Create Security Finding with Security Reporter API on New Upcoming Event Alert from Google Calendar API

Pipedream makes it easy to connect APIs for Security Reporter, Google Calendar and 2,700+ other apps remarkably fast.

Trigger workflow on

New Upcoming Event Alert from the Google Calendar API

Next, do this

Create Security Finding with the Security Reporter API

No credit card required

▶

Watch us build a workflow

8 min

Watch now ➜

Trusted by 1,000,000+ developers from startups to Fortune 500 companies

Developers ♥ Pipedream

Getting Started#

This integration creates a workflow with a Google Calendar trigger and Security Reporter action. When you configure and deploy the workflow, it will run on Pipedream's servers 24x7 for free.

Select this integration
Configure the New Upcoming Event Alert trigger
1. Connect your Google Calendar account
2. Connect your Google Calendar account
3. Optional- Select a Calendar ID
4. Optional- Select one or more Event Types
5. Configure Minutes Before
Configure the Create Security Finding action
1. Connect your Security Reporter account
2. Select a Assessment ID
3. Configure Title
4. Select one or more Targets
5. Select a Assessment Section ID
6. Configure Is Vulnerability
7. Optional- Configure Found At
8. Optional- Select a Priority
9. Optional- Select a Complexity
10. Optional- Configure Action
11. Configure Description
12. Optional- Configure Risk
13. Optional- Configure Recommendation
14. Optional- Configure Proof
15. Optional- Configure References
16. Optional- Configure Draft Documents
17. Optional- Configure Draft Document File Paths or URLs
18. Optional- Select one or more Resolvers
19. Optional- Select one or more User Groups
20. Optional- Configure Classifications
21. Select a Severity Metrics Scoring System
Deploy the workflow
Send a test event to validate your setup
Turn on the trigger

Details#

This integration uses pre-built, source-available components from Pipedream's GitHub repo. These components are developed by Pipedream and the community, and verified and maintained by Pipedream.

To contribute an update to an existing component or create a new component, create a PR on GitHub. If you're new to Pipedream component development, you can start with quickstarts for trigger span and action development, and then review the component API reference.

Trigger#

New Upcoming Event Alert on Google Calendar

Description:Emit new event based on a time interval before an upcoming event in the calendar. This source uses Pipedream's Task Scheduler. [See the documentation](https://pipedream.com/docs/examples/waiting-to-execute-next-step-of-workflow/#step-1-create-a-task-scheduler-event-source) for more information and instructions for connecting your Pipedream account.

Version:0.0.10

Key:google_calendar-upcoming-event-alert

View on GitHub

Google Calendar Overview#

The Google Calendar API lets you dip into the powerhouse of scheduling, allowing for the reading, creation, and manipulation of events and calendars directly from your applications. Through Pipedream, you can seamlessly integrate Google Calendar into a myriad of workflows, automating event management, syncing with other services, setting up custom reminders, or even collating data for reporting. The key here is to streamline your calendar-related processes, ensuring that your time management is as efficient and automated as possible.

Trigger Code#

import taskScheduler from "../../../pipedream/sources/new-scheduled-tasks/new-scheduled-tasks.mjs";
import googleCalendar from "../../google_calendar.app.mjs";
import sampleEmit from "./test-event.mjs";

export default {
  key: "google_calendar-upcoming-event-alert",
  name: "New Upcoming Event Alert",
  description: `Emit new event based on a time interval before an upcoming event in the calendar. This source uses Pipedream's Task Scheduler.
    [See the documentation](https://pipedream.com/docs/examples/waiting-to-execute-next-step-of-workflow/#step-1-create-a-task-scheduler-event-source) 
    for more information and instructions for connecting your Pipedream account.`,
  version: "0.0.10",
  type: "source",
  props: {
    pipedream: taskScheduler.props.pipedream,
    googleCalendar,
    db: "$.service.db",
    http: "$.interface.http",
    calendarId: {
      propDefinition: [
        googleCalendar,
        "calendarId",
      ],
    },
    eventTypes: {
      propDefinition: [
        googleCalendar,
        "eventTypes",
      ],
    },
    time: {
      type: "integer",
      label: "Minutes Before",
      description: "Number of minutes to trigger before the start of the calendar event.",
      min: 0,
      reloadProps: true,
    },
  },
  async additionalProps() {
    const props = {};
    if (this.time > 0) {
      props.timer = {
        type: "$.interface.timer",
        description: "Poll the API to schedule alerts for any newly created events",
        default: {
          intervalSeconds: 60 * this.time,
        },
      };
    }
    return props;
  },
  hooks: {
    async deactivate() {
      const ids = this._getScheduledEventIds();
      if (!ids?.length) {
        return;
      }
      for (const id of ids) {
        if (await this.deleteEvent({
          body: {
            id,
          },
        })) {
          console.log("Cancelled scheduled event");
        }
      }
      this._setScheduledEventIds();
    },
  },
  methods: {
    ...taskScheduler.methods,
    _getScheduledEventIds() {
      return this.db.get("scheduledEventIds");
    },
    _setScheduledEventIds(ids) {
      this.db.set("scheduledEventIds", ids);
    },
    _getScheduledCalendarEventIds() {
      return this.db.get("scheduledCalendarEventIds");
    },
    _setScheduledCalendarEventIds(ids) {
      this.db.set("scheduledCalendarEventIds", ids);
    },
    _hasDeployed() {
      const result = this.db.get("hasDeployed");
      this.db.set("hasDeployed", true);
      return result;
    },
    subtractMinutes(date, minutes) {
      return date.getTime() - minutes * 60000;
    },
    async getCalendarEvents() {
      const calendarEvents = [];
      const params = {
        returnOnlyData: false,
        calendarId: this.calendarId,
        eventTypes: this.eventTypes,
      };
      do {
        const {
          data: {
            items, nextPageToken,
          },
        } = await this.googleCalendar.listEvents(params);
        if (items?.length) {
          calendarEvents.push(...items);
        }
        params.pageToken = nextPageToken;
      } while (params.pageToken);
      return calendarEvents;
    },
  },
  async run(event) {
    // self subscribe only on the first time
    if (!this._hasDeployed()) {
      await this.selfSubscribe();
    }

    const scheduledEventIds = this._getScheduledEventIds() || [];

    // incoming scheduled event
    if (event.$channel === this.selfChannel()) {
      const remainingScheduledEventIds = scheduledEventIds.filter((id) => id !== event["$id"]);
      this._setScheduledEventIds(remainingScheduledEventIds);
      this.emitEvent(event, `Upcoming ${event.summary} event`);
      return;
    }

    // schedule new events
    const scheduledCalendarEventIds = this._getScheduledCalendarEventIds() || {};
    const calendarEvents = await this.getCalendarEvents();

    for (const calendarEvent of calendarEvents) {
      const startTime = calendarEvent.start
        ? (new Date(calendarEvent.start.dateTime || calendarEvent.start.date))
        : null;
      if (!startTime
        || startTime.getTime() < Date.now()
        || scheduledCalendarEventIds[calendarEvent.id])
      {
        continue;
      }
      const later = new Date(this.subtractMinutes(startTime, this.time));

      const scheduledEventId = this.emitScheduleEvent(calendarEvent, later);
      scheduledEventIds.push(scheduledEventId);
      scheduledCalendarEventIds[calendarEvent.id] = true;
    }
    this._setScheduledEventIds(scheduledEventIds);
    this._setScheduledCalendarEventIds(scheduledCalendarEventIds);
  },
  sampleEmit,
};

Trigger Configuration#

This component may be configured based on the props defined in the component code. Pipedream automatically prompts for input values in the UI and CLI.

Label	Prop	Type	Description
Google Calendar	`pipedream`	`app`	This component uses the Google Calendar app.
Google Calendar	`googleCalendar`	`app`	This component uses the Google Calendar app.
N/A	`db`	`$.service.db`	This component uses `$.service.db` to maintain state between executions.
N/A	`http`	`$.interface.http`	This component uses `$.interface.http` to generate a unique URL when the component is first instantiated. Each request to the URL will trigger the `run()` method of the component.
Calendar ID	`calendarId`	`string`	Select a value from the drop down menu.
Event Types	`eventTypes`	`string[]`	Select a value from the drop down menu:`defaultfocusTimeoutOfOfficeworkingLocation`
Minutes Before	`time`	`integer`	Number of minutes to trigger before the start of the calendar event.

