This repository has been archived by the owner on Sep 21, 2023. It is now read-only.
Add QSS webhook notification section w/ anchor #61
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
September 28, 2016 18:10
Quay.io references `http://docs.quay.io/guides/notifications.html#webhook_vulnerability_found` on the page `https://quay.io/repository/will_garrison/repotest/create-notification`. However, this anchor and section do not yet exist. This PR is to add the relevant section with information on the form and use of Clair webhooks. Please revise as needed.
Forgot the http:// on the link, so it was referring to a non-existent page.
|
I think you may have conflated Clair's notification webhook and Quay's notification webhook for the security scanner. |
| #### <i class="fa fa-lg fa-times-circle-o event-icon"></i>Vulnerability Found | ||
| <a name="#vulnerability_found"></a> | ||
|
|
||
| Clair has discovered a new vulnerability |
There was a problem hiding this comment.
Yeah, this should be "Quay Security Scanner has discovered a new vulnerability or an existing vulnerability was updated to a higher severity"
|
|
||
| <a name="#webhook_vulnerability_found"></a> | ||
|
|
||
| Note: Clair webhook notifications report the UUID of the affected build. Use the <a href=http://docs.quay.io/api/swagger>API</a> to analyze notifications for the build. |
| ```json | ||
| { | ||
| "Notification": { | ||
| "Name": "6e4ad270-4957-4242-b5ad-dad851379573" |
There was a problem hiding this comment.
The JSON for the QSS notification has this format:
{
"tags": ["latest", "prod"],
"image": "the-image-id",
"vulnerability": {
"id": "CVE-1234-ID",
"description": "Heartbleed 2: Coronary Boogaloo",
"link": "http://link/to/vuln/info",
"priority": "Critical",
"has_fix": true
}
}I was conflating Clair webhooks with Quay vulnerabilty webhoks. As per advice on this PR I have updated the subheading to reflect "Quay Security Scanner" and corrected the expected output.
|
I made the updates discussed, and dropped the "Note:" line / API link. |
| @@ -221,16 +221,20 @@ A Dockerfile build has failed | |||
| #### <i class="fa fa-lg fa-times-circle-o event-icon"></i>Vulnerability Found | |||
| <a name="#vulnerability_found"></a> | |||
|
|
|||
| Clair has discovered a new vulnerability | |||
| Quay Security Scanner has discovered a new vulnerability or an existing vulnerability was updated to a higher severity | |||
There was a problem hiding this comment.
Period at the end of the sentence
Notification descriptions beneath each heading were full sentences with no periods. Added periods to each of them, and a few sentences lacking periods in the "Notification Actions" section.
ErnestG4
changed the title
ErnestG4
changed the title
ErnestG4
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Quay.io references
http://docs.quay.io/guides/notifications.html#webhook_vulnerability_foundon the pagehttps://quay.io/repository/will_garrison/repotest/create-notification. However, this anchor and section do not yet exist. This PR is to add the relevant section with information on the form and use of Clair webhooks. Please revise as needed.