如何将 minIO(例如 Nmap、Nikto、Sslyze、Zap)的扫描输出上传到 OWASP DefectDojo
[英]How to upload scan outputs from minIO (ex. Nmap, Nikto, Sslyze, Zap) to OWASP DefectDojo
问题描述
I have problem uploading the findings of minIO securecodebox outputs to OWASP DefectDojo.
我在将 minIO securecodebox 输出结果上传到 OWASP DefectDojo 时遇到问题。
Screenshot of Error https://drive.google.com/file/d/1PqVOazjr7r_1oMPf6SQsh8_iPFgnqkjC/view?usp=sharing错误截图https://drive.google.com/file/d/1PqVOazjr7r_1oMPf6SQsh8_iPFgnqkjC/view?usp=sharing
I try following these steps https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/KUBE.NETES.md then https://docs.securecodebox.io/docs/hooks/defectdojo/我尝试按照这些步骤操作 https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/KUBE.NETES.md然后https://docs.securecodebox.io/docs/hooks/defectdojo/
This is the link for the scanners https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners这是扫描仪的链接https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners
The Error:错误:
2022-03-07 07:23:54 INFO DefectDojoPersistenceProvider:35 - Downloading Scan Result ence provider 2022-03-07 07:23:56 INFO DefectDojoPersistenceProvider:39 - Uploading Findings to DefectDojo at: http://defectdojo.default.minikube.local:8080/ tDojo at: http://defectdojo.default.minikube.local:8080/ Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://defectdojo.default.minikube.locarror on GET request for "http://defectdojo.default.minikube.local:8080/api/v2/users/": defectdojo.default.minikube.local; nested exception is java.net.UnknownHostException: defectdojo.default.minikube.local at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:751) rnalSearch(GenericDefectDojoService.java:151) at org.springframework.web.client.RestTemplate.e 2022-03-07 07:23:54 信息 DefectDojoPersistenceProvider:35 - 下载扫描结果提供程序 2022-03-07 07:23:56 信息 DefectDojoPersistenceProvider:39 - 将结果上传到 DefectDojo,地址: http://defectdojo.default.minikube .local:8080/ tDojo at: http://defectdojo.default.minikube.local:8080/线程“main”中的异常 org.springframework.web.client.ResourceAccessException:GET 请求“http:/ /defectdojo.default.minikube.locarror 对“http://defectdojo.default.minikube.local:8080/api/v2/users/”的 GET 请求:defectdojo.default.minikube.local;嵌套异常是 java.net。 UnknownHostException: defectdojo.default.minikube.local 在 org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785) 在 org.springframework.web.client.RestTemplate.execute(RestTemplate.88213284867988:785) .java:151) 在 org.springframework.web.client.RestTemplate.e xchange(RestTemplate.java:621) ch(GenericDefectDojoService.java:167) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.intechUnique(GenericDefectDojoService.java:187)rnalSearch(GenericDefectDojoService.java:151) ionedEngagementsStrategy.java:82) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.search(GenericDefectDojoService.java:167) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.searchUnique(GenericDefectDojoService.java:187) at io.securecodebox.persistence.strategies.VersionedEngagementsStrategy.run(VersionedEngagementsStrategy.java:82) at io.securecodebox.persistence.DefectDojoPersistenceProvider.main(DefectDojoPersistenceProvider.java:42) Caused by: java.net.UnknownHostException: defectdojo.default.minikube.local at java.base/java.net.AbstractPlain xchange(RestTemplate.java:621) ch(GenericDefectDojoService.java:167) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.intechUnique(GenericDefectDojoService.java:187)rnalSearch(GenericDefectDojoService.java:151) ionedEngagementsStrategy.java:82 ) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.search(GenericDefectDojoService.java:167) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.searchUnique(GenericDefectDojoService.java:187) at io.securecodebox.persistence. strategies.VersionedEngagementsStrategy.run(VersionedEngagementsStrategy.java:82) at io.securecodebox.persistence.DefectDojoPersistenceProvider.main(DefectDojoPersistenceProvider.java:42) Caused by: java.net.UnknownHostException: defectdojo.default.minikube.local at java.base/ java.net.AbstractPlain SocketImpl.connect(AbstractPlainSocketImpl.java:229) at java.base/java.net.Socket.connect(Socket.java:609) at java.base/java.net.Socket.connect(Socket.java:558) at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:182) at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474) at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569) at java.base/sun.net.www.http.HttpClient.(HttpClient.java:242) at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:341) at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:362) at java.base/sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1253) at java.base/sun.net.www.protocol.http.HttpURLConnection SocketImpl.connect(AbstractPlainSocketImpl.java:229) at java.base/java.net.Socket.connect(Socket.java:609) at java.base/java.net.Socket.connect(Socket.java:558) at java .base/sun.net.NetworkClient.doConnect(NetworkClient.java:182) 在 java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474) 在 88924.net/sun/8888 .http.HttpClient.openServer(HttpClient.java:569) at java.base/sun.net.www.http.HttpClient.(HttpClient.java:242) at java.base/sun.net.www.http.HttpClient. New(HttpClient.java:341) at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:362) at java.base/sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient( HttpURLConnection.java:1253) 在 java.base/sun.net.www.protocol.http.HttpURLConnection .plainConnect0(HttpURLConnection.java:1187) at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081) at java.base/sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:1015) at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76) at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)... 7 more .plainConnect0(HttpURLConnection.java:1187) at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081) at java.base/sun.net.www.protocol.http.HttpURLConnection .connect(HttpURLConnection.java:1015) at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76) at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) at org. springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)在org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java8:66)...88:77
Thank you for the reponse!感谢您的回复!
1 个解决方案
解决方案1
2 2022-04-27 08:57:18
there is a dedicated DefectDojo Hook which will do it for you.有一个专用的 DefectDojo Hook 可以为您完成。 You just need to install in on a cluster with some basic configuration.您只需要安装在具有一些基本配置的集群上。
Installing the DefectDojo persistenceProvider hook will add a ReadAndWrite Hook to your namespace.
kubectl create secret generic defectdojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..."
helm upgrade --install dd secureCodeBox/persistence-defectdojo
--set="defectdojo.url=https://defectdojo-django.default.svc"
The hook will automatically import the scan results into an engagement in DefectDojo.
More https://docs.securecodebox.io/docs/hooks/defectdojo更多https://docs.securecodebox.io/docs/hooks/defectdojo
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.