Vulnerability Tickets
How to raise vulnerabilities into internal VM platform
Last updated
How to raise vulnerabilities into internal VM platform
Last updated
For each finding identified within AquilaX, you have the option to create an issue in GitHub Issues, GitLab, or JIRA (Atlassian) to manage it directly within your own environment. The setup page provides clear guidance to help you configure everything.
For documentation purposes, we will demonstrate how to set up all three integration modes. However, you are free to use one, two, or all three based on your specific needs.
Firstly let's make sure you give your organization access to to various tools; navigate under your organization and scroll down to the Integrations section, as bellow:
If you’re just getting started, chances are you haven’t set up any of these yet. Don’t worry—let’s walk through the setup step by step for each integration.
Click on the GitHub option, and you will be redirected to the AquilaX GitHub authorization page
Here, you can select the level of access you wish to grant. In addition to read access for scanning, make sure to enable permissions for AquilaX to create issues as well.
Setting up GitLab is straightforward. Simply generate an API token in GitLab and grant AquilaX the necessary permissions. This includes read access to your code and the ability to create GitLab issues.
JIRA is exclusively used for raising tickets. The setup process is straightforward: simply use your access token from Atlassian as shown below.
That's it, all done in the organization level, these configuration is accessible to anyone within your organization.
Once you’ve provided all the necessary authorizations and permissions, you can refine the setup further at the group level. This is especially useful if you need different configurations for different groups, giving you the flexibility to tailor settings as needed. Navigate to the Groups page, select the group you want to edit, and update the Security Policy section to ensure the appropriate configuration is in place.
A list of values and data you can include in the tickets can be used from the table that is following
code
Line of code identified to be vulnerable
confidence
confidence of the vulnerability
cves
CVEs associated to the vulnerability
cvss_score
CVSS Score
cvss_vector
CVSS Vector
cwe
CWE Array
git_sha
Git Commit SHA
git_uri
Git URI
id
Finding ID
line_start
Start of the Line
line_end
End of the Line
message
Detailed message of the vulnerability
path
File path
recommendation
Recommendation for mitigation
rule_id
Rule ID used to identify the vulnerability
scanner
Scanner name used
severity
Severity / Criticality
status
True Positive / False Positive / Unverified
scan_id
Scan ID
Now save the changes and navigate to any project and for each finding you can raise a ticket to the platform you need:
