community-scripts

community-scripts copied to clipboard

This PR:

• Adds a Dynatrace scan hook integration

The scan hook:

1. Works with Dynatrace SaaS and Managed
2. Create Dynatrace log attributes for zap_pass_count, zap_warn_count and zap_fail_count
3. Create Dynatrace log metrics for log.zap.pass_count, log.zap.warn_count and log.zap.fail_count
4. Create a Dynatrace log event that generates and attaches INFO events to the APPLICATION entity for ZAP scan passed
5. Automatically retrieves the Dynatrace entity ID(s) for any matching entities (based on the entitySelector given by the user).
6. The ZAP failure threshold is configurable. By default it is 0 which means any ZAP failures are considered as a problem (and a ticket is raised).
7. Wraps zap_get_alerts_wrap and pushes log lines via log ingest for each ZAP finding. If ZAP risk is Medium, log line status is WARN. If ZAP risk is High, log line status is ERROR.
8. Wraps pre_exit to push fail_count, warn_count and pass_count as custom metrics (via log ingest).
9. Create a Dynatrace log event that generates and attaches ERROR events to the APPLICATION entity for Vulnerable applications
10. If ZAP detects failures, an ERROR log line will be pushed
11. A dynatrace problem report will be automatically created when a ZAP error event occurs
12. Create a Dynatrace dashboard to show all of this

Signed-off-by: agardnerit [email protected]

This pull request introduces 5 alerts when merging a56e52a5779a2b2ed2f1ab3d714eb8d6f790a7f1 into 9fe8c621d06e27c6f012bc3a2c918278631391d6 - view on LGTM.com

new alerts:

• 3 for Variable defined multiple times
• 1 for Unused local variable
• 1 for Nested loops with same variable

This should be added under the scan-hooks directory.

The LGTM issues should also be addressed.

I believe everything is addressed here. Have I missed anything?

The branch needs to be rebased, the commit can be fixed up.

Rebased to use latest CI.

Thank you!