Merge branch '20-adapt-to-report-normalization' into 'main' (0288ffd1) · Commits · to be continuous... / DefectDojo

README.md

+3 −3

Original line number	Diff line number	Diff line
		@@ -63,15 +63,15 @@ Depending on the security tools you launch, and their configuration, you may hav

		\| Name \| description \| default value \|
		\| ------------------------------ \| ---------------------------------------- \| ----------------------------------------- \|
		\| `DEFECTDOJO_BANDIT_REPORTS` \| path to Bandit JSON reports \| `*/bandit.json` \|
		\| `DEFECTDOJO_BANDIT_REPORTS` \| path to Bandit JSON reports \| `*/bandit.json reports/py-bandit.bandit.json` \|
		\| `DEFECTDOJO_DC_GRADLE_REPORTS` \| path to Dependency Check XML reports (Gradle template) \| `*/dependency-check.xml` \|
		\| `DEFECTDOJO_DC_REPORTS` \| path to Dependency Check XML reports (Maven template) \| `*/dependency-check.xml` \|
		\| `DEFECTDOJO_GITLEAKS_REPORTS` \| path to Gitleaks JSON reports \| `**/gitleaks-report.json` \|
		\| `DEFECTDOJO_HADOLINT_REPORTS` \| path to Hadolint JSON reports \| `*/hadolint-json-.json` \|
		\| `DEFECTDOJO_HADOLINT_REPORTS` \| path to Hadolint JSON reports \| `*/hadolint-json-.json reports/docker-hadolint-*.native.json` \|
		\| `DEFECTDOJO_MOBSF_REPORTS` \| path to MobSF JSON reports \| `*/mobsf.json` \|
		\| `DEFECTDOJO_NODEJSSCAN_REPORTS` \| path to NodeJSScan SARIF reports \| `**/nodejsscan-report-sarif.json` \|
		\| `DEFECTDOJO_NPMAUDIT_REPORTS` \| path to NPM Audit JSON reports \| `*/npm-audit.json` \|
		\| `DEFECTDOJO_TRIVY_REPORTS` \| path to Trivy JSON reports \| `trivy/*.json` \|
		\| `DEFECTDOJO_TRIVY_REPORTS` \| path to Trivy JSON reports \| `trivy/.json /trivy-.json reports/docker-trivy-*.native.json reports/py-trivy.trivy.json` \|
		\| `DEFECTDOJO_SONARQUBE_APPLICATION` \| your application name in Sonar \| ex: project-name \|
		\| `DEFECTDOJO_SONARQUBE_PROJECT_KEY` \| your project key in Sonar (be careful, the project key might be distinct from project-dir-project-name, sometimes Sonar adds a suffix) \| ex: project-dir-project-name or project-dir-project-name__AXjLJ76cpGZrj3BUYg10 \|
		\| `DEFECTDOJO_SONARQUBE_SINCELEAKPERIOD` \| determines if delta analysis is activated \| false \|

kicker.json

+2 −2

Original line number	Diff line number	Diff line
		@@ -58,7 +58,7 @@
		{
		"name": "DEFECTDOJO_HADOLINT_REPORTS",
		"description": "Path to Hadolint reports",
		"default": "*/hadolint-json-.json",
		"default": "*/hadolint-json-.json reports/docker-hadolint-*.native.json",
		"advanced": true
		},
		{
		@@ -82,7 +82,7 @@
		{
		"name": "DEFECTDOJO_TRIVY_REPORTS",
		"description": "Path to Trivy reports",
		"default": "trivy/*.json",
		"default": "trivy/.json /trivy-.json reports/docker-trivy-*.native.json reports/py-trivy.trivy.json",
		"advanced": true
		},
		{

templates/gitlab-ci-defectdojo.yml

+3 −3

Original line number	Diff line number	Diff line
		@@ -11,14 +11,14 @@ variables:
		TBC_TRACKING_IMAGE: "$CI_REGISTRY/to-be-continuous/tools/tracking:master"