Trigger Authentication#

Google Calendar uses OAuth authentication. When you connect your Google Calendar account, Pipedream will open a popup window where you can sign into Google Calendar and grant Pipedream permission to connect to your account. Pipedream securely stores and automatically refreshes the OAuth tokens so you can easily authenticate any Google Calendar API.

Pipedream requests the following authorization scopes when you connect your account:

https://www.googleapis.com/auth/calendar.eventshttps://www.googleapis.com/auth/calendar.readonlyhttps://www.googleapis.com/auth/calendar.settings.readonlyemailprofile

About Google Calendar#

With Google Calendar, you can quickly schedule meetings and events and get reminders about upcoming activities, so you always know what’s next.

Action#

Create Security Finding on Security Reporter

Description:Creates a new security finding. [See the documentation](https://trial3.securityreporter.app/api-documentation)

Version:0.1.0

Key:security_reporter-create-finding

View on GitHub

Action Code#

import {
  COMPLEXITY_OPTIONS,
  OWASP_OPTIONS,
  PRIORITY_OPTIONS,
  SCORING_SYSTEM_OPTIONS,
  SEVERITY_ONLY_SEVERITY_OPTIONS,
  SEVERITY_OPTIONS,
} from "../../common/constants.mjs";
import { parseObject } from "../../common/utils.mjs";
import securityReporter from "../../security_reporter.app.mjs";

