Importing reports via Lambda Function using a Report File

To send scanning data to Appsec Portal

You have the capability to import reports into the AppsecPortal using the provided function below.

import json
import urllib.request
import urllib3


def import_report(<>):
    
    appsec_portal_api_token = "Token " + <
    
    while True:
        try:
            url = 'https://<>/api/v1/scan/import/'
            body = {
                "file": ("<>.json", json.dumps(<>)),
                "product_name": "<>",
                "product_type": "<>",
                "scanner_name": "<>",
                "branch": "", 
                "repository": "<>",
                "docker_image": "<>", 
                "domain": "<>", 
                "host": "<>"
            }
            data, header = urllib3.encode_multipart_formdata(body)
            r = urllib.request.Request(url, data=data)
            r.add_header('Authorization', appsec_portal_api_token)
            r.add_header('Content-Type', header)
            response = urllib.request.urlopen(r)
            print(response.getcode())
        except Exception as e:
            raise e
        break
    return {
        'statusCode': 200,
        'body': json.dumps('Event successfully imported')
    }

Replace the following parameters:

  • <event> with the name of your file containing report

  • <appsec portal api key> with the key of your authorization token

  • <portal address> with the address of your Appsec Portal

  • <product name> with the name of your product

  • <product_type> with the name of your product type

  • <scanner name> with the name of your scanner

  • <branch> (optional) with the the name of the branch in the source code repository (if applicable) This parameter is particularly useful when you want to associate the scan results with a specific branch in your repository. If not provided, the scan will be associated with the default branch

Asset information, if an auditor is used

  • <repository>If your product is code in a repository enter the address of your repository in a specific format, for example: git@gitlab.com:whitespots-public/appsec-portal.git

  • <docker_image> If your product is image enter the address of the registry where your product is located, for example: registry.gitlab.com/whitespots-public/appsec-portal/back/auto_validator:latest

  • <domain> If your product is web enter the domain name of your product, for example: whitespots.io

  • <host> If your product is web enter the IP address of your product, for example: 0.0.0.0

Congratulations!πŸŽ‰ Your function is now ready to send reports to Appsec Portal

Last updated