Vulnerability Tickets

How to raise vulnerabilities into internal VM platform

PreviousGitLab Integration NextGitHub Issues

Last updated 6 months ago

Was this helpful?

Vulnerability Tickets

How to raise vulnerabilities into internal VM platform

For each finding identified within AquilaX, you have the option to create an issue in GitHub Issues, GitLab, or JIRA (Atlassian) to manage it directly within your own environment. The setup page provides clear guidance to help you configure everything.

For documentation purposes, we will demonstrate how to set up all three integration modes. However, you are free to use one, two, or all three based on your specific needs.

Organization Settings

Firstly let's make sure you give your organization access to to various tools; navigate under your organization and scroll down to the Integrations section, as bellow:

If you’re just getting started, chances are you haven’t set up any of these yet. Don’t worry—let’s walk through the setup step by step for each integration.

GitHub

Click on the GitHub option, and you will be redirected to the AquilaX GitHub authorization page

Here, you can select the level of access you wish to grant. In addition to read access for scanning, make sure to enable permissions for AquilaX to create issues as well.

GitLab

Setting up GitLab is straightforward. Simply generate an API token in GitLab and grant AquilaX the necessary permissions. This includes read access to your code and the ability to create GitLab issues.

JIRA

JIRA is exclusively used for raising tickets. The setup process is straightforward: simply use your access token from Atlassian as shown below.

That's it, all done in the organization level, these configuration is accessible to anyone within your organization.

Group Settings

Once you’ve provided all the necessary authorizations and permissions, you can refine the setup further at the group level. This is especially useful if you need different configurations for different groups, giving you the flexibility to tailor settings as needed. Navigate to the Groups page, select the group you want to edit, and update the Security Policy section to ensure the appropriate configuration is in place.

security policy

{
  ...
  "jira_project_key": "",
  "raise_tickets": ,
  "ticket_body": "",
  "ticket_integration": "",
  "ticket_title": ""
  ...
}

A list of values and data you can include in the tickets can be used from the table that is following

variable

code

Line of code identified to be vulnerable

confidence

confidence of the vulnerability

cves

CVEs associated to the vulnerability

cvss_score

CVSS Score

cvss_vector

CVSS Vector

cwe

CWE Array

git_sha

Git Commit SHA

git_uri

Git URI

Finding ID

line_start

Start of the Line

line_end

End of the Line

message

Detailed message of the vulnerability

path

File path

recommendation

Recommendation for mitigation

rule_id

Rule ID used to identify the vulnerability

scanner

Scanner name used

severity

Severity / Criticality

status

True Positive / False Positive / Unverified

scan_id

Scan ID

Now save the changes and navigate to any project and for each finding you can raise a ticket to the platform you need: