Custom Python Script
You can build your own Python script that will interact with Uleska, kick off testing, and extract information back into the CI/CD system.
Application ID and Version ID allows various projects and teams within the CI/CD system to set this up as a variable, in order to invoke the right testing toolkit for their project and version when it is needed.
arg_options.add_argument('--application_id', help="GUID for the application to reference", type=str)
arg_options.add_argument('--version_id', help="GUID for the application version/pipeline to reference", type=str)
Python
You will also need the Bearer Token for authentication, which can be passed into the script or put into it as shown here.
s.headers.update({
'Content-Type': "application/json",
'cache-control': "no-cache" ,
'Authorization': "Bearer " + token
})
'Content-Type': "application/json",
'cache-control': "no-cache" ,
'Authorization': "Bearer " + token
})
Python
To invoke APIs, add in a host variable for the system where Uleska is running.
To kick off testing of an Application Version, use the Scan API, and input the Application ID and Version ID.
To kick off testing of an Application Version, use the Scan API, and input the Application ID and Version ID.
ScanURL = host + "SecureDesigner/api/v1/applications/" + application + "/versions/" + version + "/scan"
Python
You can find these on the Uleska platform URL, Results page of your Application.
Running this API should return a 200 response code which indicates that the tests have kicked off.
if StatusResponse.status_code != 200:
#Something went wrong, maybe server not up, maybe auth wrong
print("Non 200 status code returned when running scan. Code [" + str(StatusResponse.status_code) + "]")
sys.exit()
#Something went wrong, maybe server not up, maybe auth wrong
print("Non 200 status code returned when running scan. Code [" + str(StatusResponse.status_code) + "]")
sys.exit()
Python
To check that it has completed, use the Scan API, which will tell you what scans are currently running on Uleska. Make sure the Version ID matches up to the one currently running.
for scan in running_scans_json:
if 'versionId' in scan:
if scan['versionId'] == version:
### our scan is still running, sleep and return
print ("Our Toolkit " + version + " is still running, waiting...\n")
time.sleep(10)
if 'versionId' in scan:
if scan['versionId'] == version:
### our scan is still running, sleep and return
print ("Our Toolkit " + version + " is still running, waiting...\n")
time.sleep(10)
Python
When testing has completed, use the Versions API to get the latest information about the last scan. Running this API will return JSON object 200, which will give you the ID of the latest run within reports.
if 'reports' in version_info:
for report in version_info['reports']:
#print ("Report is as follows \n\n" + str(report))
this_report = report_obj()
this_report.id = report['id']
this_report.vulncount = report['vulnerabilityCount']
for report in version_info['reports']:
#print ("Report is as follows \n\n" + str(report))
this_report = report_obj()
if 'id' in report:
this_report.id = report['id']
if 'vulnerabilityCount' in report:
this_report.vulncount = report['vulnerabilityCount']
reports_dict.append(this_report)
Python
You can then take the latest report ID and call the Uleska Vulnerabilities API, which will give you all the vulnerabilities, details, risk and other information from the latest run, allowing you to make decisions in your CI/CD system.