Secure your Software Supply Chain with Xray and Lightstep Incident Response

2022世界杯时间表 requires proactively identifying compliance issues andsecurity vulnerabilitiesearly in your software development lifecycle. Additionally early detection must be coupled with an organized and agile method of response that brings together developers, operations and SRE teams to accelerate remediation workflows across the organization.

To meet these challenges, we are excited to offer a new integration with JFrog Xray and the Lightstep Incident Response (by ServiceNow.) With this integration organizations can combineJFrog Xray application security code scanningwith Lightstep’s intelligent incident response and management capabilities, to identify compliance and security issues earlier in theirDevOps pipelineand engage the necessary teams for timely response and remediation.

How it Works

With this integration, JFrog Xray violations are sent via a webhook into Lightstep where they surface as incidents and alerts. Once in Lightstep, they can be managed through Lightstep’s incident lifecycle management tools.

Each alert from Xray includes details about the vulnerability or license issue that provide helpful information for evaluation and response. From Lightstep, a response administrator can assign these incidents to dedicated SRE teams, set up automated actions, acknowledge incoming issues and compose notes, or even collaborate with other teams to accelerate the remediation.

How To Get Started

The JFrog Xray integration is available from within the Lightstep console:

1. SelectIntegrationsfrom the Lightstep console’s navigation pane.
2. Click theJFrog Xrayintegrations card
3. Fill out the details in the form to enable the integration.

You’ll then need to创建一个在Lightstep webhook端点for JFrog Xray to send automated real-time messages and information to Lightstep Incident Response. When you clickGenerate Webook, Lightstep will create a webhook URL for the secure endpoint.

You can then use this webhook URL toconfigure the webhook in JFrog Xray.

Once Lightstep and Xray are connected in this way, you cancreate security and license policies in JFrog Xray. You can specify rules for Xray to look for the specific CVEs, severity level, or other criteria that you care most about. In your policies, you can specify an automatic action to trigger the Lightstep webhook through the JFrog Platform event service when Xray discovers that policy has been violated, and send a violation event message to Lightstep.

Everything is now ready for you to manage and remediate your Xray policy violations through Lightstep!

For more help, emailpartner-support@www.si-fil.com.