export default {
  key: "security_reporter-create-finding",
  name: "Create Security Finding",
  description: "Creates a new security finding. [See the documentation](https://trial3.securityreporter.app/api-documentation)",
  version: "0.1.0",
  type: "action",
  props: {
    securityReporter,
    assessmentId: {
      propDefinition: [
        securityReporter,
        "assessmentId",
      ],
    },
    title: {
      type: "string",
      label: "Title",
      description: "Title of the finding. Must not be greater than 191 characters.",
    },
    targets: {
      propDefinition: [
        securityReporter,
        "targets",
        ({ assessmentId }) => ({
          assessmentId,
        }),
      ],
    },
    assessmentSectionId: {
      propDefinition: [
        securityReporter,
        "assessmentSectionId",
        ({ assessmentId }) => ({
          assessmentId,
        }),
      ],
      reloadProps: true,
    },
    isVulnerability: {
      type: "boolean",
      label: "Is Vulnerability",
      description: "Whether the finding is for a vulnerability (and has associated severity metrics).",
      reloadProps: true,
    },
    foundAt: {
      type: "string",
      label: "Found At",
      description: "The date when the finding was found. Format: `YYYY-MM-DDTHH:MM:SS`.",
      optional: true,
    },
    priority: {
      type: "string",
      label: "Priority",
      description: "How urgent resolving this finding is. Must be a valid priority.",
      options: PRIORITY_OPTIONS,
      optional: true,
    },
    complexity: {
      type: "string",
      label: "Complexity",
      description: "How complex resolving this finding is. Must be a valid complexity.",
      options: COMPLEXITY_OPTIONS,
      optional: true,
    },
    action: {
      type: "string",
      label: "Action",
      description: "The recommended action (under 500 characters) to resolve this finding. **Example: Update ...**",
      optional: true,
    },
    description: {
      type: "string",
      label: "Description",
      description: "The description of the finding. **Example: There is ...**",
    },
    risk: {
      type: "string",
      label: "Risk",
      description: "The risk associated with the finding. **Example: A hacker could ...**",
      optional: true,
    },
    recommendation: {
      type: "string",
      label: "Recommendation",
      description: "The recommendation for the finding. **Example: Update ...**",
      optional: true,
    },
    proof: {
      type: "string",
      label: "Proof",
      description: "The proof for the finding. **Example: See attached ...**",
      optional: true,
    },
    references: {
      type: "string",
      label: "References",
      description: "The references for the finding. **Example: - https://owasp.org/Top10/A03_2021-Injection/`\n - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/**",
      optional: true,
    },
    draftDocuments: {
      type: "string[]",
      label: "Draft Documents",
      description: "Document IDs of uploaded draft documents.",
      optional: true,
    },
    draftDocumentsFile: {
      type: "string[]",
      label: "Draft Document File Paths or URLs",
      description: "One or more files to upload. For each entry, provide either a file URL or a path to a file in the `/tmp` directory (for example, `/tmp/myFile.txt`)",
      optional: true,
    },
    resolvers: {
      propDefinition: [
        securityReporter,
        "resolvers",
        ({ assessmentId }) => ({
          assessmentId,
        }),
      ],
      optional: true,
    },
    userGroups: {
      propDefinition: [
        securityReporter,
        "userGroups",
        ({ assessmentId }) => ({
          assessmentId,
        }),
      ],
      optional: true,
    },
    classifications: {
      type: "string[]",
      label: "Classifications",
      description: "An array with classifications by classification system. You can use any combination of CWE, CAPEC or VRT classifications. Note that classifications are ignored if their system is not set in the assessment.",
      optional: true,
    },
    SMScoringSystem: {
      type: "string",
      label: "Severity Metrics Scoring System",
      description: "The scoring system you want to use. [See the documentation](https://trial3.securityreporter.app/api-documentation#scoring-systems) for further information.",
      options: SCORING_SYSTEM_OPTIONS,
      reloadProps: true,
    },
  },
  async additionalProps() {
    const props = {
      severity: {
        type: "string",
        label: "Severity",
        description: "The severity of the finding. Determined from severity metrics otherwise. Must be a valid severity.",
        options: SEVERITY_OPTIONS,
        optional: !this.isVulnerability,
      },
    };
    switch (this.SMScoringSystem) {
    case "owasp":
      props.severityMetricsImpact = {
        type: "string",
        label: "Severity Metrics Impact",
        description: "The impact metric.",
        options: OWASP_OPTIONS,
      };
      props.severityMetricsLikelihood = {
        type: "string",
        label: "Severity Metrics Likelihood",
        description: "The likelihood metric.",
        options: OWASP_OPTIONS,
      };
      break;
    case "cvss_v3_1":
      props.cvssString = {
        type: "string",
        label: "Severity Metrics CVSS String",
        description: "The Common Vulnerability Scoring System uses a combination of eight [base metrics](https://www.first.org/cvss/v3.1/specification-document#Base-Metrics) to compute the base severity score. Currently only the base metrics are supported. A calculator to transform base metrics into a severity score can be found [here](https://www.first.org/cvss/calculator/3.1). Manual calculations are not needed as the severity_score and severity of a model will be automatically computed upon save.",
      };
      break;
    case "severity_only":
      props.severityOnlySeverity = {
        type: "string",
        label: "Severity Metrics Severity",
        description: "Severity only is the simplest scoring system. It simply sets the severity directly without any underlying math.",
        options: SEVERITY_ONLY_SEVERITY_OPTIONS,
      };
    }
    return props;
  },
  async run({ $ }) {
    const fileIds = await this.securityReporter.prepareFiles({
      draftDocumentsFile: this.draftDocumentsFile,
      draftDocuments: this.draftDocuments,
    });

    const response = await this.securityReporter.createSecurityFinding({
      $,
      assessmentId: this.assessmentId,
      data: {
        title: this.title,
        targets: parseObject(this.targets),
        assessment_section_id: this.assessmentSectionId,
        is_vulnerability: this.isVulnerability,
        severity_metrics: {
          impact: this.severityMetricsImpact && parseInt(this.severityMetricsImpact),
          likelihood: this.severityMetricsLikelihood && parseInt(this.severityMetricsLikelihood),
          cvss_string: this.cvssString,
          severity: this.severityOnlySeverity && parseInt(this.severityOnlySeverity),
          scoring_system: this.SMScoringSystem,
        },
        severity: this.severity && parseInt(this.severity),
        found_at: this.foundAt,
        priority: this.priority && parseInt(this.priority),
        complexity: this.complexity && parseInt(this.complexity),
        action: this.action,
        description: this.description,
        risk: this.risk,
        recommendation: this.recommendation,
        proof: this.proof,
        references: this.references,
        draft_documents: fileIds,
        resolvers: parseObject(this.resolvers),
        user_groups: parseObject(this.userGroups),
        classifications: parseObject(this.classifications),
      },
    });

    $.export("$summary", `Successfully created security finding with title: ${this.title}`);
    return response;
  },
};

Action Configuration#

This component may be configured based on the props defined in the component code. Pipedream automatically prompts for input values in the UI.

