Aikido
Port's Aikido integration allows you to model Aikido resources in your software catalog and ingest data into them.
Overviewโ
This integration allows you to:
- Track security vulnerabilities from Aikido in Port
- Map repositories and their security findings
- Maintain real-time synchronization between Aikido and Port
Supported Resourcesโ
The resources that can be ingested from Aikido into Port are listed below. It is possible to reference any field that appears in the API responses linked below in the mapping configuration.
Setupโ
Choose one of the following installation methods:
- Hosted by Port
- Real-time (self-hosted)
- Scheduled (CI)
Using this installation option means that the integration will be hosted by Port, with a customizable resync interval to ingest data into Port.
Live event support
This integration supports live events, allowing real-time updates to your software catalog without waiting for the next scheduled sync.
Supported live event triggers
Issues:
- issue.open.created
- issue.snoozed
- issue.ignored.manual
- issue.closed
Alternatively, you can install the integration using the Real-time (self-hosted) method to update Port in real time using webhooks.
Installation
To install, follow these steps:
-
Go to the Data sources page of your portal.
-
Click on the
+ Data sourcebutton in the top-right corner. -
Click on the relevant integration in the list.
-
Under
Select your installation method, chooseHosted by Port. -
Configure the
integration settingsandapplication settingsas you wish (see below for details).
Application settings
Every integration hosted by Port has the following customizable application settings, which are configurable after installation:
-
Resync interval: The frequency at which Port will ingest data from the integration. There are various options available, ranging from every 1 hour to once a day. If a sync is still in progress when the next one is due, the new sync will be skipped (up to 24 hours delay).
This ensures that all kinds are fully synchronized and that cleanup of stale entities always takes place at the end of each sync. -
Send raw data examples: A boolean toggle (enabledby default). If enabled, raw data examples will be sent from the integration to Port. These examples are used when testing your mapping configuration, they allow you to run yourjqexpressions against real data and see the results.
Integration settings
Every integration has its own tool-specific settings, under the Integration settings section.
Each of these settings has an โ icon next to it, which you can hover over to see a description of the setting.
Port secrets
Some integration settings require sensitive pieces of data, such as tokens.
For these settings, Port secrets will be used, ensuring that your sensitive data is encrypted and secure.
When filling in such a setting, its value will be obscured (shown as โขโขโขโขโขโขโขโข).
For each such setting, Port will automatically create a secret in your organization.
To see all secrets in your organization, follow these steps.
Limitations
- The maximum time for a full sync to run is based on the configured resync interval. For very large amounts of data where a resync operation is expected to take longer, please use a longer interval.
Port source IP addresses
When using this installation method, Port will make outbound calls to your 3rd-party applications from static IP addresses.
You may need to add these addresses to your allowlist, in order to allow Port to interact with the integrated service:
- Europe (EU)
- United States (US)
54.73.167.226
63.33.143.237
54.76.185.219
3.234.37.33
54.225.172.136
3.225.234.99
Using this installation option means that the integration will be able to update Port in real time using webhooks.
Prerequisites
To install the integration, you need a Kubernetes cluster that the integration's container chart will be deployed to.
Please make sure that you have kubectl and helm installed on your machine, and that your kubectl CLI is connected to the Kubernetes cluster where you plan to install the integration.
If you are having trouble installing this integration, please refer to these troubleshooting steps.
For details about the available parameters for the installation, see the table below.
- Helm
- ArgoCD
To install the integration using Helm:
-
Go to the Aikido data source page in your portal.
-
Select the
Real-time and always onmethod:
-
A
helmcommand will be displayed, with default values already filled out (e.g. your Port client ID, client secret, etc).
Copy the command, replace the placeholders with your values, then run it in your terminal to install the integration.
BaseUrl & webhook configuration
integration.config.appHost is deprecated: Please use liveEvents.baseUrl for webhook URL settings instead.
In order for the Aikido integration to update the data in Port on real-time changes in Aikido, you need to specify the liveEvents.baseUrl parameter.
The liveEvents.baseUrl parameter should be set to the url of your Aikido integration instance. Your integration instance needs to have the option to setup webhooks via http requests/recieve http requests , so please configure your network accordingly.
To test webhooks or live event delivery to your local environment, expose your local pod or service to the internet using ngrok:
ngrok http http://localhost:8000
This will provide a public URL you can use for webhook configuration and external callbacks during development.
