Plug-in Documentation

ASoC

Overview

The Application Security on Cloud plug-in allows for integration with the IBM Application Security on Cloud server. This plug-in uses the Application Security on Cloud REST interface to interact with the IBM Application Security on Cloud application. Data is gathered from the IBM Application Security on Cloud server and displayed as a graphical view in the UrbanCode Velocity portfolio.

Compatibility

Must be running UrbanCode Velocity version 1.2.1 and later to use this plug-in.

Versions

There is no install process for this plug-in. The Application Security On Cloud plug-in is identified to UrbanCode Velocity as a value stream integration. UrbanCode Velocity plug-in images are located in DockerHub and the UrbanCode Velolcity code accesses the version that you select. To view available versions, see the UrbanCode DockerHub.

History

Version 1.0.9

  • Update plugin version from 0.x.x to 1.x.x format.

Version 0.0.4

  • Initial release

Usage

To use the Application Security On Cloud plug-in you must complete the following:

  1. Define the integration
  2. Send an HTTP Post to request the new endpoint.

Define integration

The value stream map contains the properties, you will use to define the plug-in integration. Basically, the plug-in integration is defined with a value stream within the UrbanCode Velocity user interface. Defining the integration includes defining configuration properties that connect the UrbanCode Velocity server to the Application Security On Cloud server.

To define the integration, the basic flow includes:

  1. Download the value stream map. The value stream map is a JSON file used to define integrations.
  2. Edit the JSON file to include the plug-in configuration properties.
  3. Save and upload the JSON file. This replaces the current JSON file with the new content.
  4. View the new integration on the Integration user interface page.

Send HTTP Post

To gather data, send an HTTP POST request to your endpoint:


https:///pluginEndpoint//asocScan

The payload for this POST must have the scanId from the scan ran in ASoC: {"scanId":""}.

Integration type

The Application Security On Cloud plug-in supports endpoint integration which are listed in the following table.

Endpoints
Name Path Method
ASoC Scan asocScan Post

Integration

From the user interface Value Steam page, click Upload to upload the value stream map which is a JSON file.

The JSON file contains the information for creating a value stream and integrating with the Application Security on Cloud server. The following table describes the information for the creating a UrbanCode Velocity value stream map.

Value stream map information
Name Description Required
image The version of the plug-in that you want to use. To view available versions, see the UrbanCode DockerHub. If a value is not specified, the latest version is used. No
name An assigned name to the value stream. Yes
properties List of configuration properties used to connect and communicate with the Application Security on Cloud server. Enclose the properties within braces. Yes
tenant_id The name of the tenant. Yes
type Unique identifier assigned to the plug-in. The value for the Application Security On Cloud plug-in is asocPlugin Yes

Configuration Properties

The configuration properties which are included in the properties field are unique to the Application Security On Cloud plug-in and define the connection and communication to the Application Security On Cloud server.

Configuration properties
Name Type Description Required
KeyID String The Application Security on Cloud key use to authenticate with the Application Security on Cloud application. Yes
keySecret Key String The Application Security on Cloud secret key use to authenticate with the Application Security on Cloud application. Yes
UrbanCode Velocity User Access Key String User access key to authenticate with the UrbanCode Velocity server. Yes

Example

The following example can be used as as template to include the Application Security On Cloud plug-in integration into the JSON file. Copy and paste the template into the JSON file and make the appropriate changes.


"integrations": [
  {
    "type": "asocPlugin",
    "tenant_id": "",
    "name": "",
    "properties":{
      "ucvAccessKey": "",
      "keyId" : "",
      "keySecret":""
    }
 }
]