Update Security Finding with Security Reporter API on New Events (Instant) from Twilio SendGrid API

Pipedream makes it easy to connect APIs for Security Reporter, Twilio SendGrid and 2,200+ other apps remarkably fast.

Trigger workflow on

New Events (Instant) from the Twilio SendGrid API

Next, do this

Update Security Finding with the Security Reporter API

No credit card required

▶

Watch us build a workflow

8 min

Watch now ➜

Trusted by 1,000,000+ developers from startups to Fortune 500 companies

Developers ♥ Pipedream

Getting Started#

This integration creates a workflow with a Twilio SendGrid trigger and Security Reporter action. When you configure and deploy the workflow, it will run on Pipedream's servers 24x7 for free.

Select this integration
Configure the New Events (Instant) trigger
1. Connect your Twilio SendGrid account
2. Select one or more Event Types
Configure the Update Security Finding action
1. Connect your Security Reporter account
2. Select a Finding ID
3. Optional- Configure Title
4. Optional- Select one or more Targets
5. Optional- Select a Assessment Section ID
6. Optional- Configure Is Vulnerability
7. Optional- Select a Status
8. Optional- Select one or more Resolved Targets
9. Optional- Select a Review Status
10. Optional- Configure Found At
11. Optional- Select a Priority
12. Optional- Select a Complexity
13. Optional- Configure Action
14. Optional- Configure Description
15. Optional- Configure Risk
16. Optional- Configure Recommendation
17. Optional- Configure Proof
18. Optional- Configure References
19. Optional- Configure Draft Documents
20. Optional- Configure Draft Documents File
21. Optional- Select one or more Resolvers
22. Optional- Select one or more User Groups
23. Optional- Configure Classifications
24. Select a Severity Metrics Scoring System
Deploy the workflow
Send a test event to validate your setup
Turn on the trigger

Details#

This integration uses pre-built, source-available components from Pipedream's GitHub repo. These components are developed by Pipedream and the community, and verified and maintained by Pipedream.

To contribute an update to an existing component or create a new component, create a PR on GitHub. If you're new to Pipedream component development, you can start with quickstarts for trigger span and action development, and then review the component API reference.

Trigger#

New Events (Instant) on Twilio SendGrid

Description:Emit new event when any of the specified SendGrid events is received

Version:0.0.5

Key:sendgrid-events

View on GitHub

Twilio SendGrid Overview#

The Twilio SendGrid API opens up a world of possibilities for email automation, enabling you to send emails efficiently and track their performance. With this API, you can programmatically create and send personalized email campaigns, manage contacts, and parse inbound emails for data extraction. When you harness the power of Pipedream, you can connect SendGrid to hundreds of other apps to automate workflows, such as triggering email notifications based on specific actions, syncing email stats with your analytics, or handling incoming emails to create tasks or tickets.

Trigger Code#

import common from "../common/http-based.mjs";
import deliveryEventTypes from "./delivery-event-types.mjs";
import engagementEventTypes from "./engagement-event-types.mjs";

export default {
  ...common,
  key: "sendgrid-events",
  name: "New Events (Instant)",
  description: "Emit new event when any of the specified SendGrid events is received",
  version: "0.0.5",
  type: "source",
  dedupe: "unique",
  props: {
    ...common.props,
    eventTypes: {
      type: "string[]",
      label: "Event Types",
      description: "The type of events to listen to",
      options(context) {
        const { page } = context;
        if (page !== 0) {
          return {
            options: [],
          };
        }

        const options = [
          ...deliveryEventTypes,
          ...engagementEventTypes,
        ];
        return {
          options,
        };
      },
    },
  },
  methods: {
    ...common.methods,
    baseWebhookSettings() {
      // The list of events that a webhook can listen to. This method returns an
      // exhaustive list of all such flags disabled, and each event source can
      // then override the flags that are relevant to the event they handle.
      //
      // See the docs for more information:
      // https://sendgrid.com/docs/api-reference/
      const eventTypesData = [
        ...deliveryEventTypes,
        ...engagementEventTypes,
      ];
      return eventTypesData.reduce((accum, eventTypeData) => ({
        ...accum,
        [eventTypeData.value]: false,
      }), {});
    },
    webhookEventFlags() {
      return this.eventTypes.reduce((accum, eventType) => ({
        ...accum,
        [eventType]: true,
      }), {});
    },
    generateMeta(data) {
      const {
        event: eventType,
        sg_event_id: id,
        timestamp: ts,
      } = data;
      const summary = `New event: ${eventType}`;
      return {
        id,
        summary,
        ts,
      };
    },
  },
};

Trigger Configuration#

This component may be configured based on the props defined in the component code. Pipedream automatically prompts for input values in the UI and CLI.