If liveEvents.baseUrl is not provided, the integration will continue to function correctly. In such a configuration, to retrieve the latest information from the target system, the scheduledResyncInterval parameter has to be set, or a manual resync will need to be triggered through Port's UI.
Scalable Mode for Large Integrations
If you are deploying the integration at scale and want to decouple the resync process from the live events process (recommended for large or high-throughput environments), you can enable scalable mode by adding the following flags to your Helm install command:
--set workload.kind="CronJob" \
--set workload.cron.resyncTimeoutMinutes=60 \
--set scheduledResyncInterval="'*/60 * * * *'" \
--set liveEvents.worker.enabled=true
The port_region, port.baseUrl, portBaseUrl, port_base_url and OCEAN__PORT__BASE_URL parameters are used to select which instance or Port API will be used.
Port exposes two API instances, one for the EU region of Port, and one for the US region of Port.
- If you use the EU region of Port (https://app.port.io), your API URL is
https://api.port.io. - If you use the US region of Port (https://app.us.port.io), your API URL is
https://api.us.port.io.
To install the integration using ArgoCD:
- Create a
values.yamlfile inargocd/my-ocean-aikido-integrationin your git repository with the content:
Remember to replace the placeholder for AIKIDO_CLIENT_ID,AIKIDO_CLIENT_SECRET, AIKIDO_API_URL, WEBHOOK_SECRET.
initializePortResources: true
scheduledResyncInterval: 120
integration:
identifier: my-ocean-aikido-integration
type: aikido
eventListener:
type: POLLING
config:
aikidoApiUrl: AIKIDO_API_URL
secrets:
aikidoClientId: AIKIDO_CLIENT_ID
aikidoClientSecret: AIKIDO_CLIENT_SECRET
webhookSecret: WEBHOOK_SECRET
- Install the
my-ocean-aikido-integrationArgoCD Application by creating the followingmy-ocean-aikido-integration.yamlmanifest:
Remember to replace the placeholders for YOUR_PORT_CLIENT_ID YOUR_PORT_CLIENT_SECRET and YOUR_GIT_REPO_URL.
Multiple sources ArgoCD documentation can be found here.
ArgoCD Application
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-ocean-aikido-integration
namespace: argocd
spec:
destination:
namespace: my-ocean-aikido-integration
server: https://kubernetes.default.svc
project: default
sources:
- repoURL: 'https://port-labs.github.io/helm-charts/'
chart: port-ocean
targetRevision: 0.8.5
helm:
valueFiles:
- $values/argocd/my-ocean-aikido-integration/values.yaml
parameters:
- name: port.clientId
value: YOUR_PORT_CLIENT_ID
- name: port.clientSecret
value: YOUR_PORT_CLIENT_SECRET
- name: port.baseUrl
value: https://api.getport.io
- repoURL: YOUR_GIT_REPO_URL
targetRevision: main
ref: values
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
The port_region, port.baseUrl, portBaseUrl, port_base_url and OCEAN__PORT__BASE_URL parameters are used to select which instance or Port API will be used.
Port exposes two API instances, one for the EU region of Port, and one for the US region of Port.
- If you use the EU region of Port (https://app.port.io), your API URL is
https://api.port.io. - If you use the US region of Port (https://app.us.port.io), your API URL is
https://api.us.port.io.
- Apply your application manifest with
kubectl:
kubectl apply -f my-ocean-aikido-integration.yaml
This table summarizes the available parameters for the installation.
| Parameter | Description | Required |
|---|---|---|
port.clientId | Your Port client id | โ |
port.clientSecret | Your Port client secret | โ |
port.baseUrl | Your Port API URL - https://api.getport.io for EU, https://api.us.getport.io for US | โ |
integration.identifier | Change the identifier to describe your integration | โ |
integration.type | The integration type | โ |
integration.eventListener.type | The event listener type | โ |
integration.secrets.aikidoClientId | The Aikido Client ID | โ |
integration.secrets.aikidoClientSecret | The Aikido Client Secret | โ |
integration.config.apiUrl | The Aikido API URL. If not specified, the default will be https://app.aikido.dev | โ |
baseUrl | The host of the Port Ocean app. Used to set up the integration endpoint as the target for Webhooks created in Aikido | โ |
integration.secret.webhookSecret | This is a password you create, that Aikido uses to sign webhook events to Port | โ |
scheduledResyncInterval | The number of minutes between each resync | โ |
initializePortResources | Default true, When set to true the integration will create default blueprints and the port App config Mapping | โ |
For advanced configuration such as proxies or self-signed certificates, click here.
