Uploading from a CI

We provide a simple convenience script for ad hoc scan imports to DefectDojo. It can be downloaded from here.

Prerequisites

Environment variables to export

The script uses required configurable environment variables matching information specific to the DefectDojo instance being used. Please ensure these are set correctly for error-free usage:

# DefectDojo API key found in the user settings
$ export DEFECTDOJO_API_TOKEN="352e9859215b35dd2xxx"
‚Äč
# Your installation-specific DefectDojo API base url
$ export DEFECTDOJO_BASE_URL="https://my.defectdojo.xyz/"

Usage

Assuming you have a working installation of DefectDojo on your system and Python3 installed, if you haven't already, create a Product on DefectDojo with the name matching exactly the name of the project that will be scanned with the Meterian client.

From the project folder, launch the Meterian scan and produce a JSON report (the following example uses Meterian's dockerized client)

$ meterian-docker --report-json=/your/path/to/report.json

Then upload the findings to DefectDojo using our convenience script providing the path of the report to import as a parameter

$ python3 ad-hoc-import.py /your/path/to/report.json

If successful, the script will display a similar output

Uploading findings to Defect Dojo
Fetching for product matching project name: My First Product
Found product (ID: 3)
Created new AdHoc import engagement (ID: 24)
Imported findigs to test (ID: 22)

After successful execution, a new Engagement will be created on the fly and the results of the recent Meterian analysis will be imported as a Meterian Scan Test to it.