Label	Prop	Type	Description
N/A	`db`	`$.service.db`	This component uses `$.service.db` to maintain state between executions.
Twilio SendGrid	`sendgrid`	`app`	This component uses the Twilio SendGrid app.
N/A	`http`	`$.interface.http`	This component uses `$.interface.http` to generate a unique URL when the component is first instantiated. Each request to the URL will trigger the `run()` method of the component.
Event Types	`eventTypes`	`string[]`	Select a value from the drop down menu.

Trigger Authentication#

Twilio SendGrid uses API keys for authentication. When you connect your Twilio SendGrid account, Pipedream securely stores the keys so you can easily authenticate to Twilio SendGrid APIs in both code and no-code steps.

About Twilio SendGrid#

Send marketing and transactional email through the Twilio SendGrid platform with the Email API, proprietary mail transfer agent, and infrastructure for scalable delivery.

Action#

Update Security Finding on Security Reporter

Description:Updates an existing security finding. [See the documentation](https://trial3.securityreporter.app/api-documentation)

Version:0.0.1

Key:security_reporter-update-finding

View on GitHub

Action Code#

import {
  COMPLEXITY_OPTIONS,
  OWASP_OPTIONS,
  PRIORITY_OPTIONS,
  REVIEW_STATUS_OPTIONS,
  SCORING_SYSTEM_OPTIONS,
  SEVERITY_ONLY_SEVERITY_OPTIONS,
  STATUS_OPTIONS,
} from "../../common/constants.mjs";
import { parseObject } from "../../common/utils.mjs";
import securityReporter from "../../security_reporter.app.mjs";