This workflow/pipeline will run the Aikido integration once and then exit, this is useful for scheduled ingestion of data.
If you want the integration to update Port in real time using webhooks you should use the Real-time (self-hosted) installation option
- GitHub
- Jenkins
- Azure Devops
- GitLab
Make sure to configure the following Github Secrets:
| Parameter | Description | Required |
|---|---|---|
OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID | The Aikido Client ID | โ |
OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET | The Aikido API Client Secret | โ |
OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET | Aikido webhook secret used to verify the webhook request | โ |
OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL | The Aikido API URL. If not specified, the default will be https://app.aikido.dev | โ |
OCEAN__INITIALIZE_PORT_RESOURCES | Default true, When set to false the integration will not create default blueprints and the port App config Mapping | โ |
OCEAN__SEND_RAW_DATA_EXAMPLES | Enable sending raw data examples from the third party API to port for testing and managing the integration mapping. Default is true | โ |
OCEAN__INTEGRATION__IDENTIFIER | Change the identifier to describe your integration, if not set will use the default one | โ |
OCEAN__PORT__CLIENT_ID | Your port client id (How to get the credentials) | โ |
OCEAN__PORT__CLIENT_SECRET | Your port client (How to get the credentials) secret | โ |
OCEAN__PORT__BASE_URL | Your Port API URL - https://api.getport.io for EU, https://api.us.getport.io for US | โ |
OCEAN__BASE_URL | The host of the Port Ocean app. Used to set up the integration endpoint as the target for webhooks created in Aikido | โ |
Here is an example for aikido-integration.yml workflow file:
name: Aikido Exporter Workflow
on:
workflow_dispatch:
schedule:
- cron: '0 */1 * * *' # Determines the scheduled interval for this workflow. This example runs every hour.
jobs:
run-integration:
runs-on: ubuntu-latest
timeout-minutes: 30 # Set a time limit for the job
steps:
- uses: port-labs/ocean-sail@v1
with:
type: 'aikido'
port_client_id: ${{ secrets.OCEAN__PORT__CLIENT_ID }}
port_client_secret: ${{ secrets.OCEAN__PORT__CLIENT_SECRET }}
port_base_url: https://api.getport.io
config: |
aikido_client_id: ${{ secrets.OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID }}
aikido_client_secret: ${{ secrets.OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET }}
aikido_api_url: ${{ secrets.OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL }}
webhook_secret: ${{ secrets.OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET }}
Your Jenkins agent should be able to run docker commands.
Make sure to configure the following Jenkins Credentials
of Secret Text type:
| Parameter | Description | Required |
|---|---|---|
OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID | The Aikido Client ID | โ |
OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET | The Aikido API Client Secret | โ |
OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET | Aikido webhook secret used to verify the webhook request | โ |
OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL | The Aikido API URL. If not specified, the default will be https://app.aikido.dev | โ |
OCEAN__INITIALIZE_PORT_RESOURCES | Default true, When set to false the integration will not create default blueprints and the port App config Mapping | โ |
OCEAN__SEND_RAW_DATA_EXAMPLES | Enable sending raw data examples from the third party API to port for testing and managing the integration mapping. Default is true | โ |
OCEAN__INTEGRATION__IDENTIFIER | Change the identifier to describe your integration, if not set will use the default one | โ |
OCEAN__PORT__CLIENT_ID | Your port client id (How to get the credentials) | โ |
OCEAN__PORT__CLIENT_SECRET | Your port client (How to get the credentials) secret | โ |
OCEAN__PORT__BASE_URL | Your Port API URL - https://api.getport.io for EU, https://api.us.getport.io for US | โ |
OCEAN__BASE_URL | The host of the Port Ocean app. Used to set up the integration endpoint as the target for webhooks created in Aikido | โ |
Here is an example for Jenkinsfile groovy pipeline file:
pipeline {
agent any
stages {
stage('Run Aikido Integration') {
steps {
script {
withCredentials([
string(credentialsId: 'OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID', variable: 'OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID'),
string(credentialsId: 'OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET', variable: 'OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET'),
string(credentialsId: 'OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL', variable: 'OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL'),
string(credentialsId: 'OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET', variable: 'OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET'),
string(credentialsId: 'OCEAN__PORT__CLIENT_ID', variable: 'OCEAN__PORT__CLIENT_ID'),
string(credentialsId: 'OCEAN__PORT__CLIENT_SECRET', variable: 'OCEAN__PORT__CLIENT_SECRET'),
]) {
sh('''
#Set Docker image and run the container
integration_type="aikido"
version="latest"
image_name="ghcr.io/port-labs/port-ocean-${integration_type}:${version}"
docker run -i --rm --platform=linux/amd64 \
-e OCEAN__EVENT_LISTENER='{"type":"ONCE"}' \
-e OCEAN__INITIALIZE_PORT_RESOURCES=true \
-e OCEAN__SEND_RAW_DATA_EXAMPLES=true \
-e OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID=$OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID \
-e OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET=$OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET \
-e OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL=$OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL \
-e OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET=$OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET \
-e OCEAN__PORT__CLIENT_ID=$OCEAN__PORT__CLIENT_ID \
-e OCEAN__PORT__CLIENT_SECRET=$OCEAN__PORT__CLIENT_SECRET \
-e OCEAN__PORT__BASE_URL='https://api.getport.io' \
$image_name
exit $?