		DEFECTDOJO_DIR: "."
		DEFECTDOJO_BANDIT_REPORTS: "*/bandit.json"
		DEFECTDOJO_BANDIT_REPORTS: "*/bandit.json **/reports/py-bandit.bandit.json"
		DEFECTDOJO_GITLEAKS_REPORTS: "**/gitleaks-report.json"
		DEFECTDOJO_NODEJSSCAN_REPORTS: "**/nodejsscan-report-sarif.json"
		DEFECTDOJO_NPMAUDIT_REPORTS: "*/npm-audit.json"
		DEFECTDOJO_DC_REPORTS: "*/dependency-check.xml"
		DEFECTDOJO_DC_GRADLE_REPORTS: "*/dependency-check.xml"
		DEFECTDOJO_TRIVY_REPORTS: "trivy/.json /trivy-.json"
		DEFECTDOJO_HADOLINT_REPORTS: "*/hadolint-json-.json"
		DEFECTDOJO_TRIVY_REPORTS: "trivy/.json /trivy-.json */reports/docker-trivy-.native.json **/reports/py-trivy.trivy.json"
		DEFECTDOJO_HADOLINT_REPORTS: "*/hadolint-json-.json */reports/docker-hadolint-.native.json"
		DEFECTDOJO_MOBSF_REPORTS: "*/mobsf.json"
		DEFECTDOJO_SONARQUBE_SINCELEAKPERIOD: "false"
		DEFECTDOJO_SONARQUBE_NOSECURITYHOTSPOT: "true"

Original line number	Diff line number	Diff line
		@@ -63,15 +63,15 @@ Depending on the security tools you launch, and their configuration, you may hav

		\| Name \| description \| default value \|
		\| ------------------------------ \| ---------------------------------------- \| ----------------------------------------- \|
		\| `DEFECTDOJO_BANDIT_REPORTS` \| path to Bandit JSON reports \| `*/bandit.json` \|
		\| `DEFECTDOJO_BANDIT_REPORTS` \| path to Bandit JSON reports \| `*/bandit.json reports/py-bandit.bandit.json` \|
		\| `DEFECTDOJO_DC_GRADLE_REPORTS` \| path to Dependency Check XML reports (Gradle template) \| `*/dependency-check.xml` \|
		\| `DEFECTDOJO_DC_REPORTS` \| path to Dependency Check XML reports (Maven template) \| `*/dependency-check.xml` \|
		\| `DEFECTDOJO_GITLEAKS_REPORTS` \| path to Gitleaks JSON reports \| `**/gitleaks-report.json` \|
		\| `DEFECTDOJO_HADOLINT_REPORTS` \| path to Hadolint JSON reports \| `*/hadolint-json-.json` \|
		\| `DEFECTDOJO_HADOLINT_REPORTS` \| path to Hadolint JSON reports \| `*/hadolint-json-.json reports/docker-hadolint-*.native.json` \|
		\| `DEFECTDOJO_MOBSF_REPORTS` \| path to MobSF JSON reports \| `*/mobsf.json` \|
		\| `DEFECTDOJO_NODEJSSCAN_REPORTS` \| path to NodeJSScan SARIF reports \| `**/nodejsscan-report-sarif.json` \|
		\| `DEFECTDOJO_NPMAUDIT_REPORTS` \| path to NPM Audit JSON reports \| `*/npm-audit.json` \|
		\| `DEFECTDOJO_TRIVY_REPORTS` \| path to Trivy JSON reports \| `trivy/*.json` \|
		\| `DEFECTDOJO_TRIVY_REPORTS` \| path to Trivy JSON reports \| `trivy/.json /trivy-.json reports/docker-trivy-*.native.json reports/py-trivy.trivy.json` \|
		\| `DEFECTDOJO_SONARQUBE_APPLICATION` \| your application name in Sonar \| ex: project-name \|
		\| `DEFECTDOJO_SONARQUBE_PROJECT_KEY` \| your project key in Sonar (be careful, the project key might be distinct from project-dir-project-name, sometimes Sonar adds a suffix) \| ex: project-dir-project-name or project-dir-project-name__AXjLJ76cpGZrj3BUYg10 \|
		\| `DEFECTDOJO_SONARQUBE_SINCELEAKPERIOD` \| determines if delta analysis is activated \| false \|