DefectDojo Integration

[catalinvr]

Is your feature request related to a problem? Please describe.
Hi team,

Once a scan is done the result is published in DefectDojo.
In case that the product is not set the the result can be found only in ELK.

Thank you,

Describe the solution you'd like
Use one ENV vars that allows SecureCodeBox t create automatically the product in case that that doesn't exists.

Describe alternatives you've considered
Create a default project to send all findings.

[J12934]

Hi 👋
Automatically creating a Product if it doesn't already exists sounds like a good idea.

What I don't really get is how that relates to the Problem you were describing above that, thoght. @catalinvr can you give a few more details what exactly the problem is?

[catalinvr]

By default, ELK is used as persistence storage for task results.

In case that a product will be created automatically in Dojo, it will be nice to be able to stop that feature using an env var.

[J12934]

By default, ELK is used as persistence storage for task results.

In case that a product will be created automatically in Dojo, it will be nice to be able to stop that feature using an env var.

You can already turn off the ElasticSearch Persistence Provider using an env var (SECURECODEBOX_PERSISTENCE_ELASTICSEARCH_ENABLED=false) see https://www.securecodebox.io/persistence-provider/defectDojo

[catalinvr]

Yes, I know that. I just want to have the same method when a product will be created on DefectDojo.

[rseedorff]

@catalinvr do you mean something like SECURECODEBOX_PERSISTENCE_DEFECTDOJO_ENABLED=true (already exists) or regarding the product creation like SECURECODEBOX_PERSISTENCE_DEFECTDOJO_INIT_PRODUCT=true?

[catalinvr]

Hi @rseedorff

Yes, like SECURECODEBOX_PERSISTENCE_DEFECTDOJO_INIT_PRODUCT=true

Thank you

[rseedorff]

Thx for your quick response!
Sounds valid, we are on it 👍🏻