Monitoring
Learn how to monitor vulnerabilities in repositories that are not updated regularly.
Last updated
Was this helpful?
Learn how to monitor vulnerabilities in repositories that are not updated regularly.
Last updated
Was this helpful?
OpenText Core SCA automation policies normally trigger based on pipeline events, such as committing a code to a repository. When the source code is committed, a OpenText Core SCA scan starts and automations run. However, in some cases, you might want to use automations to check the status of a repository even if you have not made any changes to it. For example, new vulnerabilities might be discovered for dependencies in repositories that are not updated regularly. Monitoring allows you to get timely warnings about issues in such repositories by automatically and periodically checking the rules regardless of pipeline events. It is possible to configure monitored automations to either result in webhooks or emails when triggered.
To enable monitoring for a new rule, follow these steps:
From a repository page, go to the Automations tab. On the Automations page, you can view the list of automation rules created.
On the Automations page, click New -> Add rule. The Add a new rule page is displayed.
On the Add a new rule page, select the valid vulnerability condition from the drop-down. The vulnerability condition must be either 'CVSS' or 'discovery date' or both.
Select the valid trigger events from the drop-down. The trigger events must be either 'notify by email', 'notify user groups by email' or 'trigger webhook'.
Click Enable monitoring check box to enable the monitoring for the rule.
Click Generate rule and review any warnings (if applicable).
Click Save.
To enable monitoring for an existing rule, follow these steps:
From a repository page, go to the Automations tab. On the Automations page, you can view the list of automation rules created.
Click the … (three dots) on the right-hand side of the rule.
Select Edit rule.
On the Edit rule page, select the valid vulnerability condition from the drop-down. The vulnerability condition must be either 'CVSS' or 'discovery date' or both.
Select the valid trigger events from the drop-down. The trigger events must be either 'notify by email', 'notify user groups by email' or 'trigger webhook'.
Click Enable monitoring check box to enable the monitoring for the rule.
Click Generate rule and review any warnings (if applicable).
Click Save.
