availability
Package: Invicti AppSec Enterprise (on-premise, on-demand)
Integrate via webhooks
Invicti AppSec provides six different webhook endpoints for integrating with external issue management systems:
- Test connection
- Create issue
- Get issue details
- Update issue status
- Add attachments
- Get issue comments
Test connection
Test the connection to your webhook endpoint to verify integration functionality.
Valid test connection
Response Status Code: 200
Sample Request:
curl --location --request GET '{IssueManagerURL}/api/v1/test' \
--header 'X-Kondukto-Secret: {IssueManagerToken}'
Expected Response:
{
"connection": true
}
Missing security header example
Response Status Code: 403
Sample Request:
curl --location --request GET '{IssueManagerURL}/api/v1/test'
Expected Response:
{
"message": "missing secret key"
}
Create issue
Create a new issue in your external issue management system when vulnerabilities are detected.
Valid create issue request
Response Status Code: 201
Sample Request:
curl --location --request POST '{IssueManagerURL}/api/v1/issues' \
--header 'Accept: application/json' \
--header 'X-Kondukto-Secret: {IssueManagerToken}' \
--header 'Content-Type: application/json' \
--data-raw '{{data-raw}}'
Payload (raw data)
{
"status": "open",
"title": "Denial_Of_Service_Resource_Exhaustion (CWE-400)",
"fp": false,
"link": "http://172.16.192.212/CxWebClient/ViewerMain.aspx?scanid=1020487&projectid=10255&pathid=16",
"name": "Denial_Of_Service_Resource_Exhaustion",
"path": "vendor/github.com/magiconair/properties/load.go",
"severity": "medium",
"template_md": 'A **medium** severity vulnerability has been discovered in your project.\n\nProject Name: **Kdt**\n\nScanner Name: **checkmarx**\n\n\nCwe ID: **400**\n\nCwe Name: **Uncontrolled Resource Consumption (Resource Exhaustion)**\n\nCwe Link: https://cwe.mitre.org/data/definitions/400.html\n\n\n\n\n\n\nFile: vendor/github.com/magiconair/properties/load.go\n\n\n\nLine: 284\n\n\n\n<details><summary>Code:</summary>\n<pre>\n<code>\n-279 - \tswitch enc {\n-280 - \tcase utf8Default, UTF8:\n-281 - \t\treturn string(buf)\n-282 - \tcase ISO_8859_1:\n-283 - \t\trunes := make([]rune, len(buf))\n*284 - \t\tfor i, b := range buf {\n-285 - \t\t\trunes[i] = rune(b)\n-286 - \t\t}\n-287 - \t\treturn string(runes)\n-288 - \tdefault:\n-289 - \t\tErrorHandler(fmt.Errorf("unsupported encoding %v", enc))\n\n</code>\n</pre>\n</details>\n\n\n\nLanguage: go\n\n\n\nCommit Author: Rojhat Sinan Balka\n\n\n\nCommit Link: (https://gitlab.com/yeyisan/kdt.git/-/commit/1b9743426cc5b2de8470d5b207928d44bb1140ea)\n\n\n\n\n\n\n\n\n \n\n\n \n\n\n \n\n\n\n \n\n\n\n\n\n<details><summary>Kondukto Remediation</summary>\n<i>1: remediation for CWE-400\n</i>\n</details>\n\n\n\n\n\n\n\n\nCustom Description: test\n\n',
"project_name": "project1",
"due_date": "2006-01-02T15:04:05Z07:00",
"assignee": {
"email": "",
"username": ""
},
"labels": [
"Bug",
"KONDUKTO"
],
"vulnerability": {
"cvssv3": {
"score": 6
},
"detail": {
"scan_parameters": {
"branch": "master",
"custom": {
"params": {
"forceScan": false,
"isIncremental": false,
"projectId": 10255
},
"type": 1105
}
},
"scanner": {
"id": "5eb46b769acc227b01437cd6",
"name": "checkmarx",
"type": "sast"
},
"comment": {
"last_edited": "2021-12-23T08:42:56.671Z",
"text": "test comments"
},
"cs": {
"ok": false
},
"cwe": {
"_id": "5b893aa1e5c38799ad21ebe1",
"classification": {
"owasp_2017": {},
"owasp_2021": {},
"pci_dss": {},
"sans": {}
},
"cwe_id": 400,
"desc": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
"desc_ext": "",
"isActive": 0,
"name": "Uncontrolled Resource Consumption (Resource Exhaustion)",
"parent_id": 399,
"stride": null,
"wasc": 0
},
"dast": {
"ok": false,
"plugin": {
"id": "",
"name": ""
}
},
"iac": {
"commit_detail": {
"committer_name": ""
},
"ok": false
},
"infra": {
"cve_id": "",
"exploitable": false,
"fqdn": "",
"ip": "",
"ok": false,
"os": "",
"plugin": {
"id": "",
"name": ""
},
"port": "",
"proof": "",
"protocol": "",
"service": "",
"vpr": ""
},
"project": {
"id": "61bca4e52838a24af8dbb31a",