''')
}
}
}
}
}
}
Your Azure Devops agent should be able to run docker commands.
Make sure to configure the following variables using Azure Devops variable groups. Add them into in a variable group named port-ocean-credentials:
| Parameter | Description | Required |
|---|---|---|
OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID | The Aikido Client ID | โ |
OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET | The Aikido API Client Secret | โ |
OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET | Aikido webhook secret used to verify the webhook request | โ |
OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL | The Aikido API URL. If not specified, the default will be https://app.aikido.dev | โ |
OCEAN__INITIALIZE_PORT_RESOURCES | Default true, When set to false the integration will not create default blueprints and the port App config Mapping | โ |
OCEAN__SEND_RAW_DATA_EXAMPLES | Enable sending raw data examples from the third party API to port for testing and managing the integration mapping. Default is true | โ |
OCEAN__INTEGRATION__IDENTIFIER | Change the identifier to describe your integration, if not set will use the default one | โ |
OCEAN__PORT__CLIENT_ID | Your port client id (How to get the credentials) | โ |
OCEAN__PORT__CLIENT_SECRET | Your port client (How to get the credentials) secret | โ |
OCEAN__PORT__BASE_URL | Your Port API URL - https://api.getport.io for EU, https://api.us.getport.io for US | โ |
OCEAN__BASE_URL | The host of the Port Ocean app. Used to set up the integration endpoint as the target for webhooks created in Aikido | โ |
Here is an example for aikido-integration.yml pipeline file:
trigger:
- main
pool:
vmImage: "ubuntu-latest"
variables:
- group: port-ocean-credentials # OCEAN__PORT__CLIENT_ID, OCEAN__PORT__CLIENT_SECRET, OCEAN__INTEGRATION__CONFIG__TOKEN
steps:
- script: |
echo Add other tasks to build, test, and deploy your project.
# Set Docker image and run the container
integration_type="aikido"
version="latest"
image_name="ghcr.io/port-labs/port-ocean-$integration_type:$version"
docker run -i --rm \
-e OCEAN__EVENT_LISTENER='{"type":"ONCE"}' \
-e OCEAN__INITIALIZE_PORT_RESOURCES=true \
-e OCEAN__SEND_RAW_DATA_EXAMPLES=true \
-e OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID=$OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID \
-e OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET=$OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET \
-e OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL=$OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL \
-e OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET=$OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET \
-e OCEAN__PORT__CLIENT_ID=$(OCEAN__PORT__CLIENT_ID) \
-e OCEAN__PORT__CLIENT_SECRET=$(OCEAN__PORT__CLIENT_SECRET) \
-e OCEAN__PORT__BASE_URL='https://api.getport.io' \
$image_name
exit $?
