GitHub Action
DefectDojo Actions
1.0.4
Latest version
This uploads reports to your DefectDojo. It allows to execute the following actions:
- Check productType. It will not create it. You need to preconfigure it manually with necessary permissions.
- Check and create product for setted productType if needed.
- Check and create engagement inside product if needed.
- Check and create environment.
- Integrate SonarQube API and use it for importing the tests.
- Get Github Vulnerability report.
- Import reports/api scan
See action.yml
steps:
- name: Clone code repository
uses: actions/checkout@v4
- name: DefectDojo
id: defectdojo
uses: C4tWithShell/[email protected]
with:
token: ${{ secrets.DEFECTOJO_TOKEN }}
defectdojo_url: ${{ secrets.DEFECTOJO_URL }}
product_type: iroha2
product: ${{ github.repository }}
engagement: ${{ github.ref_name }}
tools: "Trivy Scan, Github Vulnerability Scan"
sonar_projectKey: iroha2:test_repo
github_token: ${{ secrets.GITHUB_TOKEN }}
github_repository: ${{ github.repository }}
reports: '{"Github Vulnerability Scan": "github.json"}'
- name: Show response
run: |
set -e
printf '%s\n' '${{ steps.defectdojo.outputs.response }}'