Label	Prop	Type	Description
Security Reporter	`securityReporter`	`app`	This component uses the Security Reporter app.
Assessment ID	`assessmentId`	`string`	Select a value from the drop down menu.
Title	`title`	`string`	Title of the finding. Must not be greater than 191 characters.
Targets	`targets`	`string[]`	Select a value from the drop down menu.
Assessment Section ID	`assessmentSectionId`	`string`	Select a value from the drop down menu.
Is Vulnerability	`isVulnerability`	`boolean`	Whether the finding is for a vulnerability (and has associated severity metrics).
Found At	`foundAt`	`string`	The date when the finding was found. Format: `YYYY-MM-DDTHH:MM:SS`.
Priority	`priority`	`string`	Select a value from the drop down menu:`{ "label": "Unknown", "value": "0" }{ "label": "Low", "value": "1" }{ "label": "Medium", "value": "2" }{ "label": "High", "value": "3" }`
Complexity	`complexity`	`string`	Select a value from the drop down menu:`{ "label": "Unknown", "value": "0" }{ "label": "Trivial", "value": "1" }{ "label": "Medium", "value": "2" }{ "label": "Complex", "value": "3" }`
Action	`action`	`string`	The recommended action (under 500 characters) to resolve this finding. Example: Update ...
Description	`description`	`string`	The description of the finding. Example: There is ...
Risk	`risk`	`string`	The risk associated with the finding. Example: A hacker could ...
Recommendation	`recommendation`	`string`	The recommendation for the finding. Example: Update ...
Proof	`proof`	`string`	The proof for the finding. Example: See attached ...
References	`references`	`string`	The references for the finding. Example: - https://owasp.org/Top10/A03_2021-Injection/` https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/
Draft Documents	`draftDocuments`	`string[]`	Document IDs of uploaded draft documents.
Draft Document File Paths or URLs	`draftDocumentsFile`	`string[]`	One or more files to upload. For each entry, provide either a file URL or a path to a file in the `/tmp` directory (for example, `/tmp/myFile.txt`)
Resolvers	`resolvers`	`string[]`	Select a value from the drop down menu.
User Groups	`userGroups`	`string[]`	Select a value from the drop down menu.
Classifications	`classifications`	`string[]`	An array with classifications by classification system. You can use any combination of CWE, CAPEC or VRT classifications. Note that classifications are ignored if their system is not set in the assessment.
Severity Metrics Scoring System	`SMScoringSystem`	`string`	Select a value from the drop down menu:`{ "label": "OWASP Risk Rating Methodology", "value": "owasp" }{ "label": "CVSS v3.1", "value": "cvss_v3_1" }{ "label": "Severity Only", "value": "severity_only" }`

Action Authentication#

Security Reporter uses API keys for authentication. When you connect your Security Reporter account, Pipedream securely stores the keys so you can easily authenticate to Security Reporter APIs in both code and no-code steps.

About Security Reporter#

Reporting made easy, Pentesting made powerful

More Ways to Connect Security Reporter + Google Calendar#

Other Popular Integrations#

Create Security Assessment with Security Reporter API on New Created or Updated Event (Instant) from Google Calendar API

Google Calendar + Security Reporter

Create Security Finding with Security Reporter API on New Upcoming Event Alert from Google Calendar API

Pipedream makes it easy to connect APIs for Security Reporter, Google Calendar and 2,700+ other apps remarkably fast.

Trusted by 1,000,000+ developers from startups to Fortune 500 companies

Developers ♥ Pipedream

1-24of2,700+apps by most popular

1
-
24
of
2,700+
apps by most popular