Trying to build out a workflow that triggers via a webhook when AppSec completes a scan that generates the report for the scan and sends it out to the appropriate person(s). The issue I am running into is when the HTTP plugin generates the output it comes out as a string. I cannot figure out how to get the string converted over to a usable format to include in an email. I tried base64 encoding it to send it as an attachment but that doesn’t work. Any suggestions / has anyone done something like this before?
Hi Michael (and all future strugglers of the AppSec tool)
Converting a report can be easier achieved using a custom Python script, the Python ICON plugin, and the IAS API. After doing something like this in a Python step:
import requests
import base64
# Make GET a custom method like this if you want to troubleshoot stuff
def get(data, endpoint, headers={your report API endpoint header requirements}):
return(requests.get(url=f'{your API baseurl}{endpoint}',json=data,headers=headers))
# Store report byte data into a variable
report = get(None,f"reports/{report id that you want}", report header)
# Encode/Decode magic to return the data in an acceptable format
return({ 'report_data': base64.b64encode(report.content).decode('utf-8') })
From here, you can use the SMTP plugin to send inputted report data as an attachment.
Hopefully this helps somewhat? What I gave above is apart of a much larger process but I can’t provide you with much more code or process design because it all depends on how you want to automate your process.