Open in app

Sign up

Sign in

Write

Sign up

Sign in

Automate Everything -Trigger CD Pipelines using IBM Cloud Event Notifications

Pradeep Gopalgowda
DevOps.dev
Published in
5 min readSep 17, 2022

--

There is a use-case where a “parent” pipeline needs to trigger multiple “child” pipelines. The eventual plan is to use a new spec CDEvents for these events emanating from Pipelines. CDEvents is a common specification for Continuous Delivery events, enabling interoperability in the complete software production ecosystem.

cdevents

For now this can be easily achieved using IBM Cloud Event Notifications. We can use API or IBM managed sources to send an event to IBM Cloud Event Notifications from the “parent” and then use Webhooks to trigger the “children”. There is a use case the IBM Cloudpak team is looking to implement this parent-children pipelines and they have to go edit the parent every time they have to add a new child.

In this tutorial, you will learn how to set up IBM Cloud® Security and Compliance Center source to send security event to IBM Cloud Event Notifications to trigger CD pipelines. For this tutorial IBM Cloud Event Notifications is configured to send webhook event to trigger CD pipelines.

In this tutorial you will configure the following flow:

  1. An event of interest takes place in the IBM Cloud Security and Compliance Center source.
  2. IBM Cloud Security and Compliance Center source sends a notification to IBM Cloud Event Notifications.
  3. IBM Cloud Event Notifications creates a webhook event and trigger the CD pipelines.
Flow Diagram

Step 1: Create an IBM Cloud Event Notifications service instance

  1. Log in to your IBM Cloud account.
  2. In the IBM Cloud catalog, search Event Notifications > Event Notifications.
  3. Select a Region from the list of supported region and Select a pricing plan.
  4. Provide a Service name.
  5. Select a resource group.
  6. Click Create.
IBM Cloud Event Notifications

Step 2: Connecting to Event Notifications in the Security and Compliance Center

After signing into IBM Cloud, you can access the Security and Compliance Center:

SCC Global Settings
  1. By clicking the Menu icon > Security and Compliance in the navigation.
  2. In the Security and Compliance Center navigation, click Global settings.
  3. In the Event Notifications section, and click Connect.
  4. In the side panel, review the source details for the connection. Optionally, provide a description.
  5. Select the resource group and Event Notifications service instance that you want to connect.

If an IAM authorization between Security and Compliance Center and Event Notifications doesn’t exist in your account, a dialog is displayed. Follow the prompts to grant access between the services.

To grant access between Security and Compliance Center and Event Notifications, click Authorize.

In the side panel, select Event Notifications as the target service.

From the list of instances, select the Event Notifications service instance that you want to authorize.

Select the Event Source Manager role.

Click Review.

Click Assign.

6. To confirm the connection, click Connect.

Connecting to IBM Cloud Event Notifications

A success message is displayed to indicate that Security and Compliance Center is now connected to Event Notifications. If you need to disconnect from Event Notifications later, you can use the options menu > Disconnect to remove the Security and Compliance Center as a source service in the Event Notifications instance.

Step 3: Verify the Security and Compliance Center source in IBM Cloud Event Notifications

1. Click the menu icon > Resource list.

2. Open Services and software.

3. Open the IBM Cloud Event Notifications instance you created.

4. Click Sources.

When you connect to Event Notifications in the Security and Compliance Center UI, a source is automatically added to your IBM Cloud Event Notifications Sources list.

SCC as a Source

Step 4: Create an IBM Cloud Event Notifications Destination

In this step you will make sure that an webhook destination exists where notifications will be forwarded.

  1. Click Destinations.
  2. Add a webhook as a destination, you would click Add and provide the generic webhook trigger URL from the CD Tekton pipeline trigger configuration.
CD Tekton Webhook Trigger URL

Step 5: Create an IBM Cloud Event Notifications topic

Next you will define an IBM Cloud Event Notifications topic that will receive an event from Security and Compliance Center.

1. Click Topics.

2. Click Create. The Topic details panel opens.

3. In the Topic details enter the following:

  • Enter the Name for your topic. For example, VulnerabilityScan.
  • For Source select the IBM Cloud Event Notifications source, which is the Security and Compliance Center.
  • Select an Event Type. For this tutorial select Vulnerability Advisor.
  • Select an Event subtype. For this tutorial select Vulnerabilities found in container images.
  • Select a Severity. For this tutorial select High Severity.

4. Click Add a condition. (If you do not click Add a condition before you click Create, the topic will be created with no conditions associated with it.)

5. Click Create. Your topic will be displayed in the Topics list.

Note: Click Add a condition without selecting any Event Type to send the test event from Security and Compliance Center.

Create a topic

Step 6: Create an IBM Cloud Event Notifications Webhook Subscription

In this step you will configure webhook subscription.

  1. Click Subscriptions.
  2. Click Create. The Create a subscription panel opens.
  3. In the Create a subscription panel enter the following:
  • Enter the Name for your subscription. For example, VulnerabilityAdvisor.
  • For Topic select the topic you created. For example, VulnerabilityScan.
  • For Destination select IBM Cloud Webhook service.

4. Click Create. Your subscription will be added to the Subscriptions list.

Create a Subscription

Step 7: Sending a test event to Event Notifications from the UI

After you enable notifications for Security and Compliance Center, test your connection to ensure that the events that are generated by Security and Compliance Center are being forwarded to Event Notifications.

  1. In the Security and Compliance Center UI, click Global settings.
  2. In the Event Notifications section, click Send test event.

A success message is displayed to indicate that the test event was forwarded successfully to Event Notifications.

When an event of interest takes place in the Security and Compliance Center, you should see the service communicates with a connected Event Notifications instance to trigger the CD Tekton pipelines.

PipelineRun

Cheers! For setting up webhooks, check out the Event Notifications documentation.

Automation
Security
Cloud
Continuous Delivery
IBM

--

--

Pradeep Gopalgowda
DevOps.dev
Follow

Written by Pradeep Gopalgowda

35 Followers

DevSecOps Engineer

Follow

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams