Commit b3fe8f4b authored by Mathias Christophe's avatar Mathias Christophe
Browse files

fix: DEFECTDOJO_SMTP_SERVER documentation and DEFECTDOJO_NOTIFICATION removal

parent 673a2170

README.md

+2 −1
Original line number Diff line number Diff line
@@ -34,7 +34,7 @@ So make sure that your `.gitlab-ci.yml` config launches at least one of the [sup 


Every time your CI/CD pipeline is launched, if you have at least one security tool which generates a security report, then all of the newly generated security reports will be imported into DefectDojo, you have nothing to do.



You may connect to DefectDojo server to visualize the summary of your project's vulnerabilities. You might also receive an e-mail notification if your project contains new vulnerabilities, depending on the threshold you defined in `DEFECTDOJO_NOTIFICATION_SEVERITIES`.

You may connect to DefectDojo server to visualize the summary of your project's vulnerabilities. You might also receive an e-mail notification if your project contains new vulnerabilities, depending on the threshold you defined in `DEFECTDOJO_NOTIFICATION_SEVERITIES` and on the fact you defined `DEFECTDOJO_SMTP_SERVER`.



## Usage
@@ -78,6 +78,7 @@ Depending on the security tools you launch, and their configuration, you may hav 
| `DEFECTDOJO_SONARQUBE_NOSECURITYHOTSPOT` | if true, disable hotspots processing           | true                         |

| `DEFECTDOJO_SONARQUBE_ALLBUGS ` | true if all bugs are returned, false if only vulnerabilities are returned | false                         |

| `DEFECTDOJO_BASE_IMAGE` | Alpine base image           | node:alpine3.11                         |

| `DEFECTDOJO_SMTP_SERVER` | name:port of SMTP server used for notifications            | dist                         |

| `DEFECTDOJO_NOTIFICATION_SEVERITIES` | list of (comma separated) severities to be notified on            | Critical,High                         |

| `DEFECTDOJO_TIMEZONE` | timezone used for naming engagements and setting engagements start and end | `Europe/Paris`                  |

| `DEFECTDOJO_NOPROD_ENABLED` | determines if defectdojo job is launched on non production branches | false                         |

kicker.json

+4 −10
Original line number Diff line number Diff line
@@ -26,23 +26,17 @@ 
      "advanced": true

    },

    {

      "name": "DEFECTDOJO_NOTIFICATION",

      "description": "Determines if DefectDojo must send an e-mail notification in case of new vulnerabilities",

      "type": "boolean",

      "name": "DEFECTDOJO_SMTP_SERVER",

      "description": "name:port of SMTP server used for notifications - if this value is set, DefectDojo will send an e-mail notification in case of new vulnerabilities",

      "default": "dist",

      "advanced": true

    },

    {

      "name": "DEFECTDOJO_NOTIFICATION_SEVERITIES",

      "description": "List of severities for which you want to be notified - DEFECTDOJO_NOTIFICATION must be set to true",

      "description": "List of severities for which you want to be notified - DEFECTDOJO_SMTP_SERVER must be defined if you want to be notified",

      "default": "Critical,High",

      "advanced": true

    },

    {

      "name": "DEFECTDOJO_SMTP_SERVER",

      "description": "name:port of SMTP server used for notifications - DEFECTDOJO_NOTIFICATION must be set to true",

      "default": "dist",

      "advanced": true

    },

    {

      "name": "DEFECTDOJO_DC_REPORTS",

      "description": "Path to Dependency Check reports",