Data from integration saved in HackEDU

We make a request to /api/v4/projects and get the list of projects you have registered in your GitLab account. From this response we only save the id from the projects you select in the integration process. All other fields are redacted:

{ 
"id": 20475068,
"description": "[REDACTED]",
"name": "[REDACTED]",
"name_with_namespace": "[REDACTED]",
"path": "[REDACTED]",
"path_with_namespace": "[REDACTED]",
"created_at": "[REDACTED]",
"default_branch": "[REDACTED]",
"tag_list": "[REDACTED]",
"ssh_url_to_repo": "[REDACTED]",
"http_url_to_repo": "[REDACTED]",
"web_url": "[REDACTED]",
"readme_url": "[REDACTED]",
"avatar_url": "[REDACTED]",
"forks_count": "[REDACTED]",
"star_count": "[REDACTED]",
"last_activity_at": "[REDACTED]",
"namespace": "[REDACTED]",
}


Each time the sync process is run we make an api call to /api/v4/projects/:projectId/vulnerability_findings and we save all the information regarding the vulnerabilities found except for the following fields which may require sensitive information we do not need:

  • location

  • solution

  • links

  • blob_path

  • create_vulnerability_feedback_issue_path

  • create_vulnerability_feedback_merge_request_pathrr

  • create_vulnerability_feedback_dismissal_path

{ 
"id": null,
"report_type": "dependency_scanning",
"name": "Authentication bypass via incorrect DOM traversal and. canonicalization in saml2-js",
"severity": "unknown",
"confidence": "undefined",
"scanner": {
"external_id": "gemnasium",
"name": "Gemnasium"
},
"identifiers": [
{
"external_type": "gemnasium",
"external_id": "9952e574-7b5b-46fa-a270-aeb694198a98",
"name": "Gemnasium-9952e574-7b5b-46fa-a270-aeb694198a98",
"url": "https://deps.sec.gitlab.com/packages/npm/saml2-js/versions/1.5.0/advisories" },
{
"external_type": "cve",
"external_id": "CVE-2017-11429",
"name": "CVE-2017-11429",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11429"
}
],
"project_fingerprint": "fa6f5b6c5d240b834ac5e901dc69f9484cef89ec",
"create_vulnerability_feedback_issue_path": "[REDACTED]",
"create_vulnerability_feedback_merge_request_path": "[REDACTED]",
"create_vulnerability_feedback_dismissal_path": "[REDACTED]",
"project": {
"id": 31,
"name": "yarn-remediation-test",
"full_path": "/tests/yarn-remediation-test",
"full_name": "tests / yarn-remediation-test" },
"dismissal_feedback": null,
"issue_feedback": null,
"merge_request_feedback": null,
"description": "[REDACTED]",
"links": "[REDACTED]",
"location": "[REDACTED]",
"solution": "[REDACTED]",
"blob_path": "[REDACTED]"
}
Did this answer your question?