DefectDojo

The DefectDojo Jenkins plugin that helps integrate Jenkins CI with syncing with DefectDojo.

DefectDojo automates away security drudgery. The data model allows for a high level of flexibility providing continuous feedback and optimization across entire security program and DevSecOps pipeline.

It stores, normalizes, and deduplicates results from over 160 security tools and converts them to a single actionable report. With less noise in the system, DevSecOps activities are prioritized to match the SLAs set.

Global Configuration

To setup, navigate to Jenkins > System Configuration and complete the DefectDojo section.

global configuration

DefectDojoBackend URL: URL to your DefectDojo instance.

API key: API Key used for authentication.

Auto Create Products: auto creation of products by giving a product name.

Auto Create Engagements: auto creation of products by giving a product name.

Reupload Scan: reupload scan results.

Connection Timeout: Defines the maximum number of seconds to wait for connecting to DefectDojo.

Response Timeout: Defines the maximum number of seconds to wait for DefectDojo to respond.

Job Configuration

Once configured with a valid URL and API key, simply configure a job to publish the artifact.

job configuration

DefectDojo Product: Specify unique ID of the product in DefectDojo

DefectDojo Engagement: Secify the unique ID of the engagement in DefectDojo

Scan Type: Select the Scan Type

Artifact: Specifies the file to upload. Paths are relative from the Jenkins workspace. The use of environment variables in the form ${VARIABLE} is supported here.

Optional Fields: Some optional fields that can be passed

  • Source Code URI: The URI of the SCM
  • Commit Hash: The commit hash
  • Branch Tag: The branch name

Override global settings: Allows to override global settings for "Auto Create Products", "DefectDojo URL", "API key", "Auto Create Engagements", "Reupload Scan" and the various timeouts.

Examples

Declarative Pipeline

pipeline {
    agent any

    stages {
        stage('DefectDojoPublisher') {
            steps {
                withCredentials([string(credentialsId: 'CREDENTIALS_ID', variable: 'API_KEY')]) {
                    defectDojoPublisher(artifact: 'target/dependency-check-report.xml', productName: 'my-product', scanType: 'Dependency Check Scan', engagementName: 'ci/cd', defectDojoCredentialsId: API_KEY, sourceCodeUrl: 'https://git.com/org/project.git', branchTag: 'main')
                }
            }
        }
    }
}