This repository was archived by the owner on Sep 21, 2023. It is now read-only.
Add QSS webhook notification section w/ anchor#61
Open
ErnestG4 wants to merge 4 commits intocoreos:gh-pagesfrom
Open
Add QSS webhook notification section w/ anchor#61ErnestG4 wants to merge 4 commits intocoreos:gh-pagesfrom
ErnestG4 wants to merge 4 commits intocoreos:gh-pagesfrom
Conversation
added 2 commits
September 28, 2016 18:10
Quay.io references `http://docs.quay.io/guides/notifications.html#webhook_vulnerability_found` on the page `https://quay.io/repository/will_garrison/repotest/create-notification`. However, this anchor and section do not yet exist. This PR is to add the relevant section with information on the form and use of Clair webhooks. Please revise as needed.
Forgot the http:// on the link, so it was referring to a non-existent page.
Contributor
|
I think you may have conflated Clair's notification webhook and Quay's notification webhook for the security scanner. |
guides/notifications.md
Outdated
| #### <i class="fa fa-lg fa-times-circle-o event-icon"></i>Vulnerability Found | ||
| <a name="#vulnerability_found"></a> | ||
|
|
||
| Clair has discovered a new vulnerability |
Contributor
There was a problem hiding this comment.
Yeah, this should be "Quay Security Scanner has discovered a new vulnerability or an existing vulnerability was updated to a higher severity"
guides/notifications.md
Outdated
|
|
||
| <a name="#webhook_vulnerability_found"></a> | ||
|
|
||
| Note: Clair webhook notifications report the UUID of the affected build. Use the <a href=http://docs.quay.io/api/swagger>API</a> to analyze notifications for the build. |
guides/notifications.md
Outdated
| ```json | ||
| { | ||
| "Notification": { | ||
| "Name": "6e4ad270-4957-4242-b5ad-dad851379573" |
Contributor
There was a problem hiding this comment.
The JSON for the QSS notification has this format:
{
"tags": ["latest", "prod"],
"image": "the-image-id",
"vulnerability": {
"id": "CVE-1234-ID",
"description": "Heartbleed 2: Coronary Boogaloo",
"link": "http://link/to/vuln/info",
"priority": "Critical",
"has_fix": true
}
}I was conflating Clair webhooks with Quay vulnerabilty webhoks. As per advice on this PR I have updated the subheading to reflect "Quay Security Scanner" and corrected the expected output.
Author
|
I made the updates discussed, and dropped the "Note:" line / API link. |
guides/notifications.md
Outdated
| <a name="#vulnerability_found"></a> | ||
|
|
||
| Clair has discovered a new vulnerability | ||
| Quay Security Scanner has discovered a new vulnerability or an existing vulnerability was updated to a higher severity |
Contributor
There was a problem hiding this comment.
Period at the end of the sentence
Notification descriptions beneath each heading were full sentences with no periods. Added periods to each of them, and a few sentences lacking periods in the "Notification Actions" section.
ErnestG4
changed the title
ErnestG4
changed the title
ErnestG4
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Quay.io references
http://docs.quay.io/guides/notifications.html#webhook_vulnerability_foundon the pagehttps://quay.io/repository/will_garrison/repotest/create-notification. However, this anchor and section do not yet exist. This PR is to add the relevant section with information on the form and use of Clair webhooks. Please revise as needed.