Configure user-created security tool

Release version: Washingtondc

Updated August 1, 2024

2 minutes to read

Connect your custom security tool that is integrated with your CI/CD pipelines to DevOps Change Velocity to retrieve security scan results.

Before you begin

You must create the application vulnerability integration by following the step-by-step instructions in the Configure DevOps with Application Vulnerability Response for better visibility into CI/CD pipeline [KB1441741] enablement guide. This is a required pre-requisite setup to onboard your custom security tool from DevOps Change Velocity.

Role required:

Developer role for the scoped app
DevOps admin role

Note:

When creating an integration as a scoped app, the system admin must assign these roles to the integration developer, so the integration developer is able to create tool integration and integration capability records for the specific scope.

Procedure

Navigate to DevOps > Integrations > Tool Integrations and create a record to define the tool you are integrating.

Select New, and enter the following values in the form fields.


Field	Value
Tool label	Name of the tool integration.
Integration version	Version of the tool integration.

Tool integration record for custom security tool integration

Select Submit.
Open the newly created tool integration and navigate to the Tool Integration Capability Mappings related list.

Select New, and enter the following values in the form fields.


Field	Value
Tool integration	Sample tool
Tool type capability	Security

Tool Integration Capability Mapping record for custom security tool integration

Select Submit.
Navigate to the Integration Capabilities related list, and select New.

Create the Connect and Validate records by entering the following values in the form fields.


Field	Value
Tool integration	Sample Code Tool
Capability mapping	Capability mapping record created in step 6.
Action	Connect Note: Do not edit tool action records.
Active	Selected
Timeout (ms)	Timeout for the corresponding subflow. If execution of the subflow exceeds this value, a timeout exception occurs. Value is in milliseconds (ms). Default is 45,000 (45 seconds).
Subflow name	For Connect: sn_devops_vul_ints.security_tool_connect For Validate: sn_devops_vul_ints.security_tool_validate
Domain	global

Integration capability record for connect action

Integration capability record for validate action

Open the newly created tool integration record and add the SecOps source integration and Integration handler name fields to the form by navigating to Configure > Form layout.
In the tool integration form, enter the following values for these fields.
- SecOps source integration: Select the source integration that is created in the Third Party Integrations (sn_sec_int_integration) table as described in the Configuration page > Steps to create a configuration section in the Configure DevOps with Application Vulnerability Response for better visibility into CI/CD pipeline [KB1441741] enablement guide.
- Integration handler name: sn_devops_vul_ints.DevOpsSecurityToolIntegrationHandler
Ensure that "Tool Integration name" DevOps Integration (example: Veracode DevOps Integration) is created in the Application Vulnerability Integration (sn_vul_app_integration) table and mapped to the source integration that is created in the Third Party Integrations (sn_sec_int_integration) table as described in the Configuration page > Steps to create a configuration section in the Configure DevOps with Application Vulnerability Response for better visibility into CI/CD pipeline [KB1441741] enablement guide.

What to do next

By default, when you onboard your tool from workspace, you have to enter the mandatory fields as defined in the Configuration Page section in the Configure DevOps with Application Vulnerability Response for better visibility into CI/CD pipeline [KB1441741] enablement guide. Not all the mandatory fields are credential fields. In the base system, all the mandatory fields are displayed while updating credentials. If you want to update the credentials for this tool when the credentials have expired, you may not want to enter all the mandatory fields. To configure the mandatory fields that you want to show in the Update credentials page, perform the following steps.

Navigate to Now Experience Framework > Experiences.
Select DevOps Change Workspace.
On the UX Page Properties related list, select securityToolsUIConfig.

Add the following entry to the JSON.

<tool_integration_sys_id> : { 
   "CREDENTIAL_PAGE": { 
      "FIELDS_TO_SHOW": [ 
         "<parameter_1>", 
         "<parameter_2>"     
                    ] 
  } 
}

JSON entry in the securityToolsUIConfig UX page property