Commit f07936e1 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch '12-document-email-notification-config' into 'main' 

Resolve "Document email notification config"

Closes #12

See merge request to-be-continuous/defectdojo!18
parents 8fb107f3 50d8f19c

README.md

+2 −1
Original line number Diff line number Diff line
@@ -34,7 +34,7 @@ So make sure that your `.gitlab-ci.yml` config launches at least one of the [sup 


Every time your CI/CD pipeline is launched, if you have at least one security tool which generates a security report, then all of the newly generated security reports will be imported into DefectDojo, you have nothing to do.



You may connect to DefectDojo server to visualize the summary of your project's vulnerabilities. You might also receive an e-mail notification if your project contains new vulnerabilities, depending on the threshold you defined in `DEFECTDOJO_NOTIFICATION_SEVERITIES`.

You may connect to DefectDojo server to visualize the summary of your project's vulnerabilities. You might also receive an e-mail notification if your project contains new vulnerabilities, depending on the threshold you defined in `DEFECTDOJO_NOTIFICATION_SEVERITIES` and on the fact you defined `DEFECTDOJO_SMTP_SERVER`.



## Usage
@@ -78,6 +78,7 @@ Depending on the security tools you launch, and their configuration, you may hav 
| `DEFECTDOJO_SONARQUBE_NOSECURITYHOTSPOT` | if true, disable hotspots processing           | true                         |

| `DEFECTDOJO_SONARQUBE_ALLBUGS ` | true if all bugs are returned, false if only vulnerabilities are returned | false                         |

| `DEFECTDOJO_BASE_IMAGE` | Alpine base image           | node:alpine3.11                         |

| `DEFECTDOJO_SMTP_SERVER` | name:port of SMTP server used for notifications            | dist                         |

| `DEFECTDOJO_NOTIFICATION_SEVERITIES` | list of (comma separated) severities to be notified on            | Critical,High                         |

| `DEFECTDOJO_TIMEZONE` | timezone used for naming engagements and setting engagements start and end | `Europe/Paris`                  |

| `DEFECTDOJO_NOPROD_ENABLED` | determines if defectdojo job is launched on non production branches | false                         |

kicker.json

+4 −10
Original line number Diff line number Diff line
@@ -26,23 +26,17 @@ 
      "advanced": true

    },

    {

      "name": "DEFECTDOJO_NOTIFICATION",

      "description": "Determines if DefectDojo must send an e-mail notification in case of new vulnerabilities",

      "type": "boolean",

      "name": "DEFECTDOJO_SMTP_SERVER",

      "description": "name:port of SMTP server used for notifications - if this value is set, DefectDojo will send an e-mail notification in case of new vulnerabilities",

      "default": "dist",

      "advanced": true

    },

    {

      "name": "DEFECTDOJO_NOTIFICATION_SEVERITIES",

      "description": "List of severities for which you want to be notified - DEFECTDOJO_NOTIFICATION must be set to true",

      "description": "List of severities for which you want to be notified - DEFECTDOJO_SMTP_SERVER must be defined if you want to be notified",

      "default": "Critical,High",

      "advanced": true

    },

    {

      "name": "DEFECTDOJO_SMTP_SERVER",

      "description": "name:port of SMTP server used for notifications - DEFECTDOJO_NOTIFICATION must be set to true",

      "default": "dist",

      "advanced": true

    },

    {

      "name": "DEFECTDOJO_DC_REPORTS",

      "description": "Path to Dependency Check reports",

templates/gitlab-ci-defectdojo.yml

+12 −3
Original line number Diff line number Diff line
@@ -81,6 +81,15 @@ variables: 


  function prepare_mail_template() {

    log_info "prepare mail template"

    cat > /tmp/mail.txt <<-EOF

  	To: $GITLAB_USER_EMAIL

  	From: notif@defectdojo

  	Subject: New vulnerabilities in $CI_PROJECT_PATH

  	

  	Hello,

  	

  	DefectDojo found <<nb>> new $DEFECTDOJO_NOTIFICATION_SEVERITIES vulnerabilities in $CI_PROJECT_PATH.

  	EOF

  }



  function import_into_defectdojo() {
@@ -108,7 +117,7 @@ variables: 
    log_info "jq installed"



    # Download and configure SSMTP if we are sending mails

    if [[ -z "$DEFECTDOJO_SMTP_SERVER" ]]; then

    if [[ ! -z "$DEFECTDOJO_SMTP_SERVER" ]]; then

      write_ssmtp_conf

    fi
@@ -139,7 +148,7 @@ variables: 
    fi

    log_info "dd_product_pk: ${dd_product_pk}"



    if [[ -z "$DEFECTDOJO_SMTP_SERVER" ]]; then

    if [[ ! -z "$DEFECTDOJO_SMTP_SERVER" ]]; then

      prepare_mail_template

    fi
@@ -421,7 +430,7 @@ variables: 
      done

      log_info "$nb_new_vulns new vulnerabilities"



      if [[ -z $DEFECTDOJO_SMTP_SERVER && ${nb_new_vulns} -gt 0 ]]; then

      if [[ ! -z $DEFECTDOJO_SMTP_SERVER && ${nb_new_vulns} -gt 0 ]]; then

        log_info "set nb in mail template"

        sed -i 's/<<nb>>/'$nb_new_vulns'/' /tmp/mail.txt

        ssmtp "$GITLAB_USER_EMAIL" < /tmp/mail.txt