JFrog Xray: Creating Jira Issues using webhooks in a breeze
By Shai Ben-Zvi
JFrog Xray offers an end-to-end security scanning solution covering the full development lifecycle of your artifacts. This includes vulnerability analysis, security and license compliance, artifact flow control, distribution and more. When Xray finds a security or a licence issue, it will trigger a violation for it. One of the most common use cases during the development cycle is to have the ability to track these issues using commonly used tools such as Jira, and Xray Webhooks allow you to do that.
First, what’s a webhook?
A Webhook is an API concept which is used to alter web requests behaviors with custom callbacks, used by third party users, developers or programs which are not necessarily affiliated with the originating website or application. This can also be referred to as “Reverse API”.
Let’s say that we have a violation triggered by Xray, and we have an Xray policy with a watch that’s configured to send a Webhook to a specific third party application. To make the .json file that’s automatically created readable and usable by the third party application, we can use a simple script that can parse the data and display it in a Jira ticket or even a Slack message.
5 easy steps to implement Xray webhooks that work with Jira
Here’s what we’ll need to do this:
Create a ‘light’ server which will know how to listen to remote requests.
Configure an Xray webhook that’s associated with a policy that will trigger it.
Understand the structure of an Xray Webhook .json file, in order to parse the information correctly. (see Infected Files Structure snippet in section below)
Once we’re able to parse the information, we need to define what we want to send to our JIRA server and what information the issue will contain. (see Create Jira from Xray Handler snippet in section below)
Implement the Jira server interaction with this information.
Why is Go the best way to go?
Go is a SUPER easy language to use! With just a few lines of code, we can easily create a server that’s up and running in no time, and knows how to listen to HTTP requests. From my experience, compared to other languages, this is much easier to do using the Go programming language.
SERVING CUSTOMERS AND COMMUNITIES DURING THE COVID-19 OUTBREAK
Two of JFrog’s core values are CARE and OPEN COMMUNICATION.
These traits extend not only to our employees and customers but also to the global communities we serve.
Like you, we’re closely monitoring local and global health updates and making bold decisions to ensure the safety of our regional teams and broad communities around the world.
Our unwavering commitments to:
R&D, Pro-services and Conferences: We’ve implemented travel and office attendance policies that minimize possible viral exposure to employees, partners and guests, in accordance with local and regional health authorities. All JFrog offices are working according to this policy to allow our team to keep the business healthy and secure.
SLA Support Services:
Our business and production systems are globally available and run smoothly across geographies. Based on your subscription level, you will also still enjoy 24/7 support and the attention to detail you’ve come to expect from JFrog.
Proactive Online Availability: All of our people, products and assets are available online, with video rooms around the globe and expanding digital services across time zones. All monitoring of DevOps services, digital assets and collateral are available electronically.
Obviously, we take DevOps seriously. We take our commitments to you seriously. And we take our global commitments to health and wellbeing most seriously of all.
Frogs only leap forward – never backward.
Wishing you and yours a future of good health.