Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Webhook - additional fields #254

Open
MalcolmCyber opened this issue Jan 31, 2022 · 3 comments
Open

Webhook - additional fields #254

MalcolmCyber opened this issue Jan 31, 2022 · 3 comments
Labels
enhancement question

Comments

@MalcolmCyber
Copy link

MalcolmCyber commented Jan 31, 2022
edited
Loading

At present, it seems that the webhook output only provides a small subset of the data found from the vulnerability e.g.:

{
                   "aqua_score": 2.1,
                   "aqua_score_classification": "NVD CVSS V2 Score: 2.1",
                   "aqua_scoring_system": "CVSS V2",
                   "aqua_severity": "low",
                   "aqua_severity_classification": "NVD CVSS V2 Score: 2.1",
                   "aqua_vectors": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
                   "description": "Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.",
                   "modification_date": "2010-05-25",
                   "name": "CVE-2001-1268",
                   "nvd_score": 2.1,
                   "nvd_score_version": "CVSS v2",
                   "nvd_severity": "low",
                   "nvd_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1268",
                   "nvd_vectors": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
                   "publish_date": "2001-07-12"
               }

Is it possible to add the following keys and values to the for each vulnerability found..

  • Referenced By
  • Vendor CVSS score (is CVSS v2 on the example, I’m guessing other data may present as CVSS v3)
  • Vendor CVSS severity (is CVSS v2 on the example, I’m guessing other data may present as CVSS v3)
  • Fix Version
  • Solution

For the image itself

  • Last image scan (could be scan date)
  •  When it was last run.
@simar7
Copy link
Member

simar7 commented Feb 1, 2022

Hi @MalcolmCyber - it should be possible, what use case do you have for this?

@MalcolmCyber
Copy link
Author

Hi @simar7 - we're looking to create a central dashboard of all our apps and platforms for senior execs by sending data from Aqua to an internal analytics platform. These fields are what the execs are interested in and currently can't be consumed via the webhook option

@simar7
Copy link
Member

simar7 commented Feb 11, 2022

thanks @MalcolmCyber - we'll take a look into it and get back to you.

kairi003 pushed a commit to kairi003/postee that referenced this issue Oct 18, 2022
@erikgb
chore: upgrade to Ginkgo v2 (aquasecurity#254)
6b72e81 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simar7 @MalcolmCyber