Official Webhook feature
Problem to solve
Users would like to set up custom integrations via webhooks, where ARM notifies them of events by triggering an HTTP request.
We had a Proof of Concept a while ago, now it seems time to officialize it as more customers request it
Intended users
ARM users
Permissions and Security
- Declare which roles should be able to set up webhooks
Proposal
-
Declare which events should be notified -
Declare whether it should be at org/group level (or both) -
Implement a web UI to set up webhooks -
Modify PoC logic in the stream consumer as needed -
Implement cloudwatch logs to monitor the behavior -
Allow actions just for user_managers
EVENTS:
-
New severity vulnerability: high, medium and low -
Assigned vulnerability -
New group eventuality -
Response to reattacks: Verified(Safe), Verified(Vulnerable), On hold -
Connector down (this at the org level, we can look at it last) -
Root Disablement -
Agent token expiration -
API token expiration -
Root added -
Environment deactivated
Test plan
functional tests
What does success look like, and how can we measure that?
Users are able to set up webhook integrations
Links / references
https://docs.gitlab.com/ee/user/project/integrations/webhooks.html
Edited by Sebastian Cardona