Categorygithub.com/tylerrasor/defectdojo-resource
module
0.0.1
Repository: https://github.com/tylerrasor/defectdojo-resource.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
0
Dependents
0
Files
0

# README

Defectdojo Resource

Gives a way to push reports to defectdojo. For right now, check and in will be noops.

Future state? In can be used to get the security posture of a given application and build maybe? A way to "quality-gate" based on aggregated security scans.

Source Configuration

ParameterTypeRequiredDefaultDescription
defectdojo_urlURLyesThe path of the hosted instance of defectdojo.
api_keystringyesGenerated API key (for username) to interact with defectdojo, see here.
product_namestringyesName of the product (application) in defectdojo that we want to interact with.
create_product_if_not_existboolnofalseDo not error when product_name does not exist, instead create the product profile.
product_typestringno**Required when create_product_if_not_exist set. The name of the product_type to associate the created product with.
debugboolnofalseEnable debug logging.

Example

resource_types:
- name: defectdojo-resource
  type: registry-image
  source:
    repository: tylerrasor/defectdojo-resource
    tag: latest

resources:
- name: defectdojo
  type: defectdojo-resource
  source:
    defectdojo_url: https://path-to-your-hosted-instance.io
    api_key: ((from-a-secret-manager-probably))
    app_name: "myApp"

jobs:
- name: scan-and-report
  plan:
  - task: do-the-scan
    config:
      platform: linux
      image_resource:
        type: registry_image
        source: { repository: alpine }
      output:
      - name: reports
      run:
        path: sh
        args:
          - |
            echo "do some cool scan" > reports.txt
  - put: defectdojo
    params:
      report_type: demo-scan
      path_to_report: reports/report.txt

Behavior

out

Pushes a report of a given type to Defectdojo for the specified application.

Parameters

ParameterTypeRequiredDefaultDescription
report_typestringyesThe type of report you're trying to upload. The format of this string must match the internal scan type strings that defectdojo is using, found here.
path_to_reportstringyesFile path (passed in from previous task) to the report you're trying to upload.
close_engagementboolnofalseShould the enegagement be closed after report upload.

# Packages

No description provided by the author
No description provided by the author