search

splunk / github_app_for_splunk

A collection of dashboards and knowledge objects for Github data
MIT License
30 stars 25 forks source link

Link to GitHub finding in security alert dashboards #31

Closed leftrightleft closed 2 years ago

leftrightleft commented 2 years ago

When clicking on a finding in the Code Scanning Overview dashboard, the URL should point to the finding in GitHub.

The finding URL is available in the webhook message at alert.html_url

Sample webhook payload from Code Scanning:

{ [-]
   action: created
   alert: { [-]
     created_at: 2022-02-10T16:34:12Z
     dismissed_at: null
     dismissed_by: null
     dismissed_reason: null
     fixed_at: null
     html_url: https://github.com/octodemo/NodeGoat/security/code-scanning/2096
     instances_url: https://api.github.com/repos/octodemo/NodeGoat/code-scanning/alerts/2096/instances
     most_recent_instance: { [+]
     }

Reference: The other item, I think we'll be adding Security Scanning to that list of Security issues in the near future as well. So might be better to find a way to link to the alert in GitHub, rather than the CVE directly.

_Originally posted by @derkkila-splunk in https://github.com/splunk/github_app_for_splunk/issues/29#issuecomment-1035089080_

derkkila-splunk commented 2 years ago

We should be able to make the link the external reference for dependabot events or html URL for Code and Secret Scanning

Doug Erkkila

IT Field Solutions Engineer

Splunk Inc.

Mobile: (617) 575-9563

Boston | AMER | APAC | EMEA

This message is intended only for the personal, confidential, and authorized use of the recipient(s) named above. If you are not that person, you are not authorized to review, use, copy, forward, distribute or otherwise disclose the information contained in the message.

On Thu, Feb 10, 2022 at 1:59 PM Dan Shanahan @.***> wrote:

[ External sender. Exercise caution. ]

When clicking on a finding in the Code Scanning Overview dashboard, the URL should point to the finding in GitHub.

The finding URL is available in the webhook message at alert.html_url

{ [-] action: created alert: { [-] created_at: 2022-02-10T16:34:12Z dismissed_at: null dismissed_by: null dismissed_reason: null fixed_at: null html_url: https://github.com/octodemo/NodeGoat/security/code-scanning/2096 instances_url: https://api.github.com/repos/octodemo/NodeGoat/code-scanning/alerts/2096/instances most_recent_instance: { [+] }

Reference: The other item, I think we'll be adding Security Scanning to that list of Security issues in the near future as well. So might be better to find a way to link to the alert in GitHub, rather than the CVE directly.

Originally posted by @derkkila-splunk https://github.com/derkkila-splunk in #29 (comment) https://github.com/splunk/github_app_for_splunk/pull/29#issuecomment-1035089080

— Reply to this email directly, view it on GitHub https://github.com/splunk/github_app_for_splunk/issues/31, or unsubscribe https://github.com/notifications/unsubscribe-auth/AOC4OZPQG2LDBWFW4PR6YZDU2QDJLANCNFSM5OBWNXJQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>