Event based scanning

In order to trigger a scan when a specific event happens you will need to use Webhooks and you can start this by navigating to Inventory and selecting an active service connection.

By opening the scan dropdown you will see the workflows attached to the specific repository and the other options as well.

Choosing the Get Webhook option will open a modal where you can see the instructions for configuring the webhook:

Due to security policies, the Copy URL button doesn't copy the Webhook URL to your clipboard if accessing the interface over an insecure HTTP connection. In this scenario, you need to manually copy the url by double clicking the url itself and copy it to where you need it.

At the moment, webhooks are available only for Bitbucket, GitHub, GitLab and JFrog Binary services on the following event types:

  • Bitbucket Cloud
    • Repository
      • Push
    • Pull request
      • Opened
      • Merged
  • Bitbucket Data Center
    • Pull request
      • Opened
      • Merged
    • Repository
      • Push
  • GitHub
    • Repository
      • Push
    • Pull request
      • Opened
      • Merged
  • GitLab
    • push
    • merge_request
  • JFrog Binary
    • Artifact was cached
    • Artifact was copied
    • Artifact was created
    • Artifact was moved

What that means?

  • Every time a merge-request is made on the chosen repository (the desired one is the one from which you got the Webhook URL) then a scan will be triggered on the source branch not on the target branch.
  • Every time a push is made on the chosen repository a scan on this repository will be started and scan will be done on the default branch of the repository:
  • JFrog Binary:
    • It goes the same for the JFrog Binary events, every time a specific event happens (an artifact was cached/copied/created or moved, depending on your configuration, into the selected repository) a scan on the chosen repository will be started.

Examples

First, you need to generate an API key (this will be the connecting bridge between the external services and MetaDefender Software Supply Chain).

Following the above description of how to obtain the Webhook URL, add your appropriate connection, add this connection in to an MDSSC workflow, and obtain the correct Webhook URL for the desired repository of each connection.

Next, follow the steps described below for each service provider.

Below examples are subject of change in case the service providers change their User Interface.
Bitbucket Cloud
Bitbucket Data Center
GitHub
GitLab
JFrog Binary
  1. Login to the Bitbucket Cloud account and navigate to the repository that needs event based scanning.
  2. Open the Menu on the left and select "Repository settings", ex:
  1. In the new submenu that appears on the left, click on the "Webhooks" under "Workflows", and the following screen will be displayed:
  1. Click the button "Add webhook", the user is now presented with the webhook configurations page from below:
  • In the "Title" field, type in an arbitrary name of the webhook;
  • Insert the previously obtained MDSSC Webhook URL(generated for this repository) to the "URL" field;
  • Insert your MDSSC ApiKey to the "Secret" field;

Do not push the "Generate secret" button ! Use the ApiKey, of the user that generated the Webhook URL.
  • Configure the triggers that are required by the use case
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Scheduling Automatic Scan
On This Page
Event based scanningExamples