DefectDojo is a security tool that automates application security vulnerability management. DefectDojo streamlines the application security testing process by offering features such as importing third party security findings, merging and de-duping, integration with Jira, templating, report generation and security metrics.

DefectDojo supports Meterian security findings in the JSON format. Generate one by adding the following parameter to the Meterian client: --report-json=/tmp/report.json

Once generated, reports can be imported as Engagements Findings to any of your Products: from the Product overview menu click on Findings and select "Import Scan Results"

Or alternatively for existing Engagements, from the Tests tab menu select "Import Scan Results"

Furthermore, imports could also happen through the dedicated DefectDojo APIs. We provide a convenience script for automating the import process which is a direct implementation of these APIs and can be integrated as part of you CI/CD pipeline. Read on for a usage guide.