"name": "Kdt",
"team": "default"
},
"sast": {
"code": "for i, b := range buf {",
"code_lines": [
{
"content": "\tswitch enc {\n",
"number": 279
},
{
"content": "\tcase utf8Default, UTF8:\n",
"number": 280
},
{
"content": "\t\treturn string(buf)\n",
"number": 281
},
{
"content": "\tcase ISO_8859_1:\n",
"number": 282
},
{
"content": "\t\trunes := make([]rune, len(buf))\n",
"number": 283
},
{
"content": "\t\tfor i, b := range buf {\n",
"number": 284,
"vulnerable": true
},
{
"content": "\t\t\trunes[i] = rune(b)\n",
"number": 285
},
{
"content": "\t\t}\n",
"number": 286
},
{
"content": "\t\treturn string(runes)\n",
"number": 287
},
{
"content": "\tdefault:\n",
"number": 288
},
{
"content": "\t\tErrorHandler(fmt.Errorf(\"unsupported encoding %v\", enc))\n",
"number": 289
}
],
"commit_detail": {
"commit_diff": "diff --git a/vendor/github.com/magiconair/properties/load.go b/vendor/github.com/magiconair/properties/load.go\nnew file mode 100644\nindex 0000000000000000000000000000000000000000..c8e1b580417ca5612dced6131578a4fd2715ba2b\n--- /dev/null\n+++ b/vendor/github.com/magiconair/properties/load.go\n@@ -0,0 +1,292 @@\n+// Copyright 2018 Frank Schroeder. All rights reserved.\n+// Use of this source code is governed by a BSD-style\n+// license that can be found in the LICENSE file.\n+\n+package properties\n+\n+import (\n+\t\"fmt\"\n+\t\"io/ioutil\"\n+\t\"net/http\"\n+\t\"os\"\n+\t\"strings\"\n+)\n+\n+//",
"commit_link": "https://gitlab.com/yeyisan/kdt.git/-/commit/1b9743426cc5b2de8470d5b207928d44bb1140ea",
"commit_no": "1b9743426cc5b2de8470d5b207928d44bb1140ea",
"committer": "",
"committer_name": "",
"snippet": "for i, b := range buf {"
},
"file_name": "vendor/github.com/magiconair/properties/load.go",
"flow": {
"nodes": [
{
"Code": "data, err := ioutil.ReadFile(filename)",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 94,
"Message": "",
"Name": "ReadFile"
},
{
"Code": "data, err := ioutil.ReadFile(filename)",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 94,
"Message": "",
"Name": "data"
},
{
"Code": "return l.loadBytes(data, l.Encoding)",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 102,
"Message": "",
"Name": "data"
},
{
"Code": "func (l *Loader) loadBytes(buf []byte, enc Encoding) (*Properties, error) {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 148,
"Message": "",
"Name": "buf"
},
{
"Code": "p, err := parse(convert(buf, enc))",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 149,
"Message": "",
"Name": "buf"
},
{
"Code": "func convert(buf []byte, enc Encoding) string {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 278,
"Message": "",
"Name": "buf"
},
{
"Code": "runes := make([]rune, len(buf))",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 283,
"Message": "",
"Name": "buf"
},
{
"Code": "for i, b := range buf {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 284,
"Message": "",
"Name": "buf"
},
{
"Code": "for i, b := range buf {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 284,
"Message": "",
"Name": "len"
},
{
"Code": "for i, b := range buf {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 284,
"Message": "",
"Name": "<"
}
]
},
"language": "go",
"line_number": 284,
"ok": true
},
"sca": {
"file_name": "",
"license": "",
"ok": false,
"packages": null,
"references": null
},
},
}
Expected response
{
"id":"1640249015470395000",
"status": "open",
"title": "Denial_Of_Service_Resource_Exhaustion (CWE-400)",
"fp": false,
"link": "http://172.16.192.212/CxWebClient/ViewerMain.aspx?scanid=1020487&projectid=10255&pathid=16",
"name": "Denial_Of_Service_Resource_Exhaustion",
"path": "vendor/github.com/magiconair/properties/load.go",
"severity": "medium",