displayName: 'Ingest Aikido Data into Port'
Make sure to configure the following GitLab variables:
| Parameter | Description | Required |
|---|---|---|
OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID | The Aikido Client ID | โ |
OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET | The Aikido API Client Secret | โ |
OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET | Aikido webhook secret used to verify the webhook request | โ |
OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL | The Aikido API URL. If not specified, the default will be https://app.aikido.dev | โ |
OCEAN__INITIALIZE_PORT_RESOURCES | Default true, When set to false the integration will not create default blueprints and the port App config Mapping | โ |
OCEAN__SEND_RAW_DATA_EXAMPLES | Enable sending raw data examples from the third party API to port for testing and managing the integration mapping. Default is true | โ |
OCEAN__INTEGRATION__IDENTIFIER | Change the identifier to describe your integration, if not set will use the default one | โ |
OCEAN__PORT__CLIENT_ID | Your port client id (How to get the credentials) | โ |
OCEAN__PORT__CLIENT_SECRET | Your port client (How to get the credentials) secret | โ |
OCEAN__PORT__BASE_URL | Your Port API URL - https://api.getport.io for EU, https://api.us.getport.io for US | โ |
OCEAN__BASE_URL | The host of the Port Ocean app. Used to set up the integration endpoint as the target for webhooks created in Aikido | โ |
Here is an example for .gitlab-ci.yml pipeline file:
default:
image: docker:24.0.5
services:
- docker:24.0.5-dind
before_script:
- docker info
variables:
INTEGRATION_TYPE: aikido
VERSION: latest
stages:
- ingest
ingest_data:
stage: ingest
variables:
IMAGE_NAME: ghcr.io/port-labs/port-ocean-$INTEGRATION_TYPE:$VERSION
script:
- |
docker run -i --rm --platform=linux/amd64 \
-e OCEAN__EVENT_LISTENER='{"type":"ONCE"}' \
-e OCEAN__INITIALIZE_PORT_RESOURCES=true \
-e OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID=$OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_ID \
-e OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET=$OCEAN__INTEGRATION__CONFIG__AIKIDO_CLIENT_SECRET \
-e OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL=$OCEAN__INTEGRATION__CONFIG__AIKIDO_API_URL \
-e OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET=$OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET \
-e OCEAN__PORT__CLIENT_ID=$OCEAN__PORT__CLIENT_ID \
-e OCEAN__PORT__CLIENT_SECRET=$OCEAN__PORT__CLIENT_SECRET \
-e OCEAN__PORT__BASE_URL='https://api.getport.io' \
$IMAGE_NAME
rules: # Run only when changes are made to the main branch
- if: '$CI_COMMIT_BRANCH == "main"'
The port_region, port.baseUrl, portBaseUrl, port_base_url and OCEAN__PORT__BASE_URL parameters are used to select which instance or Port API will be used.
Port exposes two API instances, one for the EU region of Port, and one for the US region of Port.
- If you use the EU region of Port (https://app.port.io), your API URL is
https://api.port.io. - If you use the US region of Port (https://app.us.port.io), your API URL is
https://api.us.port.io.
For advanced configuration such as proxies or self-signed certificates, click here.
Configurationโ
Port integrations use a YAML mapping block to ingest data from the third-party api into Port.
The mapping makes use of the JQ JSON processor to select, modify, concatenate, transform and perform other operations on existing fields and values from the integration API.
Webhook Configurationโ
To enable real-time data synchronization from Aikido to Port, you must configure webhooks in Aikido following this guide. This setup allows Port to receive immediate notifications whenever relevant changes occur in Aikido. When setting up the webhook, the URL should follow the format:
<base_url>/integration/webhook
For security and event authenticity, we strongly recommend setting an HMAC secret in the Aikido dashboard. Once configured, make sure to set the corresponding value in your Port environment using the variable OCEAN__INTEGRATION__CONFIG__WEBHOOK_SECRET . This ensures Port can securely verify incoming webhook events from Aikido.
Default mapping configurationโ
This is the default mapping configuration for this integration:
Default mapping configuration (Click to expand)
deleteDependentEntities: true
createMissingRelatedEntities: true
enableMergeEntity: true
resources:
- kind: repositories
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"aikidoRepository"'
identifier: .id | tostring
title: .name
properties:
name: .name
provider: .provider
externalRepoId: .external_repo_id
active: .active
url: .url
branch: .branch
lastScannedAt: .last_scanned_at
- kind: issues
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"aikidoIssue"'
identifier: .id | tostring
title: .rule | tostring
properties:
status: .status
severity: .severity
severityScore: .severity_score
affectedFile: .affected_file
attackSurface: .attack_surface
type: .type
rule: .rule
codeRepoId: .code_repo_id
codeRepoName: .code_repo_name
relations:
aikidoRepository: .code_repo_id
Monitoring and sync statusโ
To learn more about how to monitor and check the sync status of your integration, see the relevant documentation.