export default {
  key: "security_reporter-update-finding",
  name: "Update Security Finding",
  description: "Updates an existing security finding. [See the documentation](https://trial3.securityreporter.app/api-documentation)",
  version: "0.0.1",
  type: "action",
  props: {
    securityReporter,
    findingId: {
      propDefinition: [
        securityReporter,
        "findingId",
      ],
    },
    title: {
      type: "string",
      label: "Title",
      description: "Title of the finding. Must not be greater than 191 characters.",
      optional: true,
    },
    targets: {
      propDefinition: [
        securityReporter,
        "targets",
        ({ findingId }) => ({
          findingId,
        }),
      ],
      optional: true,
    },
    assessmentSectionId: {
      propDefinition: [
        securityReporter,
        "assessmentSectionId",
        ({ findingId }) => ({
          findingId,
        }),
      ],
      optional: true,
      reloadProps: true,
    },
    isVulnerability: {
      type: "boolean",
      label: "Is Vulnerability",
      description: "Whether the finding is for a vulnerability (and has associated severity metrics).",
      optional: true,
      reloadProps: true,
    },
    status: {
      type: "string",
      label: "Status",
      description: "The current status of the finding. Can not be changed to or from Retest Pending. Must be a valid finding status.",
      options: STATUS_OPTIONS,
      optional: true,
    },
    resolvedTargets: {
      propDefinition: [
        securityReporter,
        "resolvedTargets",
        ({ findingId }) => ({
          findingId,
        }),
      ],
      optional: true,
    },
    reviewStatus: {
      type: "string",
      label: "Review Status",
      description: "The current review status of the finding. Must be a valid review status.",
      options: REVIEW_STATUS_OPTIONS,
      optional: true,
    },
    foundAt: {
      type: "string",
      label: "Found At",
      description: "The date when the finding was found. Format: `YYYY-MM-DDTHH:MM:SS`.",
      optional: true,
    },
    priority: {
      type: "string",
      label: "Priority",
      description: "How urgent resolving this finding is. Must be a valid priority.",
      options: PRIORITY_OPTIONS,
      optional: true,
    },
    complexity: {
      type: "string",
      label: "Complexity",
      description: "How complex resolving this finding is. Must be a valid complexity.",
      options: COMPLEXITY_OPTIONS,
      optional: true,
    },
    action: {
      type: "string",
      label: "Action",
      description: "The recommended action (under 500 characters) to resolve this finding. **Example: Update ...**",
      optional: true,
    },
    description: {
      type: "string",
      label: "Description",
      description: "The description of the finding. **Example: There is ...**",
      optional: true,
    },
    risk: {
      type: "string",
      label: "Risk",
      description: "The risk associated with the finding. **Example: A hacker could ...**",
      optional: true,
    },
    recommendation: {
      type: "string",
      label: "Recommendation",
      description: "The recommendation for the finding. **Example: Update ...**",
      optional: true,
    },
    proof: {
      type: "string",
      label: "Proof",
      description: "The proof for the finding. **Example: See attached ...**",
      optional: true,
    },
    references: {
      type: "string",
      label: "References",
      description: "The references for the finding. **Example: - https://owasp.org/Top10/A03_2021-Injection/`\n - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/**",
      optional: true,
    },
    draftDocuments: {
      type: "string[]",
      label: "Draft Documents",
      description: "Document IDs of uploaded draft documents.",
      optional: true,
    },
    draftDocumentsFile: {
      type: "string[]",
      label: "Draft Documents File ",
      description: "The path to a file in the `/tmp` directory. [See the documentation on working with files](https://pipedream.com/docs/code/nodejs/working-with-files/#writing-a-file-to-tmp).",
      optional: true,
    },
    resolvers: {
      propDefinition: [
        securityReporter,
        "resolvers",
        ({ findingId }) => ({
          findingId,
        }),
      ],
      optional: true,
    },
    userGroups: {
      propDefinition: [
        securityReporter,
        "userGroups",
        ({ findingId }) => ({
          findingId,
        }),
      ],
      optional: true,
    },
    classifications: {
      type: "string[]",
      label: "Classifications",
      description: "An array with classifications by classification system. You can use any combination of CWE, CAPEC or VRT classifications. Note that classifications are ignored if their system is not set in the assessment.",
      optional: true,
    },
    SMScoringSystem: {
      type: "string",
      label: "Severity Metrics Scoring System",
      description: "The scoring system you want to use. [See the documentation](https://trial3.securityreporter.app/api-documentation#scoring-systems) for further information.",
      options: SCORING_SYSTEM_OPTIONS,
      reloadProps: true,
    },
  },
  async additionalProps() {
    const props = {};
    if (this.isVulnerability) {
      const { severity_metrics: SM } = await this.securityReporter.getFinding({
        findingId: this.findingId,
      });
      switch (this.SMScoringSystem) {
      case "owasp":
        props.severityMetricsImpact = {
          type: "string",
          label: "Severity Metrics Impact",
          description: "The impact metric.",
          options: OWASP_OPTIONS,
          default: (SM && SM.scoring_system === "owasp")
            ? `${SM.impact}`
            : "",
        };
        props.severityMetricsLikelihood = {
          type: "string",
          label: "Severity Metrics Likelihood",
          description: "The likelihood metric.",
          options: OWASP_OPTIONS,
          default: (SM && SM.scoring_system === "owasp")
            ? `${SM.likelihood}`
            : "",
        };
        break;
      case "cvss_v3_1":
        props.cvssString = {
          type: "string",
          label: "Severity Metrics CVSS String",
          description: "The Common Vulnerability Scoring System uses a combination of eight [base metrics](https://www.first.org/cvss/v3.1/specification-document#Base-Metrics) to compute the base severity score. Currently only the base metrics are supported. A calculator to transform base metrics into a severity score can be found [here](https://www.first.org/cvss/calculator/3.1). Manual calculations are not needed as the severity_score and severity of a model will be automatically computed upon save.",
          default: (SM && SM.scoring_system === "cvss_v3_1")
            ? `${SM.cvss_string}`
            : "",
        };
        break;
      case "severity_only":
        props.severityOnlySeverity = {
          type: "string",
          label: "Severity Metrics Severity",
          description: "Severity only is the simplest scoring system. It simply sets the severity directly without any underlying math.",
          options: SEVERITY_ONLY_SEVERITY_OPTIONS,
          default: (SM && SM.scoring_system === "severity_only")
            ? `${SM.severity}`
            : "",
        };
      }
    }
    return props;
  },
  async run({ $ }) {
    const fileIds = await this.securityReporter.prepareFiles({
      draftDocumentsFile: this.draftDocumentsFile,
      draftDocuments: this.draftDocuments,
    });

