WhiteSource Slack Integration

Service that mediates between WS and Slack and provide WhiteSource reports into a Slack.

Supported reports:

• Organization, Product and Project level Libraries Vulnerabilities Report - Getting Vlnerabilities per library to Slack Channel

Supported methods to produce reports:

Note: Reports will be written into a dedicated channel in form of: ws__[SCOPE_NAME_IN_LOWERCASE]

Accepting endpoint requests (e.g. from pipelines):

• URL: https://<URL>/fetch/<REPORT_NAME>

• The request body should contain:

     {
      "ws_user_key" : "<userKey>",
      "ws_org_token": "<orgToken>",
      "ws_url": "saas",
      "key": "<value>"...
     }
  

Accepting Slack slash commands (/ws4s):

• Supported commands:

  /ws4s token <SCOPE NAME> - Get token ids
  /ws4s <REPORT NAME> <TOKEN>
  

Prerequisites

1. Python WS-SDK (installed in the Docker container)
2. Create Custom app in Slack API with the following permissions:
   • Slash commands:
     • Command: /ws4s
     • Request URL: https:///slack/commands
     • Short Description: Router for ws4S
     • Usage Hint: Report Scope_Name
     • Escape channels, users, and links sent to your app: Checked
   • Bots:
     • App Display Name:
       • Display Name: WS4S
       • Default username: ws4s

Installation

1. Install the container from DockerHub: docker pull ws-slack [TBD]

OR 2. Download and build ws-slack from source.

Docker run instructions:

docker run -p 8000:8000 -e SLACK_BOT_TOKEN=xoxb-<TOKEN> -eSLACK_SIGNING_SECRET=<SECRET> ws-slack --name <CONTAINER_NAME>