Prerequisites:
You will need access to at least two Salesforce Orgs (Source and Target). Both Orgs will need API Access enabled (Enterprise, Unlimited or Developer Editions). The Source Org must be connected to DigitSec and that is the Org you will use in steps 16-21.
Note: In step 15, use https://s4.digitsec.com
- Log in to your Copado Essentials (Click Deploy) account.
- Go to CI Jobs and click on Create your first CI Job.
- The following screen will show up:
- Add the Title, Source Org, Target Org, Action (needs to be Deploy) and Schedule:None.
Important Note: This webhook is configured to scan the salesforce org configured in the source org. Please make sure your CI Jobs are set up accordingly so security flaws can be identified and rectified before deployment to a production environment. - The screen looks like below after entering information:
- Click the Save button.
- This brings up the following screen.
- Click the Deploy Options tab.
- The following screen will now show up.
- Click Advanced Options at the bottom.
- Then click Change and select Outgoing webhooks as follows:
- Click Save.
- A new tab will appear next to Deploy Options named Outgoing Webhooks. Click that.
- The following screen will show up:
- Enter the Webhook Url as: https://s4.digitsec.com/webhooks/copadoEssentials and select application/json in the Content Type.
- To get the secret, log in to DigitSec. Find the Workspace you wish to scan on the Workspaces Screen, then click the title.
- Now select Integrations and then click Copado Essentials
- Use the copy button to copy the Copado Secret.
- Now go back to step 14 and enter the secret in the Payload field in the following format:
{"secret": “YOUR_COPADO_SECRET"} - Click Save. The webhook setup is now complete.
- To test if things are set up properly, click the "Run Now (deploy) button.
- Once the webhook gets triggered, a scan will start in DigitSec. This activity won’t be reflected on the Copado Essentials side. When the scan completes, your scan will appear on the Dashboard for that Workspace.