Scan Integrations
A high-level user guide around integrations for scanning including alerts and ticketing
Summary
ProjectDiscovery Cloud Platform (PDCP) includes integrations for several third-party tools with different user goals in mind. This includes tools that can keep your team up to date with real time alerts from applications like Slack, Microsoft Teams, and more.
PDCP can also help automate the remediation process with direct integration to ticketing systems like Jira and GitHub.
Visit the Scans —> Configurations section of PDCP to explore and configure your integrations.
Alerting Integrations
Alerting integrations support notifications as part of scanning and include Slack, Microsoft Teams, Email, and custom Webhooks.
Slack
PDCP supports scan notifications through Slack. To enable Slack notifications provide a name for your Configuration, a webhook, and an optional username.
Choose from the list of Events (Scan Started, Scan Finished, Scan Failed) to specify what notifications are generated. All Events are selected by default
- Refer to Slack’s documentation on creating webhooks for configuration details.
MS Teams
PDCP supports notifications through Microsoft Teams. To enable notifications, provide a name for your Configuration and a corresponding webhook.
Choose from the list of Events (Scan Started, Scan Finished, Scan Failed) to specify what notifications are generated.
- Refer to Microsoft’s documentation on creating webhooks for configuration details.
PDCP supports notifications via Email. To enable email notifications for completed scans simply add your recipient email addresses.
Check out a sample email below.
Webhook
PDCP supports notifications via custom Webhook. This functionality supports posting events from any user-defined endpoint based on your environment and system requirements.
To enable webhook notifications for completed scans provide a config name, webhook URL, and the required authentication details.
For example, send a custom webhook to an internal alerting system in this format:
https://example.com/hook/alert
Ticketing
The integrations under Ticketing support ticketing functionality as part of scanning and include support for Jira, GitHub, GitLab, and Linear.
Jira
PDCP provides integration support for Jira to create new tickets when vulnerabilities are found.
Provide a name for the configuration, the Jira instance URL , the Account ID, the Email, and the associated API token.
Details on creating an API token are available in the Jira documentation here.
GitHub
PDCP provides integration support for GitHub to create new tickets when vulnerabilities are found.
Provide a name for the configuration, the Organization or username, Project name, Issue Assignee, Token, and Issue Label. The Issue Label determines when a ticket is created. (For example, if critical severity is selected, any issues with a critical severity will create a ticket.)
- The severity as label option adds a template result severity to any GitHub issues created.
- Deduplicate posts any new results as comments on existing issues instead of creating new issues for the same result.
Details on setting up access in GitHub are available here.
GitLab
ProjectDiscovery Cloud Platform provides integration support for GitLab to create new tickets when vulnerabilities are found.
Provide your GitLab username, Project name, Project Access Token and a GitLab Issue label. The Issue Label determines when a ticket is created. (For example, if critical severity is selected, any issues with a critical severity will create a ticket.)
- The severity as label option adds a template result severity to any GitLab issues created.
- Deduplicate posts any new results as comments on existing issues instead of creating new issues for the same result.
Refer to GitLab’s documentation for details on configuring a Project Access token.
Linear
ProjectDiscovery Cloud Platform provides integration support for Linear to create new tickets when vulnerabilities are found.
Provide your Linear API Key, Linear Team ID, and Linear Open State ID to set up the integration. Here are the specific steps to access or generate each parameter from your Linear workspace.
- To generate your Linear API Key, navigate to Linear > Profile Icon > Preferences > API > Personal API keys > Create new API key. Or, navigate to linear.app/[workspace name]/settings/api.
- To retrieve your Linear Team ID, you can use the following cURL command
curl -X POST https://api.linear.app/graphql \
-H "Content-Type: application/json" \
-H "Authorization: YOUR_API_KEY" \
-d '{"query":"query { teams { nodes { id name } } }"}'
- To retrieve your Linear Open State ID, you can use the following cURL command
curl -X POST https://api.linear.app/graphql \
-H "Content-Type: application/json" \
-H "Authorization: YOUR_API_KEY" \
-d '{"query":"query { workflowStates { nodes { id name } } }"}'
Refer to Linear’s documentation for details on their API.
Scan Configs
Use scan configurations to implement custom http headers, template variables, and custom interactsh server for your scans.
Template Configs
Review our built in template configurations or create a new template configuration with template filters to include or exclude based on severity, tags, protocol, and template ID.
Learn more about our Template Editor!
Was this page helpful?