Skip to content

Feature/lab10#10

Open
fayz131 wants to merge 5 commits into
mainfrom
feature/lab10
Open

Feature/lab10#10
fayz131 wants to merge 5 commits into
mainfrom
feature/lab10

Conversation

@fayz131
Copy link
Copy Markdown
Owner

@fayz131 fayz131 commented Apr 16, 2026

Goal

Implement vulnerability management workflow using DefectDojo by importing scan results from multiple security tools (Semgrep, Trivy, Grype) and generating consolidated reports.

Changes

  • Deployed DefectDojo locally using Docker Compose
  • Configured API access and created:
    • Product Type (Engineering)
    • Product (Juice Shop)
    • Engagement (Labs Security Testing)
  • Imported scan results:
    • Semgrep (successful, 5 findings)
    • Anchore Grype (successful, 167 findings)
    • Trivy (attempted, failed with internal error)
  • Generated reports:
    • PDF report (dojo-report.pdf)
    • Findings export (findings.csv)
    • Metrics snapshot (metrics-snapshot.md)
  • Added submission report (submission10.md)

Testing

  • Verified DefectDojo is available on http://localhost:8080

  • Check API:
    curl -H "Authorization: Token $DD_TOKEN" $DD_API/test_types/

  • Startes import:
    bash labs/lab10/imports/run-imports.sh

  • Checked results in UI:

    • Findings (179 total)
    • Severity breakdown correct

  • Checked files:
    ls labs/lab10/report

Artifacts & Screenshots

  • labs/lab10/report/dojo-report.pdf
  • labs/lab10/report/findings.csv
  • labs/lab10/report/metrics-snapshot.md
  • Screen DefectDojo with findings (179 total)

Checklist

  • PR title is clear and descriptive
  • Documentation updated if needed
  • No secrets, temporary files, or large binaries included

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fayz131