Skip to content

Instantly share code, notes, and snippets.

@prabhu
Created April 3, 2021 12:20
Embed
What would you like to do?
OPA rego policy with ShiftLeft API integration
package shiftleft
default allow = true
runtime := opa.runtime()
sl_app_name := runtime.env.SHIFTLEFT_APP
sl_access_token := runtime.env.SHIFTLEFT_ACCESS_TOKEN
payload := io.jwt.decode(sl_access_token)
sl_org_id := payload[1].orgID
headers := {"Content-Type": "application/json", "Authorization": sprintf("Bearer %s", [sl_access_token])}
url := sprintf("https://www.shiftleft.io/api/v4/orgs/%s/apps/%s/findings?per_page=249", [sl_org_id, sl_app_name])
http_response := http.send({"method": "get", "headers": headers, "url": url})
scan := http_response.body.response.scan
findings := http_response.body.response.findings
has_findings = true {
count(findings) > 0
}
has_critical_findings = true {
findings[_].severity == "critical"
}
has_non_info_findings = true {
findings[_].severity == "critical"
}
has_non_info_findings = true {
findings[_].severity == "moderate"
}
list_critical_findings[finding.id] = finding.title {
finding := findings[_]
finding.severity == "critical"
}
list_app_critical_findings[finding.id] = finding.title {
finding := findings[_]
finding.category == "XSS"
finding.severity == "critical"
}
list_app_critical_findings[finding.id] = finding.title {
finding := findings[_]
finding.category == "Deserialization"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment