Skip to main content
Version: 1.2.1

Uploading External Reports

External reports can be uploaded manually. To upload, follow these steps:

  1. Navigate to Projects → Project Name → Security Pipelines

  2. Click the Import Results button in the right-hand menu Results

    tip

    For some tools, it is also possible to upload reports in SBOM format. For more details, see Uploading SBOM Reports.

  3. Upload the JSON file with the results Results

    note

    It is only possible to upload one file at a time, and it must be in JSON format.

  4. Click the Save button

JSON File Requirements

{
 "properties": {
   "issues": {
     "type": "array",
     "items": {
       "type": "object",
       "properties": {
         "category": { "type": "string" },
         "severity": { 
           "type": "string",
           "enum": ["critical", "high", "medium", "low", "undefined"]
         },
         "id": { "type": "string" },
         "cwe": { "type": "string" },
         "cve": { "type": "string" },
         "line": { "type": "integer", "minimum": 1 },
         "code": { "type": "string" },
         "libraryName": { "type": "string" },
         "libraryVersion": { "type": "string" },
         "file": { "type": "string" },
         "links": { 
           "type": "array",
           "items": { "type": "string", "format": "uri" }
         },
         "description": { "type": "string" },
         "recommendation": { "type": "string" },
         "fixedVersion": { "type": "string" },
         "ratings": {
           "type": "array",
           "items": {
             "type": "object",
             "properties": {
               "metric": { "type": "string" },
               "score": { "type": "number", "minimum": 0, "maximum": 10 }
             },
             "required": ["metric", "score"]
           }
         },
         "path": {
           "type": "array",
           "items": { "type": "string" }
         }
       },
       "required": ["category", "severity"]
     }
   }
 },
 "required": ["issues"]
}

Example Request Body

[
 {
   "category": "OS dependency vulnerability",
   "severity": "high",
   "sсan_object": "jfrog.tronsec.ru/tron/event-broker:1.1.2-patch",
   "cwe": "CWE-79",
   "cve": "CVE-2023-1234",
   "tool_type_name": "KCS",
   "lib_name": "example-library",
   "lib_version": "1.2.3",
   "info_links": ["https://example.com/cve-2023-1234"],
   "description": "This is a vulnerability description.",
   "recommendations": "Sanitize user input before executing commands.",
   "fixed_version": "1.2.4",
   "ratings": "CVSS: 9.1 (Critical)",
   "path": "/src/controllers/userController.js",
   "exploit": "Proof-of-concept exploit code here."
 }
]
info

When using external scripts and depending on the selected scanning tool (e.g., a CLI tool), the security check may have the option to receive scan results externally via an HTTP request from the external tool to the TRON.ASOC endpoint.