Skip to main content

Generate automated emails for detected issues in STO

When you run a scan, the security step generates a set of output variables that capture the number of issues detected at each severity level: CRITICAL, HIGH, MEDIUM, and so on. This topic describes how to set up automatic notifications based on these variables.

In this workflow, you add an Email step that sends a notification whenever the previous scan step finishes successfully.

  1. Add a Custom stage to your pipeline immediately after the Build or Security stage that runs the scan.

  2. Add an Email step to the stage and configure it as follows. Replace SCAN_STAGE_ID, SCAN_STEP_ID, and ACCOUNT_ID with your stage, step, and account IDs.

  - step:
type: Email
name: emailOnDetectedIssues
identifier: emailOnDetectedIssues
subject: "STO ALERT: Scan results for <>"
body: |-
"STO scan of <> found the following issues: <br>
Critical : <+pipeline.stages.SCAN_STAGE_ID.spec.execution.steps.SCAN_STEP_ID.output.outputVariables.CRITICAL> <br>
New Critical : <+pipeline.stages.SCAN_STAGE_ID.spec.execution.steps.SCAN_STEP_ID.output.outputVariables.NEW_CRITICAL> <br>
High: <+pipeline.stages.SCAN_STAGE_ID.spec.execution.steps.SCAN_STEP_ID.output.outputVariables.HIGH> <br>
New High: <+pipeline.stages.SCAN_STAGE_ID.spec.execution.steps.SCAN_STEP_ID.output.outputVariables.NEW_HIGH> <br>
Medium: <+pipeline.stages.SCAN_STAGE_ID.spec.execution.steps.SCAN_STEP_ID.output.outputVariables.MEDIUM> <br>
New Medium: <+pipeline.stages.SCAN_STAGE_ID.spec.execution.steps.SCAN_STEP_ID.output.outputVariables.NEW_MEDIUM> <br>
timeout: 1d

Now, when the stage with the scan step finishes successfully, the pipeline sends an email like this:

"STO scan of sto-notify-test-pipeline found the following issues:
Critical : 0
New Critical : 1
High: 0
New High: 2
Medium: 0
New Medium: 1

For more information about pipeline variables and other variables, go to Use Harness expressions.