CLI Wrapper for DefectDojo using APIv2
Project description
DefectDojo CLI
A CLI wrapper for DefectDojo
Installation
Simply run:
python3 -m pip install defectdojo-cli2
This will install it as defectdojo.
Usage
defectdojo --help
Upload scans
Example:
defectdojo reimport_scan upload --product_name="test dd" --engagement_name="DefectDojoImporter" --scan_type="GitLab Container Scan" --active --verified --test_title="GitLab Container Scan" --file=gl-container-scanning.json
This wil upload a Gitlab Container Scan report to DefectDojo to the product named test dd and engagement called DefectDojoImporter and name the test GitLab Container Scan, if it exists it do a reimport on that test, if it doesn't exists, it will create a new test with that name. If you name the engagement to something that doesn't already exists, it will create a name engagement with the provided name.
Upload languages
Example:
defectdojo import_languages upload --product=21 --file=cloc.json
This will upload a language file for a project (normally generated with cloc) to the product with the id provided.
Development
poetry env use /usr/local/bin/python3 # = your full path to the Python executable.
poetry install
poetry run python3 defectdojo_cli2
Update dependencies https://github.com/MousaZeidBaker/poetry-plugin-up
poetry self add poetry-plugin-up
poetry up
Using environment variables
The goal of this cli is not only to be used as a cli tool for accessing DefectDojo API, but also to be able to run automated jobs in a CI environment, like importing scans to DefectDojo.
To use Defectdojo CLI in a CI context, there is DEFECTDOJO_ prefixed environment variables you could set. This, so you don't need to provide the arguments.
DEFECTDOJO_API_KEY
DEFECTDOJO_BRANCH_TAG
DEFECTDOJO_COMMIT_HASH
DEFECTDOJO_ENGAGEMENT_END_DATE
DEFECTDOJO_ENGAGEMENT_ID
DEFECTDOJO_ENGAGEMENT_NAME
DEFECTDOJO_LANGUAGES_FILE
DEFECTDOJO_PASSWORD
DEFECTDOJO_PRODUCT_DESCRIPTION
DEFECTDOJO_PRODUCT_ID
DEFECTDOJO_PRODUCT_NAME
DEFECTDOJO_PRODUCT_TAGS
DEFECTDOJO_PRODUCT_TYPE
DEFECTDOJO_PUSH_TO_JIRA
DEFECTDOJO_SCAN_TYPE
DEFECTDOJO_TEST_NAME
DEFECTDOJO_TEST_TITLE
DEFECTDOJO_TEST_TYPE
DEFECTDOJO_URL
DEFECTDOJO_USER_NAME
Docker images
Docker images containing defectdojo cli is published on docker hub.
Example of running defectdojo cli in GitLab Runner
To upload results of GitLab Container Scan:
defectdojo:upload:container:scanning:
image: digitalist/defectdojo-cli2:latest
needs:
- job: container_scanning
artifacts: true
stage: .post
variables:
GIT_STRATEGY: none
DEFECTDOJO_API_KEY: c1ca1f4193f2460f9f6a3dab22b723ab
DEFECTDOJO_URL: https://defectdojo.url
DEFECTDOJO_ENGAGEMENT_NAME: "Gitlab Runner"
DEFECTDOJO_PRODUCT_NAME: ${CI_PROJECT_TITLE}
DEFECTDOJO_BRANCH_TAG: ${CI_COMMIT_REF_NAME}
DEFECTDOJO_COMMIT_HASH: ${CI_COMMIT_SHA}
DEFECTDOJO_SCAN_TYPE: "GitLab Container Scan"
DEFECTDOJO_TEST_TITLE: "GitLab Container Scan"
script:
- defectdojo reimport_scan upload --file=gl-container-scanning-report.json
To upload results of cloc (languages) to project number 42 in DefectDojo:
defectdojo:upload:cloc:
image: digitalist/defectdojo-cli2:latest
needs:
- job: cloc
artifacts: true
variables:
DEFECTDOJO_API_KEY: c1ca1f4193f2460f9f6a3dab22b723ab
DEFECTDOJO_URL: https://defectdojo.url
DEFECTDOJO_PRODUCT_ID: 42
script:
- defectdojo import_languages upload --file=cloc.json
Fork
This started as a fork of https://github.com/adiffpirate/defectdojo-cli.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file defectdojo_cli2-0.1.21.tar.gz.
File metadata
- Download URL: defectdojo_cli2-0.1.21.tar.gz
- Upload date:
- Size: 23.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.3.2 CPython/3.13.4 Darwin/23.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0a825606c13517872b4bd481a351758c2a7859f5db6e1db3278d8d919c9852c4
|
|
| MD5 |
7553f8ea25bb8f08ad962b1b6bbddb9e
|
|
| BLAKE2b-256 |
597e0b33aef19562f99d0886c65529c5a64ff124ca7cb02b767877c75d01c354
|
File details
Details for the file defectdojo_cli2-0.1.21-py3-none-any.whl.
File metadata
- Download URL: defectdojo_cli2-0.1.21-py3-none-any.whl
- Upload date:
- Size: 33.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.3.2 CPython/3.13.4 Darwin/23.6.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
afab3f01b8cd2eae5d3827f492c985068430f37ef04a4f8186020e2b6029187f
|
|
| MD5 |
7cf5a62fdd4e2c719f84c2f5fb79d7f9
|
|
| BLAKE2b-256 |
bccd5e6a56aa74c8e04ea2ee4f368690d359bf955018c6a462cdf86654f0f543
|
