Upload Trivy result.json file to DefectDojo

2.1k Views Asked by AudioBubble At 21 October 2024 at 01:35

I am using trivy to do docker scanning and then saving the output into result.json file. Now I am trying to send the file to DefectDojo to visualize it there, how can I do that?

Original Q&A

There are 2 best solutions below

orkosec On 14 June 2022 at 14:50

Go to "Products" , Select a product, in the "Findings" tab > "Import Scan Results"

or use API: create an engagement:

curl -X POST   "https://dojo:8080/api/v2/engagements/" -H "Authorization: Token <your token>"  -F "name=Test" -F "product=<Product ID>" -F "target_start=2022-06-14" -F "target_end=2022-06-14"

Import Scan:

 curl -X POST "https://dojo:8080/api/v2/import-scan/" -H  "accept: application/json" -H  "Content-Type: multipart/form-data"  -H "Authorization: Token <your token>" -F "minimum_severity=Info" -F "active=true" -F "verified=true" -F "scan_type=Trivy Scan" -F "close_old_findings=false" -F "push_to_jira=false" -F "[email protected]" -F "product_name=Test" -F "scan_date=2022-06-14" -F "engagement_name=Test"

Security Researches On 31 January 2024 at 12:52

There's another problem with DefectDojo's importer for Trivy: They parse only CVEs, but trivy can find secrets as well.

Try this tool as well: https://docs.whitespots.io/appsec-portal/install/deployment-guide/installation

Upload Trivy result.json file to DefectDojo

There are 2 best solutions below

Related Questions in DEVOPS

Related Questions in APPLICATION-SECURITY

Related Questions in DEVSECOPS

Related Questions in TRIVY

Trending Questions

Popular # Hahtags

Popular Questions