doc: fix variable names in readme and kicker (4ed7262c) · Commits · to be continuous... / DefectDojo

README.md

+19 −11

Original line number	Diff line number	Diff line
		@@ -62,19 +62,25 @@ It is bound to the `.post` stage, and uses the following variables:
		Depending on the security tools you launch, and their configuration, you may have to redefine some of the following variables in your `gitlab-ci.yml`:

		\| Name \| description \| default value \|
		\| ----------------------------- \| ---------------------------------------- \| ----------------------------------------- \|
		\| `DEFECTDOJO_BANDIT_REPORT` \| path to Bandit JSON report fil \| bandit-report.json \|
		\| `DEFECTDOJO_DC_GRADLE_REPORT` \| path to Dependency Check XML report file (Gradle template) \| build/reports/dependency-check-report.xml \|
		\| `DEFECTDOJO_DC_REPORT` \| path to Dependency Check XML report file (Maven template) \| target/dependency-check-report.xml \|
		\| `DEFECTDOJO_GITLEAKS_REPORT` \| path to Gitleaks JSON report file \| gitleaks/gitleaks-report.json \|
		\| `DEFECTDOJO_NPMAUDIT_REPORT` \| path to NPM Audit JSON report file \| reports/npm-audit-report.json \|
		\| `DEFECTDOJO_SAFETY_REPORT` \| path to Safety JSON report file \| safetyreport.json \|
		\| `DEFECTDOJO_TRIVY_REPORTS_DIRECTORY` \| directory to Trivy report(s) \| trivy/ \|
		\| ------------------------------ \| ---------------------------------------- \| ----------------------------------------- \|
		\| `DEFECTDOJO_BANDIT_REPORTS` \| path to Bandit JSON reports \| `*/bandit.json` \|
		\| `DEFECTDOJO_DC_GRADLE_REPORTS` \| path to Dependency Check XML reports (Gradle template) \| `*/dependency-check.xml` \|
		\| `DEFECTDOJO_DC_REPORTS` \| path to Dependency Check XML reports (Maven template) \| `*/dependency-check.xml` \|
		\| `DEFECTDOJO_GITLEAKS_REPORTS` \| path to Gitleaks JSON reports \| `**/gitleaks-report.json` \|
		\| `DEFECTDOJO_HADOLINT_REPORTS` \| path to Hadolint JSON reports \| `*/hadolint-json-.json` \|
		\| `DEFECTDOJO_MOBSF_REPORTS` \| path to MobSF JSON reports \| `*/mobsf.json` \|
		\| `DEFECTDOJO_NODEJSSCAN_REPORTS` \| path to NodeJSScan SARIF reports \| `**/nodejsscan-report-sarif.json` \|
		\| `DEFECTDOJO_NPMAUDIT_REPORTS` \| path to NPM Audit JSON reports \| `*/npm-audit.json` \|
		\| `DEFECTDOJO_TRIVY_REPORTS` \| path to Trivy JSON reports \| `trivy/*.json` \|
		\| `DEFECTDOJO_SONARQUBE_APPLICATION` \| your application name in Sonar \| ex: project-name \|
		\| `DEFECTDOJO_SONARQUBE_PROJECT_KEY` \| your project key in Sonar (be careful, the project key might be distinct from project-dir-project-name, sometimes Sonar adds a suffix) \| ex: project-dir-project-name or project-dir-project-name__AXjLJ76cpGZrj3BUYg10 \|
		\| `DEFECTDOJO_SONARQUBE_SINCELEAKPERIOD` \| determines if delta analysis is activated \| false \|
		\| `DEFECTDOJO_SONARQUBE_NOSECURITYHOTSPOT` \| if true, disable hotspots processing \| true \|
		\| `DEFECTDOJO_SONARQUBE_ALLBUGS ` \| true if all bugs are returned, false if only vulnerabilities are returned \| false \|
		\| `DEFECTDOJO_BASE_IMAGE` \| Alpine base image \| node:alpine3.11 \|
		\| `DEFECTDOJO_NOTIFICATION` \| send email or not for some severities \| true \|
		\| `DEFECTDOJO_NOTIFICATION_SEVERITIES` \| list of (comma separated) severities to be notified on \| Critical,High \|
		\| `DEFECTDOJO_TIMEZONE` \| timezone used for naming engagements and setting engagements start and end \| `Europe/Paris` \|
		\| `DEFECTDOJO_NOPROD_ENABLED` \| determines if defectdojo job is launched on non production branches \| false \|


		## First connection to DefectDojo
		@@ -93,8 +99,10 @@ For now, the current template allows to import reports from the following tools:
		- Bandit
		- Dependency Check
		- Gitleaks
		- Hadolint
		- MobSF
		- NodeJSScan
		- NPM Audit
		- Safety
		- SonarQube
		- Trivy

kicker.json

+36 −12

Original line number	Diff line number	Diff line
		@@ -44,27 +44,51 @@
		"advanced": true
		},
		{
		"name": "DEFECTDOJO_DC_REPORT",
		"description": "Path to Dependency Check report",
		"default": "target/dependency-check-report.xml",
		"name": "DEFECTDOJO_DC_REPORTS",
		"description": "Path to Dependency Check reports",
		"default": "*/dependency-check.xml",
		"advanced": true
		},
		{
		"name": "DEFECTDOJO_DC_GRADLE_REPORT",
		"description": "Path to Dependency Check report from Gradle template",
		"default": "build/reports/dependency-check-report.xml",
		"name": "DEFECTDOJO_DC_GRADLE_REPORTS",
		"description": "Path to Dependency Check reports from Gradle template",
		"default": "*/dependency-check.xml",
		"advanced": true
		},
		{
		"name": "DEFECTDOJO_TRIVY_REPORTS_DIRECTORY",
		"description": "Path to Trivy reports",
		"default": "trivy/",
		"name": "DEFECTDOJO_GITLEAKS_REPORTS",
		"description": "Path to Gitleaks reports",
		"default": "**/gitleaks-report.json",
		"advanced": true
		},
		{
		"name": "DEFECTDOJO_HADOLINT_REPORTS",
		"description": "Path to Hadolint reports",
		"default": "*/hadolint-json-.json",
		"advanced": true
		},
		{
		"name": "DEFECTDOJO_MOBSF_REPORTS",
		"description": "Path to MobSF reports",
		"default": "*/mobsf.json",
		"advanced": true
		},
		{
		"name": "DEFECTDOJO_MOBSF_REPORT",
		"description": "Path to MobSF report",
		"default": "reports/mobsf-report.json",
		"name": "DEFECTDOJO_NODEJSSCAN_REPORTS",
		"description": "Path to NodeJSScan reports",
		"default": "**/nodejsscan-report-sarif.json",
		"advanced": true
		},
		{
		"name": "DEFECTDOJO_NPMAUDIT_REPORTS",
		"description": "Path to NPMAudit reports",
		"default": "*/npm-audit.json",
		"advanced": true
		},
		{
		"name": "DEFECTDOJO_TRIVY_REPORTS",
		"description": "Path to Trivy reports",
		"default": "trivy/*.json",
		"advanced": true
		},
		{

Original line number	Diff line number	Diff line
		@@ -62,19 +62,25 @@ It is bound to the `.post` stage, and uses the following variables:
		Depending on the security tools you launch, and their configuration, you may have to redefine some of the following variables in your `gitlab-ci.yml`:

		\| Name \| description \| default value \|
		\| ----------------------------- \| ---------------------------------------- \| ----------------------------------------- \|
		\| `DEFECTDOJO_BANDIT_REPORT` \| path to Bandit JSON report fil \| bandit-report.json \|
		\| `DEFECTDOJO_DC_GRADLE_REPORT` \| path to Dependency Check XML report file (Gradle template) \| build/reports/dependency-check-report.xml \|
		\| `DEFECTDOJO_DC_REPORT` \| path to Dependency Check XML report file (Maven template) \| target/dependency-check-report.xml \|
		\| `DEFECTDOJO_GITLEAKS_REPORT` \| path to Gitleaks JSON report file \| gitleaks/gitleaks-report.json \|
		\| `DEFECTDOJO_NPMAUDIT_REPORT` \| path to NPM Audit JSON report file \| reports/npm-audit-report.json \|
		\| `DEFECTDOJO_SAFETY_REPORT` \| path to Safety JSON report file \| safetyreport.json \|
		\| `DEFECTDOJO_TRIVY_REPORTS_DIRECTORY` \| directory to Trivy report(s) \| trivy/ \|
		\| ------------------------------ \| ---------------------------------------- \| ----------------------------------------- \|
		\| `DEFECTDOJO_BANDIT_REPORTS` \| path to Bandit JSON reports \| `*/bandit.json` \|
		\| `DEFECTDOJO_DC_GRADLE_REPORTS` \| path to Dependency Check XML reports (Gradle template) \| `*/dependency-check.xml` \|
		\| `DEFECTDOJO_DC_REPORTS` \| path to Dependency Check XML reports (Maven template) \| `*/dependency-check.xml` \|
		\| `DEFECTDOJO_GITLEAKS_REPORTS` \| path to Gitleaks JSON reports \| `**/gitleaks-report.json` \|
		\| `DEFECTDOJO_HADOLINT_REPORTS` \| path to Hadolint JSON reports \| `*/hadolint-json-.json` \|
		\| `DEFECTDOJO_MOBSF_REPORTS` \| path to MobSF JSON reports \| `*/mobsf.json` \|
		\| `DEFECTDOJO_NODEJSSCAN_REPORTS` \| path to NodeJSScan SARIF reports \| `**/nodejsscan-report-sarif.json` \|
		\| `DEFECTDOJO_NPMAUDIT_REPORTS` \| path to NPM Audit JSON reports \| `*/npm-audit.json` \|
		\| `DEFECTDOJO_TRIVY_REPORTS` \| path to Trivy JSON reports \| `trivy/*.json` \|
		\| `DEFECTDOJO_SONARQUBE_APPLICATION` \| your application name in Sonar \| ex: project-name \|
		\| `DEFECTDOJO_SONARQUBE_PROJECT_KEY` \| your project key in Sonar (be careful, the project key might be distinct from project-dir-project-name, sometimes Sonar adds a suffix) \| ex: project-dir-project-name or project-dir-project-name__AXjLJ76cpGZrj3BUYg10 \|
		\| `DEFECTDOJO_SONARQUBE_SINCELEAKPERIOD` \| determines if delta analysis is activated \| false \|
		\| `DEFECTDOJO_SONARQUBE_NOSECURITYHOTSPOT` \| if true, disable hotspots processing \| true \|
		\| `DEFECTDOJO_SONARQUBE_ALLBUGS ` \| true if all bugs are returned, false if only vulnerabilities are returned \| false \|
		\| `DEFECTDOJO_BASE_IMAGE` \| Alpine base image \| node:alpine3.11 \|
		\| `DEFECTDOJO_NOTIFICATION` \| send email or not for some severities \| true \|
		\| `DEFECTDOJO_NOTIFICATION_SEVERITIES` \| list of (comma separated) severities to be notified on \| Critical,High \|
		\| `DEFECTDOJO_TIMEZONE` \| timezone used for naming engagements and setting engagements start and end \| `Europe/Paris` \|
		\| `DEFECTDOJO_NOPROD_ENABLED` \| determines if defectdojo job is launched on non production branches \| false \|


		## First connection to DefectDojo
		@@ -93,8 +99,10 @@ For now, the current template allows to import reports from the following tools:
		- Bandit
		- Dependency Check
		- Gitleaks
		- Hadolint
		- MobSF
		- NodeJSScan
		- NPM Audit
		- Safety
		- SonarQube
		- Trivy