Product
Pricing
Resources
Docs
Product
Pricing
Resources
Docs

Connecting To Uleska for Reporting and Alerting

 

Custom Python Script

 

You can build your own Python script that will interact with Uleska, kick off testing, and extract information back into the CI/CD system.

Application ID and Version ID allows various projects and teams within the CI/CD system to set this up as a variable, in order to invoke the right testing toolkit for their project and version when it is needed.

 

arg_options.add_argument('--application_id', help="GUID for the application to reference", type=str)

 

arg_options.add_argument('--version_id', help="GUID for the application version/pipeline to reference", type=str)
 
Python
 
 
You will also need the Bearer Token for authentication, which can be passed into the script or put into it as shown here.
 
 
s.headers.update({
'Content-Type': "application/json",
'cache-control': "no-cache" ,
'Authorization': "Bearer " + token
})
 
Python
 
 
To invoke APIs, add in a host variable for the system where Uleska is running.

To kick off testing of an Application Version, use the Scan API, and input the Application ID and Version ID.
 
 
ScanURL = host + "SecureDesigner/api/v1/applications/" + application + "/versions/" + version + "/scan"
 
Python
 
 
You can find these on the Uleska platform URL, Results page of your Application.
 
 
Reporting_Alerting
 
Running this API should return a 200 response code which indicates that the tests have kicked off.
 
 
if StatusResponse.status_code != 200:
#Something went wrong, maybe server not up, maybe auth wrong
print("Non 200 status code returned when running scan. Code [" + str(StatusResponse.status_code) + "]")
sys.exit()
 
Python
 
To check that it has completed, use the Scan API, which will tell you what scans are currently running on Uleska. Make sure the Version ID matches up to the one currently running.
 
 
for scan in running_scans_json:
if 'versionId' in scan:
if scan['versionId'] == version:
### our scan is still running, sleep and return
print ("Our Toolkit " + version + " is still running, waiting...\n")
time.sleep(10)
 
Python
 
 
When testing has completed, use the Versions API to get the latest information about the last scan. Running this API will return JSON object 200, which will give you the ID of the latest run within reports.
 
 
if 'reports' in version_info:
for report in version_info['reports']:
#print ("Report is as follows \n\n" + str(report))
this_report = report_obj()

 

if 'id' in report:
this_report.id = report['id']

 

if 'vulnerabilityCount' in report:
this_report.vulncount = report['vulnerabilityCount']

 

reports_dict.append(this_report)
 
Python
 
You can then take the latest report ID and call the Uleska Vulnerabilities API, which will give you all the vulnerabilities, details, risk and other information from the latest run, allowing you to make decisions in your CI/CD system.