XRAY: Webhook Payload Format

XRAY: Webhook Payload Format

AuthorFullName__c
Raphael Zaafrani
articleNumber
000006214
ft:sourceType
Salesforce
FirstPublishedDate
2024-10-27T10:46:50Z
lastModifiedDate
2024-10-27
VersionNumber
3

Xray webhooks are a powerful tool for setting up custom automation to be triggered when vulnerabilities are detected. You can create such webhooks through the JFrog platform UI or APIOnce created, the webhooks can be added to any new or existing Policies as a rule under the Policy Rules List. 

Once set up you can start setting up your custom automation by using the data returned by Xray, the response data is formatted as follows:

 

Example Header:
POST    e4443264-a334-4ebb-8ba6-2c2a80958ef3
host    [WEBHOOK HOST]
version    HTTP/1.1
user-agent    Xray/3.104.8
authorization    Basic [KEY]
x-xray-version    3.104.8
accept-encoding    gzip
x-forwarded-for    [IP]
x-request-start    1727817952.632
x-forwarded-port    443
x-forwarded-proto    https

Example Body:
{
  "schema_version": "1.1",
  "alert_id": "66fc68dd0f12d302c68891c1",
  "created": "2024-10-01T21:25:49.935220997Z",
  "top_severity": "Critical",
  "watch_name": "test-watch",
  "policy_name": "test-policy",
  "policy_rule": "test-rule",
  "issues": [
    {
      "vulnerability_id": "XRAY-173753",
      "severity": "Medium",
      "type": "security",
      "provider": "JFrog",
      "created": "2021-04-25T16:08:43.13Z",
      "summary": "[Vulnerability Summary]",
      "description": "[Vulnerability description]",
      "impacted_artifacts": [
        {
          "name": "pinot-distribution-0.10.0.jar",
          "display_name": "org.apache.pinot:pinot-distribution:0.10.0",
          "path": "default/test-repository/org/apache/pinot/pinot-distribution/0.10.0/",
          "pkg_type": "Maven",
          "sha256": "1b8289cf21fffacfb70cbb844cd3d8e0610762a599c30378de9eb895329af81a",
          "sha1": "6a7fb558aaef69668417c081626183cb85d9f681",
          "depth": 0,
          "parent_sha": "1b8289cf21fffacfb70cbb844cd3d8e0610762a599c30378de9eb895329af81a",
          "infected_files": [
            {
              "name": "pom.xml",
              "path": "META-INF/maven/org.glassfish.jersey.core/jersey-common/",
              "sha256": "0000000000000000000000005e2da5df327912e725043569c6dc9f4b2f792ef9",
              "depth": 0,
              "parent_sha": "1b8289cf21fffacfb70cbb844cd3d8e0610762a599c30378de9eb895329af81a",
              "display_name": "org.glassfish.jersey.core:jersey-common:2.28",
              "pkg_type": "Maven",
              "impact_paths": [
                "org.glassfish.jersey.core:jersey-common:2.28",
                "org.apache.pinot:pinot-distribution:0.10.0"
              ]
            }
          ],
          "vulnerable_components": [
            {
              "name": "org.glassfish.jersey.core:jersey-common:2.28",
              "vulnerable_versions": [
                "2.28 ≤ Version < 2.34",
                "3.0.0 ≤ Version < 3.0.2"
              ],
              "fixed_versions": [
                "2.34",
                "3.0.2"
              ]
            }
          ]
        }
      ],
      "cve": "CVE-2021-28168",
      "cwe": [
        "CWE-732",
         ...
        "CWE-668"
      ],
      "cvss_v2": "2.1/CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N",
      "cvss_v3": "5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "applicability_details": null,
      "references": {
        "advisories": [
          {
            "url": "https://lists.apache.org/thread.html/r454f38e85db149869c5a92c993c402260a4f8599bf283f6cfaada972%40%3Cjira.kafka.apache.org%3E"
          },
          ...
      ,{
            "url": "https://lists.apache.org/thread.html/ra3290fe51b4546fac195724c4187c4cb7fc5809bc596c2f7e97606f4@%3Cjira.kafka.apache.org%3E"
          }
        ]
      }
    },
  ...
  ]
}