"template_md": 'A **medium** severity vulnerability has been discovered in your project.\n\nProject Name: **Kdt**\n\nScanner Name: **checkmarx**\n\n\nCwe ID: **400**\n\nCwe Name: **Uncontrolled Resource Consumption (Resource Exhaustion)**\n\nCwe Link: https://cwe.mitre.org/data/definitions/400.html\n\n\n\n\n\n\nFile: vendor/github.com/magiconair/properties/load.go\n\n\n\nLine: 284\n\n\n\n<details><summary>Code:</summary>\n<pre>\n<code>\n-279 - \tswitch enc {\n-280 - \tcase utf8Default, UTF8:\n-281 - \t\treturn string(buf)\n-282 - \tcase ISO_8859_1:\n-283 - \t\trunes := make([]rune, len(buf))\n*284 - \t\tfor i, b := range buf {\n-285 - \t\t\trunes[i] = rune(b)\n-286 - \t\t}\n-287 - \t\treturn string(runes)\n-288 - \tdefault:\n-289 - \t\tErrorHandler(fmt.Errorf("unsupported encoding %v", enc))\n\n</code>\n</pre>\n</details>\n\n\n\nLanguage: go\n\n\n\nCommit Author: Rojhat Sinan Balka\n\n\n\nCommit Link: (https://gitlab.com/yeyisan/kdt.git/-/commit/1b9743426cc5b2de8470d5b207928d44bb1140ea)\n\n\n\n\n\n\n\n\n \n\n\n \n\n\n \n\n\n\n \n\n\n\n\n\n<details><summary>Kondukto Remediation</summary>\n<i>1: remediation for CWE-400\n</i>\n</details>\n\n\n\n\n\n\n\n\nCustom Description: test\n\n',
"project_name": "project1",
"due_date": "2006-01-02T15:04:05Z07:00",
"assignee_id": "user789",
"labels": [
"Bug",
"KONDUKTO"
],
"vulnerability": {
"cvssv3": {
"score": 6
},
"detail": {
"scan_parameters": {
"branch": "master",
"custom": {
"params": {
"forceScan": false,
"isIncremental": false,
"projectId": 10255
},
"type": 1105
}
},
"scanner": {
"id": "5eb46b769acc227b01437cd6",
"name": "checkmarx",
"type": "sast"
},
"comment": {
"last_edited": "2021-12-23T08:42:56.671Z",
"text": "test comments"
},
"cs": {
"ok": false
},
"cwe": {
"_id": "5b893aa1e5c38799ad21ebe1",
"classification": {
"owasp_2017": {},
"owasp_2021": {},
"pci_dss": {},
"sans": {}
},
"cwe_id": 400,
"desc": "The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.",
"desc_ext": "",
"isActive": 0,
"name": "Uncontrolled Resource Consumption (Resource Exhaustion)",
"parent_id": 399,
"stride": null,
"wasc": 0
},
"dast": {
"ok": false,
"plugin": {
"id": "",
"name": ""
}
},
"iac": {
"commit_detail": {
"committer_name": ""
},
"ok": false
},
"infra": {
"cve_id": "",
"exploitable": false,
"fqdn": "",
"ip": "",
"ok": false,
"os": "",
"plugin": {
"id": "",
"name": ""
},
"port": "",
"proof": "",
"protocol": "",
"service": "",
"vpr": ""
},
"project": {
"id": "61bca4e52838a24af8dbb31a",
"name": "Kdt",
"team": "default"
},
"sast": {
"code": "for i, b := range buf {",
"code_lines": [
{
"content": "\tswitch enc {\n",
"number": 279
},
{
"content": "\tcase utf8Default, UTF8:\n",
"number": 280
},
{
"content": "\t\treturn string(buf)\n",
"number": 281
},
{
"content": "\tcase ISO_8859_1:\n",
"number": 282
},
{
"content": "\t\trunes := make([]rune, len(buf))\n",
"number": 283
},
{
"content": "\t\tfor i, b := range buf {\n",
"number": 284,
"vulnerable": true
},
{
"content": "\t\t\trunes[i] = rune(b)\n",
"number": 285
},
{
"content": "\t\t}\n",
"number": 286
},
{
"content": "\t\treturn string(runes)\n",
"number": 287
},
{
"content": "\tdefault:\n",
"number": 288
},
{
"content": "\t\tErrorHandler(fmt.Errorf(\"unsupported encoding %v\", enc))\n",
"number": 289
}
],
"commit_detail": {
"commit_diff": "diff --git a/vendor/github.com/magiconair/properties/load.go b/vendor/github.com/magiconair/properties/load.go\nnew file mode 100644\nindex 0000000000000000000000000000000000000000..c8e1b580417ca5612dced6131578a4fd2715ba2b\n--- /dev/null\n+++ b/vendor/github.com/magiconair/properties/load.go\n@@ -0,0 +1,292 @@\n+// Copyright 2018 Frank Schroeder. All rights reserved.\n+// Use of this source code is governed by a BSD-style\n+// license that can be found in the LICENSE file.\n+\n+package properties\n+\n+import (\n+\t\"fmt\"\n+\t\"io/ioutil\"\n+\t\"net/http\"\n+\t\"os\"\n+\t\"strings\"\n+)\n+\n+//",
"commit_link": "https://gitlab.com/yeyisan/kdt.git/-/commit/1b9743426cc5b2de8470d5b207928d44bb1140ea",
"commit_no": "1b9743426cc5b2de8470d5b207928d44bb1140ea",
"committer": "",
"committer_name": "",
"snippet": "for i, b := range buf {"
},
"file_name": "vendor/github.com/magiconair/properties/load.go",
"flow": {
"nodes": [
{
"Code": "data, err := ioutil.ReadFile(filename)",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 94,
"Message": "",
"Name": "ReadFile"
},
{
"Code": "data, err := ioutil.ReadFile(filename)",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 94,
