Importing reports via Lambda Function using a Report File

You have the capability to import reports into the AppSec Portal using the provided function below.

import json
import urllib.request
import urllib3


def import_report(<event>):
    
    appsec_portal_api_token = "Token " + <appsec portal api_key>
    
    while True:
        try:
            url = 'https://<portal_address>/api/v1/scan/import/'
            body = {
                "file": ("<event>.json", json.dumps(<event>)),
                "product_name": "<product name>",
                "product_type": "<product_type>",
                "scanner_name": "<scanner name>",
                "branch": "<branch_name>", 
                "repository": "<repository SSH URL>",
                "docker_image": "<registry address>", 
                "domain": "<domain>", 
                "host": "<host>"
            }
            data, header = urllib3.encode_multipart_formdata(body)
            r = urllib.request.Request(url, data=data)
            r.add_header('Authorization', appsec_portal_api_token)
            r.add_header('Content-Type', header)
            response = urllib.request.urlopen(r)
            print(response.getcode())
        except Exception as e:
            raise e
        break
    return {
        'statusCode': 200,
        'body': json.dumps('Event successfully imported')
    }

Replace the following parameters:

  • <event> with the name of your file containing report
  • <appsec portal api key> with the key of your authorization token
  • <portal address> with the address of your AppSec Portal
  • <product name> with the name of your product
  • <product_type> with the name of your product type
  • <scanner name> with the name of your scanner
  • <branch> (optional) with the the name of the branch in the source code repository (if applicable) This parameter is particularly useful when you want to associate the scan results with a specific branch in your repository. If not provided, the scan will be associated with the default branch

Asset information, if an auditor is used

  • <repository>If your product is code in a repository enter the address of your repository in a specific format, for example: git@gitlab.com:whitespots-public/appsec-portal.git
  • <docker_image> If your product is image enter the address of the registry where your product is located, for example: registry.gitlab.com/whitespots-public/appsec-portal/back/auto_validator:latest
  • <domain> If your product is web enter the domain name of your product, for example: whitespots.io
  • <host> If your product is web enter the IP address of your product, for example: 0.0.0.0

Congratulations!๐ŸŽ‰ Your function is now ready to send reports to AppSec Portal

Previous
๐Ÿ”Œ Importing reports from scanners to AppSec Portal
Next
Importing reports via Terminal using a Report File