Skip to content

Commit 37b4df1

Browse files
derkkiladerkkila
committed
Update props.conf
Added fields for workflows
1 parent f6075e6 commit 37b4df1

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

github_app_for_splunk/default/props.conf

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,7 @@ EVAL-asset_name = if(isnotnull('release.assets{}.name'), 'release.assets{}.name'
5858
EVAL-asset_uploader_login = if(isnotnull('release.assets{}.uploader.login'), 'release.assets{}.uploader.login', null())
5959
EVAL-assigned_reviewers = if(isnotnull('pull_request.requested_reviewers{}.login'), 'pull_request.requested_reviewers{}.login', null())
6060
EVAL-assigned_user = if(isnotnull('issue.assignee.login'), 'issue.assignee.login', 'assignee.login')
61+
EVAL-attempt_number = if(isnotnull('workflow_run.run_attempt'), 'workflow_run.run_attempt',null())
6162
EVAL-branch = if(('ref_type'=="branch" AND 'ref'!=""), 'ref', if(isnotnull('commit_branch'), 'ref', null()))
6263
EVAL-body = "Secrete Leakage: ".'alert.secret_type'
6364
EVAL-category = if(isnotnull(alert_description), "code", if(isnotnull(affected_package_name), "dependency", if(isnotnull(secret_type), "secret", "")))
@@ -74,6 +75,7 @@ EVAL-commits_author_list = if(isnotnull('commits{}.author.username'), 'commits{}
7475
EVAL-commits_list = if(isnotnull('commits{}.id'), 'commits{}.id', null())
7576
EVAL-commits_message_list = if(isnotnull('commits{}.message'), 'commits{}.message', null())
7677
EVAL-commits_timestamp_list = if(isnotnull('commits{}.timestamp'), 'commits{}.timestamp', null())
78+
EVAL-completed = if(action="completed",_time, NULL)
7779
EVAL-current_priority = if('issue.labels{}.name' like "Priority%", mvfilter(match('issue.labels{}.name', "[pP]riority:\sLow|[pP]riority:\sHigh|[pP]riority:\sMedium")), null())
7880
EVAL-current_push = if(isnotnull('after'), 'after', null())
7981
EVAL-description = "Secrete Leakage: ".'alert.secret_type'
@@ -99,9 +101,11 @@ EVAL-latest_commit_author_user = if((isnotnull('commits{}.id') AND isnull('commi
99101
EVAL-latest_commit_date = if((isnotnull('commits{}.id') AND isnull('commit_timestamp')), 'head_commit.timestamp', if((isnotnull('commits{}.id') AND isnotnull('commit_timestamp')), 'commit_timestamp', ""))
100102
EVAL-latest_commit_hash = if((isnotnull('commits{}.id') AND isnull('commit_hash')), 'head_commit.id', if((isnotnull('commits{}.id') AND isnotnull('commit_hash')), 'commit_hash', if(isnotnull(after), after, null())))
101103
EVAL-latest_commit_message = if((isnotnull('commits{}.id') AND isnull('commit_message')), 'head_commit.message', if((isnotnull('commits{}.id') AND isnotnull('commit_message')), 'commit_message', ""))
104+
EVAL-name = if(isnotnull('workflow_job.name'), 'workflow_job.name',if(isnotnull('workflow_run.name'), 'workflow_run.name',null()))
102105
EVAL-object_attrs = "branch:" + pull_request_title + "|business:" + business
103106
EVAL-object_category = if(isnotnull(workflow_run.event), "workflow", if(isnotnull(repo), "repository", ""))
104107
EVAL-organization_name = if(isnotnull('organization.login'), 'organization.login', null())
108+
EVAL-pipeline_id = if(isnotnull('workflow.id'), 'workflow.id', if(isnotnull('workflow_job.id'), 'workflow_job.id', null()))
105109
EVAL-pr_author_login = if(isnotnull('sender.login'), 'sender.login', null())
106110
EVAL-pr_created_date = if(isnotnull('pull_request.created_at'), 'pull_request.created_at', null())
107111
EVAL-pr_id = if((isnotnull('pull_request.number')), 'pull_request.number', if((isnotnull('number')), 'number', null()))
@@ -125,8 +129,15 @@ EVAL-repository_organization = if(isnotnull('organization.login'), 'organization
125129
EVAL-result = "success"
126130
EVAL-review_author_login = if(isnotnull('review.user.login'), 'review.user.login', null())
127131
EVAL-review_state = if(isnotnull('review.state'), 'review.state', null())
132+
EVAL-run_id = if(isnotnull('workflow_job.run_id'), 'workflow_job.run_id', if(isnotnull('workflow_run.id'), 'workflow_run.id', null()))
133+
EVAL-run_number = if(isnotnull('workflow_run.run_number'), 'workflow_run.run_number', null())
134+
EVAL-severity = if(isnotnull(secret_type),"critical",severity)
128135
EVAL-severity_id = CASE(severity=="critical",4, severity_level=="critical",4, severity=="high",3, severity_level=="high",3, severity=="moderate",2,severity_level=="moderate", 2, isnotnull(secret_type),4, true=true, 1)
129136
EVAL-signature = CASE(isnull(alert_description), UPPER(severity) + " Dependency Vulnerability on package " + affected_package_name, 1=1, alert_description)
137+
EVAL-started = if(action="requested",_time, if(isnotnull('workflow_run.run_started_at'),round(strptime('workflow_run.run_started_at', "%Y-%m-%dT%H:%M:%SZ"),0), if(isnotnull('workflow_job.started_at'), round(strptime('workflow_job.started_at', "%Y-%m-%dT%H:%M:%SZ"),0), null())))
138+
EVAL-started_by_id = if(isnotnull('sender.login'), 'sender.login', null())
139+
EVAL-started_by_name = if(isnotnull('sender.login'), 'sender.login', null())
140+
EVAL-status = if(isnotnull('workflow_job.status'), 'workflow_job.status', if(isnotnull('workflow_run.status'), 'workflow_run.status', null()))
130141
EVAL-status_update_date = if(('action'!="" AND isnotnull('issue.updated_at')), 'issue.updated_at', null())
131142
EVAL-status_current = if(action=="deleted", "deleted", 'issue.state')
132143
EVAL-submitter_user = if(isnotnull('issue.user.login'), 'issue.user.login', null())

0 commit comments

Comments
 (0)