We provide a simple convenience script for ad hoc scan imports to DefectDojo. It can be downloaded from here.
the requests library
The script uses required configurable environment variables matching information specific to the DefectDojo instance being used. Please ensure these are set correctly for error-free usage:
# DefectDojo API key found in the user settings$ export DEFECTDOJO_API_TOKEN="352e9859215b35dd2xxx"# Your installation-specific DefectDojo API base url$ export DEFECTDOJO_BASE_URL="https://my.defectdojo.xyz/"
Assuming you have a working installation of DefectDojo on your system and Python3 installed, if you haven't already, create a Product on DefectDojo with the name matching exactly the name of the project that will be scanned with the Meterian client.
From the project folder, launch the Meterian scan and produce a JSON report (the following example uses Meterian's dockerized client)
$ meterian-docker --report-json=/your/path/to/report.json
Then upload the findings to DefectDojo using our convenience script providing the path of the report to import as a parameter
$ python3 ad-hoc-import.py /your/path/to/report.json
If successful, the script will display a similar output
Uploading findings to Defect DojoFetching for product matching project name: My First ProductFound product (ID: 3)Created new AdHoc import engagement (ID: 24)Imported findigs to test (ID: 22)
After successful execution, a new Engagement will be created on the fly and the results of the recent Meterian analysis will be imported as a Meterian Scan Test to it.