Uploading from a CI
The script uses required configurable environment variables matching information specific to the DefectDojo instance being used. Please ensure these are set correctly for error-free usage:
# DefectDojo API key found in the user settings
$ export DEFECTDOJO_API_TOKEN="352e9859215b35dd2xxx"
# Your installation-specific DefectDojo API base url
$ export DEFECTDOJO_BASE_URL="https://my.defectdojo.xyz/"
Assuming you have a working installation of DefectDojo on your system and Python3 installed, if you haven't already, create a Product on DefectDojo with the name matching exactly the name of the project that will be scanned with the Meterian client.
$ meterian-docker --report-json=/your/path/to/report.json
Then upload the findings to DefectDojo using our convenience script providing the path of the report to import as a parameter
$ python3 ad-hoc-import.py /your/path/to/report.json
If successful, the script will display a similar output
Uploading findings to Defect Dojo
Fetching for product matching project name: My First Product
Found product (ID: 3)
Created new AdHoc import engagement (ID: 24)
Imported findigs to test (ID: 22)
After successful execution, a new Engagement will be created on the fly and the results of the recent Meterian analysis will be imported as a Meterian Scan Test to it.