Skip to main content

Microsoft Teams

Microsoft Teams Service integration enables Checkmarx One users to notify other team members about completed scans by sending a scan summary report to the corresponding Teams channel.

Scan Events reports include a results summary which presents the number of detected vulnerabilities in the scanned code.

Notice

Reports are only sent for scans in which the specified trigger conditions are met.

In addition, users can receive an SCA New Vulnerability alert when a new vulnerability is identified in a package that is used in their projects.

Notice

For projects with a "primary" branch, notifications are sent for packages used in the last scan of the primary branch. If there is no primary branch, then notifications are based on the last scan of any branch of the project.

Limitations

Limitation

Notes

Container vulnerabilities are not currently supported for Feedback Apps. This may cause a discrepancy between the summary counters shown in Checkmarx One and the ones sent via Feedback App.

Update planned as part of development of the new Container Security scanner

Creating a New Feedback App

To create a new Teams Feedback App:

  1. In the main navigation, select IntegrationsIntegrations.png > Feedback Apps.

  2. In the Feedback Apps window, hover over the Teams tile and click on the Configuration icon configurationicon.png

    Teams1.png

    Settings and Trigger Conditions panel is opened in the right screen side.

Alternatively you can create a new Teams Feedback App by performing the following steps:

  1. In the Feedback Apps window, select the Apps tab and click on the Create App button.

    Jira2.png

  2. In the right side panel, select Teams and click Next.

Settings & Trigger Conditions

Teams Settings & Trigger Conditions panel contains basic details for the new Feedback App in addition to its trigger conditions

Configure the following:

  1. Event:

    Select the trigger for the alert:

    • Scan Events - Receive notifications when a scan completes with vulnerabilities, as specified in the conditions.

    • SCA New Vulnerability - Receive notifications when a newly discovered SCA vulnerability is detected in a package used in your project. These alerts occur independent of whether or not a new scan was run.

    Teams_Settings_and_Trigger_Conditions_1.png

  2. General Settings:

    • Feedback App Name

    • Description

    • Associate Tags - Assign tags to a Feedback App. Tags are very useful for filtering purposes.

    Teams_Settings_and_Trigger_Conditions_2.png

  3. Filters:

    Notice

    If you edit an existing Feedback App and remove a previously selected trigger condition, tickets that were created based on that trigger will be closed automatically.

    • Severity - The severity level of a vulnerability that triggers the Feedback App.

    • State - To decrease the number of issues created in Jira, specify also the state/s that will trigger Feedback App notifications. Possible states are: Confirmed, Urgent, Proposed Not Exploitable (PNE) or To Verify.

      Notice

      The states mentioned above are pre-configured for all Checkmarx One accounts. In addition, you can create custom states in your account. Once they are created, you can assign those custom states to results. Custom states are currently supported only for SAST results and this feature is only available for accounts that have the New Access Management (Phase 1) activated. For more info see Custom States.

      In conjunction with the severity, this makes the setting more precise.

    • Scan Engines - Select which scan engine results will be reflected through the Feedback App (By default, all the licensed scanners are enabled).

      If the SCA scanner is selected, there is an option to select the Exploitable Path checkbox so that only SCA vulnerabilities for which an Exploitable Path was identified will trigger a notification.

  4. Click Next.

    Teams_Settings_and_Trigger_Conditions_3.png

Credentials

Warning

Team feedback that relies on incoming webhooks is going to be deprecated. Please update your integrations accordingly.

The Teams Credentials panel contains the incoming incoming webhook URL for Teams.

If an incoming webhook hasn’t been created for the Teams integration, create one as described in Creating Incoming Webhooks - Teams.

Configure the following:

  1. URL - Teams incoming webhook URL.

  2. Click Test Connection

    Teams_Test_Connection.png

  3. Click Save

    Teams_Click_Save.png

Viewing Notifications

The following is an example of a notification received from this Feedback App.

image__11_.png
In this section: