Importing reports via Lambda Function using a Report File

ยท

You have the capability to import reports into the AppSec Portal using the provided function below.

import json
import urllib.request
import urllib3


def import_report(<event>):
    
    appsec_portal_api_token = "Token " + <appsec portal api_key>
    
    while True:
        try:
            url = 'https://<portal_address>/api/v1/scan/import/'
            body = {
                "file": ("<event>.json", json.dumps(<event>)),
                "product_name": "<product name>",
                "product_type": "<product_type>",
                "scanner_name": "<scanner name>",
                "branch": "<branch_name>", 
                "repository": "<repository SSH URL>",
                "docker_image": "<registry address>", 
                "domain": "<domain>", 
                "host": "<host>"
            }
            data, header = urllib3.encode_multipart_formdata(body)
            r = urllib.request.Request(url, data=data)
            r.add_header('Authorization', appsec_portal_api_token)
            r.add_header('Content-Type', header)
            response = urllib.request.urlopen(r)
            print(response.getcode())
        except Exception as e:
            raise e
        break
    return {
        'statusCode': 200,
        'body': json.dumps('Event successfully imported')
    }

Replace the following parameters:

  • <event> with the name of your file containing report
  • <appsec portal api key> with the key of your authorization token
  • <portal address> with the address of your AppSec Portal
  • <product name> with the name of your product
  • <product_type> with the name of your product type
  • <scanner name> with the name of your scanner
  • <branch> (optional) with the the name of the branch in the source code repository (if applicable) This parameter is particularly useful when you want to associate the scan results with a specific branch in your repository. If not provided, the scan will be associated with the default branch

Asset information, if an auditor is used

  • <repository>If your product is code in a repository enter the address of your repository in a specific format, for example: git@gitlab.com:whitespots-public/appsec-portal.git
  • <docker_image> If your product is image enter the address of the registry where your product is located, for example: registry.gitlab.com/whitespots-public/appsec-portal/back/auto_validator:latest
  • <domain> If your product is web enter the domain name of your product, for example: whitespots.io
  • <host> If your product is web enter the IP address of your product, for example: 0.0.0.0

Congratulations!๐ŸŽ‰ Your function is now ready to send reports to AppSec Portal

Previous
๐Ÿ”Œ Importing reports from scanners to AppSec Portal
Next
Importing reports via Terminal using a Report File
โ† Blog home
Cookie Consent

Our website uses cookies to ensure the best user experience. Cookies help us to:

  • Authorize you

By clicking "Accept All Cookies", you consent to our use of cookies. You can also manage your preferences at any time by visiting our Cookie Settings page.

Learn More Manage Preferences