    const response = await this.securityReporter.updateSecurityFinding({
      $,
      findingId: this.findingId,
      data: {
        title: this.title,
        targets: parseObject(this.targets),
        assessment_section_id: this.assessmentSectionId,
        is_vulnerability: this.isVulnerability,
        status: this.status && parseInt(this.status),
        resolved_targets: parseObject(this.resolved_targets),
        severity_metrics: {
          impact: this.severityMetricsImpact && parseInt(this.severityMetricsImpact),
          likelihood: this.severityMetricsLikelihood && parseInt(this.severityMetricsLikelihood),
          cvss_string: this.cvssString,
          severity: this.severityOnlySeverity && parseInt(this.severityOnlySeverity),
          scoring_system: this.SMScoringSystem,
        },
        review_status: this.reviewStatus && parseInt(this.reviewStatus),
        found_at: this.foundAt,
        priority: this.priority && parseInt(this.priority),
        complexity: this.complexity && parseInt(this.complexity),
        action: this.action,
        description: this.description,
        risk: this.risk,
        recommendation: this.recommendation,
        proof: this.proof,
        references: this.references,
        draft_documents: fileIds,
        resolvers: parseObject(this.resolvers),
        user_groups: parseObject(this.userGroups),
        classifications: parseObject(this.classifications),
      },
    });

    $.export("$summary", `Successfully updated finding with ID ${this.findingId}`);
    return response;
  },
};

Action Configuration#

This component may be configured based on the props defined in the component code. Pipedream automatically prompts for input values in the UI.

Label	Prop	Type	Description
Security Reporter	`securityReporter`	`app`	This component uses the Security Reporter app.
Finding ID	`findingId`	`string`	Select a value from the drop down menu.
Title	`title`	`string`	Title of the finding. Must not be greater than 191 characters.
Targets	`targets`	`string[]`	Select a value from the drop down menu.
Assessment Section ID	`assessmentSectionId`	`string`	Select a value from the drop down menu.
Is Vulnerability	`isVulnerability`	`boolean`	Whether the finding is for a vulnerability (and has associated severity metrics).
Status	`status`	`string`	Select a value from the drop down menu:`{ "label": "Unresolved", "value": "0" }{ "label": "Resolved", "value": "1" }{ "label": "Retest Pending", "value": "2" }{ "label": "Accepted Risk", "value": "3" }`
Resolved Targets	`resolvedTargets`	`string[]`	Select a value from the drop down menu.
Review Status	`reviewStatus`	`string`	Select a value from the drop down menu:`{ "label": "Draft", "value": "0" }{ "label": "Under Review", "value": "1" }{ "label": "Revision Requested", "value": "2" }{ "label": "Published", "value": "3" }`
Found At	`foundAt`	`string`	The date when the finding was found. Format: `YYYY-MM-DDTHH:MM:SS`.
Priority	`priority`	`string`	Select a value from the drop down menu:`{ "label": "Unknown", "value": "0" }{ "label": "Low", "value": "1" }{ "label": "Medium", "value": "2" }{ "label": "High", "value": "3" }`
Complexity	`complexity`	`string`	Select a value from the drop down menu:`{ "label": "Unknown", "value": "0" }{ "label": "Trivial", "value": "1" }{ "label": "Medium", "value": "2" }{ "label": "Complex", "value": "3" }`
Action	`action`	`string`	The recommended action (under 500 characters) to resolve this finding. Example: Update ...
Description	`description`	`string`	The description of the finding. Example: There is ...
Risk	`risk`	`string`	The risk associated with the finding. Example: A hacker could ...
Recommendation	`recommendation`	`string`	The recommendation for the finding. Example: Update ...
Proof	`proof`	`string`	The proof for the finding. Example: See attached ...
References	`references`	`string`	The references for the finding. Example: - https://owasp.org/Top10/A03_2021-Injection/` https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/
Draft Documents	`draftDocuments`	`string[]`	Document IDs of uploaded draft documents.
Draft Documents File	`draftDocumentsFile`	`string[]`	The path to a file in the `/tmp` directory. See the documentation on working with files.
Resolvers	`resolvers`	`string[]`	Select a value from the drop down menu.
User Groups	`userGroups`	`string[]`	Select a value from the drop down menu.
Classifications	`classifications`	`string[]`	An array with classifications by classification system. You can use any combination of CWE, CAPEC or VRT classifications. Note that classifications are ignored if their system is not set in the assessment.
Severity Metrics Scoring System	`SMScoringSystem`	`string`	Select a value from the drop down menu:`{ "label": "OWASP Risk Rating Methodology", "value": "owasp" }{ "label": "CVSS v3.1", "value": "cvss_v3_1" }{ "label": "Severity Only", "value": "severity_only" }`

Update Security Finding with Security Reporter API on New Events (Instant) from Twilio SendGrid API

Pipedream makes it easy to connect APIs for Security Reporter, Twilio SendGrid and 2,200+ other apps remarkably fast.

Trusted by 1,000,000+ developers from startups to Fortune 500 companies

Developers ♥ Pipedream

1-24of2,200+apps by most popular

1
-
24
of
2,200+
apps by most popular