0

We are currently using the WhiteSource Bolt task in our Azure DevOps pipeline to scan our code for known vulnerabilities. This task will produce a report on the pipeline level, plus there is also a summary report for all vulnerabilities for all pipelines. This summary report can be exported/send via email in different formats, but only from the UI

We would like to get notifications for new vulnerabilities. Let's say that our current code has no vulnerabilities, so we would like to be notified in case the pipeline task finishes and finds some new vulnerabilities. This info can be seen in the UI currently, but there seems to be no option to send notifications (so we are notified automatically vs manually checking the report).

Is anyone aware of any opensource solution for code vulnerability scanning that can integrate with Azure DevOps pipelines and send notifications? WhiteSource Bolt works fine for us, just missing the notifications part (we are aware of the paid version, but that starts at 5k/year and that's too steep as we are a small startup still). Thanks in advance!

Petr Hecko
  • 460
  • 1
  • 8
  • 17

2 Answers2

0

I would suggest that you use this 3rd-extension: Send Email, which is free and can add attachment in the email from build pipeline.

wallezzi
  • 334
  • 1
  • 6
  • Thanks for the suggestion! Unfortunately, the current solution, Whitesource Bolt doesn't generate any output file / artifact / report that we could grab and send via email. The report is a build-in report in the UI only, so nothing for us to send via an email. – Petr Hecko Mar 24 '21 at 05:45
0

I am afraid this is impossible to achieve this with WhiteSource Bolt task, since it doesn't generate any output file or log.

You can check out task OWASP Dependency Check, which will export vulnerability data to HTML, JSON, XML, CSV, JUnit formatted reports. So that you can add script task in your pipeline to read the reports and set a flag variable(eg. sendEmail) in the script task to indicate whether an alert email should be sent out. See below:

- powershell: |
    ##read the report file
    ...
    if(condition){
     echo "##vso[task.setvariable variable=sendEmail]true"
     }

Then you can use conditions for the send email task to send out email when the variable sendEmail is true.

- task: rvo.SendEmailTask.send-email-build-task.SendEmail@1
  displayName: 'Send an email with subject'
  inputs:
    To: ..
    From: ..
    Subject: ..
  condition: eq(variables.sendEmail, 'true')

You can also checkout Security Scan extension.

Levi Lu-MSFT
  • 27,483
  • 2
  • 31
  • 43