": "",
"username": ""
}
},
{
"created_at": "2021-12-22T16:00:52.490011+03:00",
"body": "kondukto: something new for resolving the vuln",
"author": {
"email": "",
"username": ""
}
}
]
}
Updated 4 months ago