Merge branch 'mobsfcan' into 'main' (2f2277df) · Commits · to be continuous... / DefectDojo

README.md

+2 −1

Original line number	Diff line number	Diff line
		@@ -92,7 +92,8 @@ Depending on the security tools you launch, and their configuration, you may hav
		\| `dc-reports` / `DEFECTDOJO_DC_REPORTS` \| path to Dependency Check XML reports (Maven template) \| `dependency-check*.xml` \|
		\| `gitleaks-reports` / `DEFECTDOJO_GITLEAKS_REPORTS` \| path to Gitleaks JSON reports \| `gitleaks/gitleaks-report.json reports/gitleaks.native.json` \|
		\| `hadolint-reports` / `DEFECTDOJO_HADOLINT_REPORTS` \| path to Hadolint JSON reports \| `hadolint-json-.json reports/docker-hadolint-.native.json` \|
		\| `mobsf-reports` / `DEFECTDOJO_MOBSF_REPORTS` \| path to MobSF JSON reports \| `mobsf*.json` \|
		\| `mobsf-reports` / `DEFECTDOJO_MOBSF_REPORTS` \| path to MobSF JSON reports \| `mobsf*.json reports/mobsf-pkg.native.json` \|
		\| `mobsfscan-reports` / `DEFECTDOJO_MOBSFSCAN_REPORTS` \| path to MobSF scan JSON reports \| `reports/mobsf-code.native.json` \|
		\| `nodejsscan-reports` / `DEFECTDOJO_NODEJSSCAN_REPORTS` \| path to NodeJSScan SARIF reports \| `nodejsscan-report-sarif.json` \|
		\| `npmaudit-reports` / `DEFECTDOJO_NPMAUDIT_REPORTS` \| path to NPM Audit JSON reports \| `npm-audit.json reports/npm-audit.json` \|
		\| `semgrep-reports` / `DEFECTDOJO_SEMGREP_REPORTS` \| Path to Semgrep reports \| `reports/semgrep.native.json` \|

kicker.json

+7 −1

Original line number	Diff line number	Diff line
		@@ -83,7 +83,13 @@
		{
		"name": "DEFECTDOJO_MOBSF_REPORTS",
		"description": "Path to MobSF reports",
		"default": "mobsf*.json",
		"default": "mobsf*.json reports/mobsf-pkg.native.json",
		"advanced": true
		},
		{
		"name": "DEFECTDOJO_MOBSFSCAN_REPORTS",
		"description": "Path to MobSF scan reports",
		"default": "reports/mobsf-code.native.json",
		"advanced": true
		},
		{

templates/gitlab-ci-defectdojo.yml

+26 −1

Original line number	Diff line number	Diff line
		@@ -40,7 +40,10 @@ spec:
		default: hadolint-json-.json reports/docker-hadolint-.native.json
		mobsf-reports:
		description: Path to MobSF reports
		default: mobsf*.json
		default: mobsf*.json reports/mobsf-pkg.native.json
		mobsfscan-reports:
		description: Path to MobSF reports
		default: reports/mobsf-code.native.json
		nodejsscan-reports:
		description: Path to NodeJSScan reports
		default: nodejsscan-report-sarif.json
		@@ -119,6 +122,7 @@ variables:
		DEFECTDOJO_TRIVY_REPORTS: $[[ inputs.trivy-reports ]]
		DEFECTDOJO_HADOLINT_REPORTS: $[[ inputs.hadolint-reports ]]
		DEFECTDOJO_MOBSF_REPORTS: $[[ inputs.mobsf-reports ]]
		DEFECTDOJO_MOBSFSCAN_REPORTS: $[[ inputs.mobsfscan-reports ]]
		DEFECTDOJO_SEMGREP_REPORTS: $[[ inputs.semgrep-reports ]]
		SEMGREP_TEMPLATE: $[[ inputs.semgrep-template ]]
		DEFECTDOJO_TESTSSL_REPORTS: $[[ inputs.testssl-reports ]]
		@@ -364,6 +368,17 @@ variables:
		fi
		done

		# template: mobsfscan
		mobsfscan_nb_reports=0
		for file in ${DEFECTDOJO_MOBSFSCAN_REPORTS}
		do
		if [[ $(expr "$file" : '.\.*') == 0 ]] && [[ -f "$file" ]]; then
		log_info "mobsf report found: $file"
		mobsfscan_nb_reports=$((mobsfscan_nb_reports + 1))
		nb_reports=$((nb_reports + 1))
		fi
		done

		# TestSSL
		# template: testssl
		testssl_nb_reports=0
		@@ -509,6 +524,16 @@ variables:
		fi
		done
		fi
		if [ "$mobsfscan_nb_reports" -gt 0 ]; then
		mobsf_tpl_version=$(get_tpl_version_in_use "to-be-continuous/mobsf")
		log_info "MobSF template version: $mobsf_tpl_version"
		for file in ${DEFECTDOJO_MOBSFSCAN_REPORTS}
		do
		if [[ $(expr "$file" : '.\.*') == 0 ]] && [[ -f "$file" ]]; then
		import_scan "$file" "Mobsfscan Scan" "$engagement_id" "to-be-continuous/mobsf ${mobsf_tpl_version}"
		fi
		done
		fi
		if [ "$testssl_nb_reports" -gt 0 ]; then
		testssl_tpl_version=$(get_tpl_version_in_use "to-be-continuous/testssl")
		log_info "TestSSL template version: $testssl_tpl_version"

Original line number	Diff line number	Diff line
		@@ -92,7 +92,8 @@ Depending on the security tools you launch, and their configuration, you may hav
		\| `dc-reports` / `DEFECTDOJO_DC_REPORTS` \| path to Dependency Check XML reports (Maven template) \| `dependency-check*.xml` \|
		\| `gitleaks-reports` / `DEFECTDOJO_GITLEAKS_REPORTS` \| path to Gitleaks JSON reports \| `gitleaks/gitleaks-report.json reports/gitleaks.native.json` \|
		\| `hadolint-reports` / `DEFECTDOJO_HADOLINT_REPORTS` \| path to Hadolint JSON reports \| `hadolint-json-.json reports/docker-hadolint-.native.json` \|
		\| `mobsf-reports` / `DEFECTDOJO_MOBSF_REPORTS` \| path to MobSF JSON reports \| `mobsf*.json` \|
		\| `mobsf-reports` / `DEFECTDOJO_MOBSF_REPORTS` \| path to MobSF JSON reports \| `mobsf*.json reports/mobsf-pkg.native.json` \|
		\| `mobsfscan-reports` / `DEFECTDOJO_MOBSFSCAN_REPORTS` \| path to MobSF scan JSON reports \| `reports/mobsf-code.native.json` \|
		\| `nodejsscan-reports` / `DEFECTDOJO_NODEJSSCAN_REPORTS` \| path to NodeJSScan SARIF reports \| `nodejsscan-report-sarif.json` \|
		\| `npmaudit-reports` / `DEFECTDOJO_NPMAUDIT_REPORTS` \| path to NPM Audit JSON reports \| `npm-audit.json reports/npm-audit.json` \|
		\| `semgrep-reports` / `DEFECTDOJO_SEMGREP_REPORTS` \| Path to Semgrep reports \| `reports/semgrep.native.json` \|