Merge branch 'feature/defectdojo_zap' into 'main'

| `DEFECTDOJO_NODEJSSCAN_REPORTS`          | path to NodeJSScan SARIF reports                                                                                                       | `nodejsscan-report-sarif.json`                        |

| `DEFECTDOJO_NPMAUDIT_REPORTS`            | path to NPM Audit JSON reports                                                                                                         | `npm-audit*.json`                        |

| `DEFECTDOJO_TESTSSL_REPORTS`             | path to TestSSL CSV reports                                                                                                            | `reports/testssl.native.csv`                        |

| `DEFECTDOJO_ZAP_REPORTS`               | path to Zap xml reports                                                                                                             | `reports/zap.native.xml`            |

| `ZAP_TPL_PROJECT`        | path to Zap template (if any) | _none_ | 

| `DEFECTDOJO_TRIVY_REPORTS`               | path to Trivy JSON reports                                                                                                             | `trivy/*.json trivy-*.json reports/docker-trivy-*.native.json reports/py-trivy.trivy.json`             |

| `DEFECTDOJO_SONARQUBE_APPLICATION`       | your application name in Sonar                                                                                                         | ex: project-name                         |

| `DEFECTDOJO_SONARQUBE_PROJECT_KEY`       | your project key in Sonar (be careful, the project key might be distinct from project-dir-project-name, sometimes Sonar adds a suffix) | ex: project-dir-project-name or        project-dir-project-name__AXjLJ76cpGZrj3BUYg10                 |

- SonarQube 

- TestSSL

- Trivy

- Zap

## SonarQube specific case

      "default": "trivy/*.json trivy-*.json reports/docker-trivy-*.native.json reports/py-trivy.trivy.json",

      "advanced": true

    },

    {

      "name": "DEFECTDOJO_ZAP_REPORTS",

      "description": "Path to Zap reports",

      "default": "reports/zap.native.xml",

      "advanced": true

    },

    {

      "name": "ZAP_TPL_PROJECT",

      "description": "Path to Zap template",

      "advanced": true

    },

    {

      "name": "DEFECTDOJO_SONARQUBE_SINCELEAKPERIOD",

      "description": "Determines if delta analysis is activated for SonarQube export",

  # default production ref name (pattern)

  PROD_REF: '/^(master|main)$/'

  DEFECTDOJO_NOPROD_ENABLED: "false"

  DEFECTDOJO_ZAP_REPORTS: "reports/zap.native.xml"

###############################################################################################

    init_vulns=$(jq ".results[] | .id" api_init_findings.json)

    nb_reports=0

    # ZAP 

    zap_nb_reports=0

    for file in ${DEFECTDOJO_ZAP_REPORTS}

    do

      if [[ $(expr "$file" : '.*\*.*') == 0 ]] && [[ -f "$file" ]]; then

        log_info "zap report found: $file"

        zap_nb_reports=$((zap_nb_reports + 1))

        nb_reports=$((nb_reports + 1))

      fi

    done

    # Bandit 

    # template: python

    bandit_nb_reports=0

          fi

        done

      fi

      if [ "$zap_nb_reports" -gt 0 ]; then

        zap_tpl_version=$(get_tpl_version_in_use "$ZAP_TPL_PROJECT")

        log_info "zap template version: $zap_tpl_version"

        for file in ${DEFECTDOJO_ZAP_REPORTS}

        do

          if [[ $(expr "$file" : '.*\*.*') == 0 ]] && [[ -f "$file" ]]; then

            import_scan "$file" "ZAP Scan" "$engagement_id" "$ZAP_TPL_PROJECT ${zap_tpl_version}"

          fi

        done

      fi

      # Close the engagement

      curl -L -X POST "${DEFECTDOJO_SERVER_URL}/api/v2/engagements/$engagement_id/close/" --header "Authorization: Token $DEFECTDOJO_API_KEY" -d ''