"Message": "",
"Name": "data"
},
{
"Code": "return l.loadBytes(data, l.Encoding)",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 102,
"Message": "",
"Name": "data"
},
{
"Code": "func (l *Loader) loadBytes(buf []byte, enc Encoding) (*Properties, error) {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 148,
"Message": "",
"Name": "buf"
},
{
"Code": "p, err := parse(convert(buf, enc))",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 149,
"Message": "",
"Name": "buf"
},
{
"Code": "func convert(buf []byte, enc Encoding) string {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 278,
"Message": "",
"Name": "buf"
},
{
"Code": "runes := make([]rune, len(buf))",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 283,
"Message": "",
"Name": "buf"
},
{
"Code": "for i, b := range buf {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 284,
"Message": "",
"Name": "buf"
},
{
"Code": "for i, b := range buf {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 284,
"Message": "",
"Name": "len"
},
{
"Code": "for i, b := range buf {",
"Filename": "vendor/github.com/magiconair/properties/load.go",
"Line": 284,
"Message": "",
"Name": "<"
}
]
},
"language": "go",
"line_number": 284,
"ok": true
},
"sca": {
"file_name": "",
"license": "",
"ok": false,
"packages": null,
"references": null
},
},
},
"links": {
"self": "{WebhookAPI_GetIssueRequestPathURL}",
"html": "{CustomIssueManager_IssueURL}"
}
}
Get issue details
Retrieve details for a specific issue from your external issue management system.
Valid get issue request
Response Status Code: 200
Sample Request:
curl --location --request GET '{IssueManagerURL}/api/v1/issues/1640249015470395000' \
--header 'X-Kondukto-Secret: {IssueManagerToken}'
Expected Response:
{
"id": "1640249015470395000",
"status": "open",
"title": "Denial_Of_Service_Resource_Exhaustion (CWE-400)",
"template_md": "",
"assignee": {
"email": "",
"username": "admin@admin.io"
},
"labels": [
"Bug",
"KONDUKTO"
],
"links": {
"self": "{WebhookAPI_GetIssueRequestPathURL}",
"html": "{CustomIssueManager_IssueURL}"
}
}
Update issue status
Update the status of an existing issue in your external issue management system.
Valid issue update request
Response Status Code: 200
Sample Request:
curl --location --request PATCH '{IssueManagerURL}/api/v1/issues/1639981740332776000' \
--header 'Accept: application/json' \
--header 'X-Kondukto-Secret: {IssueManagerToken}' \
--header 'Content-Type: application/json' \
--data-raw '{
"status": "closed"
}'
Allowed values
The status field accepts the following values: open, closed
Expected Response:
{
"id": "1640331222914174000",
"status": "closed"
}
Add attachments
Add file attachments to an existing issue in your external issue management system.
Valid add attachments request
Response Status Code: 200
Sample Request:
curl --location --request POST '{IssueManagerURL}/api/v1/issues/1640241035417634000/attachments' \
--header 'Accept: application/json' \
--header 'X-Kondukto-Secret: {Kondukto Secret}' \
--header 'Content-Type: application/json' \
--data-raw '{
"attachments": [
{
"title": "image1",
"base64_content": "byte array"
},
{
"title": "image2",
"base64_content": "byte array"
}
]
}'
Expected Response:
{
"message": "attachments added successfully"
}
Get issue comments
Retrieve comments for a specific issue from your external issue management system.
Valid get comments request
Response Status Code: 200
Sample Request:
curl --location --request GET '{IssueManagerURL}/api/v1/issues/1640174964942146000/comments' \
--header 'Accept: application/json' \
--header 'X-Kondukto-Secret: {IssueManagerToken}'
Expected Response:
{
"comments": [
{
"created_at": "2021-12-22T15:58:46.779745+03:00",
"body": "something something",
"author": {
"email": "",
"username": ""
}
},
{
"created_at": "2021-12-22T16:00:52.490011+03:00",
"body": "kondukto: something new for resolving the vuln",
"author": {
"email": "",
"username": ""
}
}
]
}
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center
Was this page useful?