Commit 3da4eaa5 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch '15-find-a-way-to-link-each-finding-to-the-related-component' into 'main' 

Resolve "Find a way to link each finding to the related component"

Closes #15

See merge request to-be-continuous/defectdojo!21
parents f07936e1 6eaa3a21

templates/gitlab-ci-defectdojo.yml

+16 −2
Original line number Diff line number Diff line
@@ -395,7 +395,14 @@ variables: 
        for file in ${DEFECTDOJO_TRIVY_REPORTS}

        do

          if [[ $(expr "$file" : '.*\*.*') == 0 ]] && [[ -f "$file" ]]; then

            import_scan "$file" "Trivy Scan" "$engagement_id" "to-be-continuous/docker ${docker_tpl_version}"

            artifact_type=$(jq -r ".ArtifactType" "${file}")

            artifact_name=$(jq -r ".ArtifactName" "${file}")

            if [ "${artifact_type}" == "container_image" ]; then

              service="${artifact_name}"

            else

              service=""

            fi

            import_scan "$file" "Trivy Scan" "$engagement_id" "to-be-continuous/docker ${docker_tpl_version}" "${service}"

          fi

        done

      fi
@@ -455,6 +462,13 @@ variables: 
    _scan_date=${_today}

    _scan_time=${_current_time}



    if [[ -z "$5" ]]; then

      _service=""

    else

      _service="$5"

    fi





    # get test_type id

    curl -L "${DEFECTDOJO_SERVER_URL}/api/v2/test_types/?limit=200" --header "Content-Type: application/json" --header "Authorization: Token $DEFECTDOJO_API_KEY" --verbose 1> api_test_type.json

    dd_test_type_pk=$(jq '.results[] | select(.name == "'"${_type}"'") | .id' api_test_type.json)
@@ -462,7 +476,7 @@ variables: 


    # post request to import scan

    log_info "try to import scan ${_file} ${_scan_date} ${_type}"

    curl -LX POST "${DEFECTDOJO_SERVER_URL}/api/v2/import-scan/" -H "Content-Type: multipart/form-data" -H "Authorization: Token $DEFECTDOJO_API_KEY" -F file=@"${_file}" -F scan_date="${_scan_date}" -F scan_type="${_type}" -F engagement="${_engagement_id}" -F close_old_findings="true" --verbose 1> test.txt

    curl -LX POST "${DEFECTDOJO_SERVER_URL}/api/v2/import-scan/" -H "Content-Type: multipart/form-data" -H "Authorization: Token $DEFECTDOJO_API_KEY" -F file=@"${_file}" -F scan_date="${_scan_date}" -F scan_type="${_type}" -F engagement="${_engagement_id}" -F close_old_findings="true" -F service="${_service}" --verbose 1> test.txt

    test_pk=$(jq ".test" test.txt)

    log_info "test_pk: ${test_pk}"

    if [[ -z "${test_pk}" ]]; then