You can build your own Python script that will interact with Uleska, kick off testing, and extract information back into the CI/CD system.
Application ID and Version ID allows various projects and teams within the CI/CD system to set this up as a variable, in order to invoke the right testing toolkit for their project and version when it is needed.
arg_options.add_argument('--version_id', help="GUID for the application version/pipeline to reference", type=str)
You will also need the Bearer Token for authentication, which can be passed into the script or put into it as shown here.
To invoke APIs, add in a host variable for the system where Uleska is running.
To kick off testing of an Application Version, use the Scan API, and input the Application ID and Version ID.
You can find these on the Uleska platform URL, Results page of your Application.
Running this API should return a 200 response code which indicates that the tests have kicked off.
To check that it has completed, use the Scan API, which will tell you what scans are currently running on Uleska. Make sure the Version ID matches up to the one currently running.
When testing has completed, use the Versions API to get the latest information about the last scan. Running this API will return JSON object 200, which will give you the ID of the latest run within reports.
if 'id' in report:
if 'vulnerabilityCount' in report:
You can then take the latest report ID and call the Uleska Vulnerabilities API, which will give you all the vulnerabilities, details, risk and other information from the latest run, allowing you to make decisions in your CI/CD system.