Skip to content
target

GitHub Action

DefectDojo Actions

1.0.4 Latest version

DefectDojo Actions

target

DefectDojo Actions

Import data into DefectDojo

Installation

Copy and paste the following snippet into your .yml file.

              
- name: DefectDojo Actions

              
  uses: C4tWithShell/[email protected]
Learn more about this action in C4tWithShell/defectdojo-action

Choose a version

DefectDojo Actions

This uploads reports to your DefectDojo. It allows to execute the following actions:

  1. Check productType. It will not create it. You need to preconfigure it manually with necessary permissions.
  2. Check and create product for setted productType if needed.
  3. Check and create engagement inside product if needed.
  4. Check and create environment.
  5. Integrate SonarQube API and use it for importing the tests.
  6. Get Github Vulnerability report.
  7. Import reports/api scan

Usage

See action.yml

Upload Report

steps:
  - name: Clone code repository
    uses: actions/checkout@v4
  - name: DefectDojo
    id: defectdojo
    uses: C4tWithShell/[email protected]
    with:
      token: ${{ secrets.DEFECTOJO_TOKEN }}
      defectdojo_url: ${{ secrets.DEFECTOJO_URL }}
      product_type: iroha2
      product: ${{ github.repository }}
      engagement: ${{ github.ref_name }}
      tools: "Trivy Scan, Github Vulnerability Scan"
      sonar_projectKey: iroha2:test_repo
      github_token: ${{ secrets.GITHUB_TOKEN }}
      github_repository: ${{ github.repository }}
      reports: '{"Github Vulnerability Scan": "github.json"}'
  - name: Show response
    run: |
      set -e
      printf '%s\n' '${{ steps.defectdojo.outputs.response }}'