DefectDojo

DefectDojo is a security orchestration and vulnerability management platform. DefectDojo allows you to manage your application security program, maintain product and application information, triage vulnerabilities and push findings to systems like JIRA and Slack. DefectDojo enriches and refines vulnerability data using a number of heuristic algorithms that improve with the more you use the platform.

How to Integrate Edgescan & DefectDojo.

Import Vulnerabilities as JSON

Export Edgescan Vulnerabilities as JSON

To export Vulnerabilities login to https://live.edgescan.com.

Click Vulnerabilities in the top menu bar, and add the necessary filters.

For example, to get all open vulnerabilities for a specific asset the following filters should be used:

  • Asset In “Example Asset”

  • Status Equal Open

Then, click the Export button in the top right of the screen.

Select Export as JSON and click Download here.

Import Vulnerabilities as Findings

Go to the Product that you want to import the Vulnerabilities for.

In the top menu, click Findings and Import Scan Results.

Fill in the required fields:

  • Scan type: select Edgescan Scan, not Edgescan API Scan

  • Choose report file: Select the vulnerabilities JSON file that was exported

Finally, click Import and the Findings should appear.

Import Vulnerabilities by API

Generate Edgescan API Key

An Edgescan API key will be required.

To generate a key login to https://live.edgescan.com.

In the top right of the menu bar, click the 👤 icon, and go to Account settings.

In the Label input box enter a token name and click Create.

Take note of the generated API token.

DefectDojo Tool Configuration

Configure the Edgescan authentication details by navigating to Configuration / Tool Configuration, selecting the Tool Type to “Edgescan”, and Authentication Type to “API Key”.

Paste your Edgescan API key in the “API Key” field.

Click Submit

DefectDojo API Scan Configuration

Go to the specific Product page and click Settings -> Add API Scan Configuration and select the previously added Edgescan Tool Configuration.

Provide the ID of the asset from which to import findings in the field Service key 1.

Click Save

Import Vulnerabilities as Findings

On the Product page click Findings -> Import Scan Results .

You can import the findings by selecting “Edgescan Scan” as the scan type, and select the Edgescan API Scan Configuration.

Click Import, and any open Vulnerabilities for the selected Assetwill be imported as Findings.