stackoom
  简体   繁体   中英

How to upload scan outputs from minIO (ex. Nmap, Nikto, Sslyze, Zap) to OWASP DefectDojo

 原文  2022-03-07 07:46:12       devops/ google-kubernetes-engine/ kubernetes-helm/ owasp

Question

I have problem uploading the findings of minIO securecodebox outputs to OWASP DefectDojo.

Screenshot of Error https://drive.google.com/file/d/1PqVOazjr7r_1oMPf6SQsh8_iPFgnqkjC/view?usp=sharing

I try following these steps https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/KUBE.NETES.md then https://docs.securecodebox.io/docs/hooks/defectdojo/

This is the link for the scanners https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners

The Error:

2022-03-07 07:23:54 INFO DefectDojoPersistenceProvider:35 - Downloading Scan Result ence provider 2022-03-07 07:23:56 INFO DefectDojoPersistenceProvider:39 - Uploading Findings to DefectDojo at: http://defectdojo.default.minikube.local:8080/ tDojo at: http://defectdojo.default.minikube.local:8080/ Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://defectdojo.default.minikube.locarror on GET request for "http://defectdojo.default.minikube.local:8080/api/v2/users/": defectdojo.default.minikube.local; nested exception is java.net.UnknownHostException: defectdojo.default.minikube.local at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:751) rnalSearch(GenericDefectDojoService.java:151) at org.springframework.web.client.RestTemplate.e xchange(RestTemplate.java:621) ch(GenericDefectDojoService.java:167) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.intechUnique(GenericDefectDojoService.java:187)rnalSearch(GenericDefectDojoService.java:151) ionedEngagementsStrategy.java:82) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.search(GenericDefectDojoService.java:167) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.searchUnique(GenericDefectDojoService.java:187) at io.securecodebox.persistence.strategies.VersionedEngagementsStrategy.run(VersionedEngagementsStrategy.java:82) at io.securecodebox.persistence.DefectDojoPersistenceProvider.main(DefectDojoPersistenceProvider.java:42) Caused by: java.net.UnknownHostException: defectdojo.default.minikube.local at java.base/java.net.AbstractPlain SocketImpl.connect(AbstractPlainSocketImpl.java:229) at java.base/java.net.Socket.connect(Socket.java:609) at java.base/java.net.Socket.connect(Socket.java:558) at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:182) at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474) at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569) at java.base/sun.net.www.http.HttpClient.(HttpClient.java:242) at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:341) at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:362) at java.base/sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1253) at java.base/sun.net.www.protocol.http.HttpURLConnection .plainConnect0(HttpURLConnection.java:1187) at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081) at java.base/sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:1015) at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76) at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)... 7 more

Thank you for the reponse!

1 answers

solution1
 2  2022-04-27 08:57:18

there is a dedicated DefectDojo Hook which will do it for you. You just need to install in on a cluster with some basic configuration.

Installing the DefectDojo persistenceProvider hook will add a ReadAndWrite Hook to your namespace.

kubectl create secret generic defectdojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..."

helm upgrade --install dd secureCodeBox/persistence-defectdojo
--set="defectdojo.url=https://defectdojo-django.default.svc"

The hook will automatically import the scan results into an engagement in DefectDojo. If the engagement doesn't exist the hook will create the engagement (CI/CD engagement) and all objects required for it (product & product type). The hook will then pull the imported information from DefectDojo and use them to replace the findings inside secureCodeBox.

More https://docs.securecodebox.io/docs/hooks/defectdojo

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question OWASP ZAP Full Scan Authenticated on Gitlab CICD OWASP ZAP full scan stopped working in CICD pipeline How to integrate OWASP ZAP into GCP Cloud Build CI/CD How to solving TypeError: metaData should be of type "object" on upload to minio How to transfer/upload data from s3 bucket to MinIO bucket given their end points and secret, access keys AWS: How to save Streaming data to database hosted on EC2 ( ex. MySQL/ MongoDB ) OWASP ZAP - SSLHandshakeException: Received fatal alert: handshake_failure Daemon OWASP ZAP on Azure App Service always returns code 400 - Bad Request How to Set BucketLifeCycleRule in Minio? How to add a Minio connection to Airflow connections?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM