Skip to main content

Microsoft Teams

Microsoft Teams Service integration enables Checkmarx One users to notify other team members about completed scans by sending a scan summary report to the corresponding Teams channel.

The report includes a results summary which presents the number of detected vulnerabilities in the scanned code.

Notice

Reports are only sent for scans in which the specified trigger conditions are met.

In addition, users can receive alerts when a newly discovered SCA vulnerability is detected in a package that is used in their projects.

Limitations

Limitation

Notes

Container vulnerabilities are not currently supported for Feedback Apps. This may cause a discrepancy between the summary counters shown in Checkmarx One and the ones sent via Feedback App.

Update planned as part of development of the new Container Security scanner

Creating a New Feedback App

To create a new Teams Feedback App, click on Integrations Integrations.png > Teams

Teams_Create_App.png

Settings & Trigger Conditions panel is opened in the right screen side.

Alternatively you can create a new Teams Feedback App by performing the following steps:

  1. Click on Integrations Integrations.png > Inventory > Create App.

    JIra_Create_App2.png

  2. In the right side panel, select Teams and click Next.

Settings & Trigger Conditions

Teams Settings & Trigger Conditions panel contains basic details for the new Feedback App in addition to its trigger conditions

Configure the following:

  1. Event:

    Select the trigger for the alert:

    • Scan Events - Receive notifications when a scan completes with vulnerabilities, as specified in the conditions.

    • SCA New Vulnerability - Receive notifications when a newly discovered SCA vulnerability is detected in a package used in your project. These alerts occur independent of whether or not a new scan was run.

    Teams_Settings_and_Trigger_Conditions_1.png

  2. General Settings:

    • Feedback App Name

    • Description

    • Associate Tags - Assign tags to a Feedback App. Tags are very useful for filtering purposes.

    Teams_Settings_and_Trigger_Conditions_2.png

  3. Trigger Conditions:

    • Severity - The severity level of a vulnerability that triggers the Feedback App.

    • Status - To decrease the number of issues created in Teams, specify also the status of a vulnerability that triggers the Feedback App.

      Notice

      Status conditions are not relevant for SCA New Vulnerability alerts.

  4. Click Next.

    Teams_Settings_and_Trigger_Conditions_3.png

Credentials

Warning

Team feedback that relies on incoming webhooks is going to be deprecated. Please update your integrations accordingly.

The Teams Credentials panel contains the incoming incoming webhook URL for Teams.

If an incoming webhook hasn’t been created for the Teams integration, create one as described in Creating Incoming Webhooks - Teams.

Configure the following:

  1. URL - Teams incoming webhook URL.

  2. Click Test Connection

    Teams_Test_Connection.png

  3. Click Save

    Teams_Click_Save.png

Viewing Notifications

The following is an example of a notification received from this Feedback App.

image__11_.png
In this section: