Resources
Resources

Example: Connecting To Uleska for Reporting and Alerting

You can build your own Python script that will interact with Uleska, kick off testing, and extract information back into the CI/CD system.

Application ID and Version ID allows various projects and teams within the CI/CD system to set this up as a variable, in order to invoke the right testing toolkit for their project and version when it is needed.

arg_options.add_argument('--application_id', help="GUID for the application to reference", type=str)

 

arg_options.add_argument('--version_id', help="GUID for the application version/pipeline to reference", type=str)

You will also need the Bearer Token for authentication, which can be passed into the script or put into it as shown here.

s.headers.update({
'Content-Type': "application/json",
'cache-control': "no-cache" ,
'Authorization': "Bearer " + token
})

To invoke APIs, add in a host variable for the system where Uleska is running.

To kick off testing of an Application Version, use the Scan API, and input the Application ID and Version ID.

ScanURL = host + "SecureDesigner/api/v1/applications/" + application + "/versions/" + version + "/scan"

You can find these on the Uleska platform URL, Results page of your Application.

findingguids

Running this API should return a 200 response code which indicates that the tests have kicked off.

if StatusResponse.status_code != 200:
#Something went wrong, maybe server not up, maybe auth wrong
print("Non 200 status code returned when running scan. Code [" + str(StatusResponse.status_code) + "]")
sys.exit()

To check that it has completed, use the Scan API, which will tell you what scans are currently running on Uleska. Make sure the Version ID matches up to the one currently running.

for scan in running_scans_json:
if 'versionId' in scan:
if scan['versionId'] == version:
### our scan is still running, sleep and return
print ("Our Toolkit " + version + " is still running, waiting...\n")
time.sleep(10)

When testing has completed, use the Versions API to get the latest information about the last scan. Running this API will return JSON object 200, which will give you the ID of the latest run within reports.

if 'reports' in version_info:
for report in version_info['reports']:
#print ("Report is as follows \n\n" + str(report))
this_report = report_obj()

 

if 'id' in report:
this_report.id = report['id']

 

if 'vulnerabilityCount' in report:
this_report.vulncount = report['vulnerabilityCount']

 

reports_dict.append(this_report)

You can then take the latest report ID and call the Uleska Vulnerabilities API, which will give you all the vulnerabilities, details, risk and other information from the latest run, allowing you to make decisions in your CI/CD system.