Examplesโ
Examples of blueprints and the relevant integration configurations:
Repositoryโ
Repository blueprint
{
"identifier": "aikidoRepository",
"title": "Aikido Repository",
"icon": "Aikido",
"schema": {
"properties": {
"name": {
"type": "string",
"title": "Repository Name"
},
"provider": {
"type": "string",
"title": "Provider",
"enum": ["github", "gitlab", "gitlab-server", "bitbucket", "azure_devops", "selfscan"]
},
"externalRepoId": {
"type": "string",
"title": "External Repository ID"
},
"active": {
"type": "boolean",
"title": "Active"
},
"url": {
"type": "string",
"title": "Repository URL"
},
"branch": {
"type": "string",
"title": "Default Branch"
},
"lastScannedAt": {
"type": "number",
"title": "Last Scanned At"
}
},
"required": ["name", "provider", "externalRepoId"]
},
"relations": {
"aikidoIssue": {
"title": "Issues",
"target": "aikidoIssue",
"required": false,
"many": true
}
}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: repositories
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"aikidoRepository"'
identifier: .id | tostring
title: .name
properties:
name: .name
provider: .provider
externalRepoId: .external_repo_id
active: .active
url: .url
branch: .branch
lastScannedAt: .last_scanned_at
Issueโ
Issue blueprint
{
"identifier": "aikidoIssue",
"title": "Aikido Issue",
"icon": "Aikido",
"schema": {
"properties": {
"groupId": {
"type": "number",
"title": "Group ID"
},
"attackSurface": {
"type": "string",
"title": "Attack Surface",
"enum": ["backend", "frontend", "infrastructure", "container"]
},
"status": {
"type": "string",
"title": "Status",
"enum": ["open", "closed", "ignored", "snoozed"],
"enumColors": {
"open": "red",
"closed": "green",
"ignored": "yellow",
"snoozed": "blue"
}
},
"severity": {
"type": "string",
"title": "Severity",
"enum": ["critical", "high", "medium", "low"]
},
"severityScore": {
"type": "number",
"title": "Severity Score"
},
"type": {
"type": "string",
"title": "Issue Type",
"enum": ["open_source", "leaked_secret", "cloud", "iac", "sast", "mobile", "surface_monitoring", "malware", "eol", "scm_security", "license"]
},
"rule": {
"type": "string",
"title": "Rule Name"
},
"affectedFile": {
"type": "string",
"title": "Affected File"
},
"codeRepoName": {
"type": "string",
"title": "Code Repository Name"
},
"codeRepoId": {
"type": "number",
"title": "Code Repository ID"
},
"closedAt": {
"type": "number",
"title": "Closed At"
}
},
"required": ["status", "severity", "type", "rule"]
},
"relations": {
"aikidoRepository": {
"title": "Repository",
"target": "aikidoRepository",
"required": false,
"many": false
}
}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: issues
selector:
query: 'true'
port:
entity:
mappings:
blueprint: '"aikidoIssue"'
identifier: .id | tostring
title: .rule | tostring
properties:
status: .status
severity: .severity
severityScore: .severity_score
affectedFile: .affected_file
attackSurface: .attack_surface
type: .type
rule: .rule
codeRepoId: .code_repo_id
codeRepoName: .code_repo_name
relations:
aikidoRepository: .code_repo_id
Let's Test Itโ
This section includes a sample response data from Aikido. In addition, it includes the entity created from the resync event based on the Ocean configuration provided in the previous section.
Payloadโ
Here is an example of the payload structure from Aikido:
Repository response data
{
"id": 1,
"name": "Compression service",
"provider": "github",
"external_repo_id": "R_kgDOI5RlKA",
"active": true,
"url": "https://api.github.com/repos/aikidemo/compression-service",
"branch": "main",
"last_scanned_at": 1720083163
}
Issue response data
{
"id": 1,
"group_id": 1,
"attack_surface": "backend",
"status": "open",
"severity": 90,
"severity_score": "critical",
"type": "open_source",
"rule": "SQL injection",
"rule_id": "aik_cloud_aws_001",
"affected_package": "minimist",
"affected_file": "index.php",
"first_detected_at": 1700489005,
"code_repo_name": "test-service",
"code_repo_id": 1,
"container_repo_id": 1,
"container_repo_name": "aikido/test-service",
"sla_days": 5,
"sla_remediate_by": 1700924603,
"ignored_at": null,
"ignored_by": "user",
"closed_at": null,
"start_line": 68,
"end_line": 70,
"snooze_until": null,
"cwe_classes": [
"CWE-89"
],
"installed_version": "4.2.0",
"patched_versions": [
"4.2.1",
"5.0.0"
],
"license": null,
"programming_language": "PHP"
}