'How to upload scan outputs from minIO (ex. Nmap, Nikto, Sslyze, Zap) to OWASP DefectDojo

I have problem uploading the findings of minIO securecodebox outputs to OWASP DefectDojo.

Screenshot of Error https://drive.google.com/file/d/1PqVOazjr7r_1oMPf6SQsh8_iPFgnqkjC/view?usp=sharing

I try following these steps https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/KUBERNETES.md then https://docs.securecodebox.io/docs/hooks/defectdojo/

This is the link for the scanners https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners

The Error:

2022-03-07 07:23:54 INFO DefectDojoPersistenceProvider:35 - Downloading Scan Result ence provider 2022-03-07 07:23:56 INFO DefectDojoPersistenceProvider:39 - Uploading Findings to DefectDojo at: http://defectdojo.default.minikube.local:8080/ tDojo at: http://defectdojo.default.minikube.local:8080/ Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://defectdojo.default.minikube.locarror on GET request for "http://defectdojo.default.minikube.local:8080/api/v2/users/": defectdojo.default.minikube.local; nested exception is java.net.UnknownHostException: defectdojo.default.minikube.local at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:751) rnalSearch(GenericDefectDojoService.java:151) at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:621) ch(GenericDefectDojoService.java:167) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.intechUnique(GenericDefectDojoService.java:187)rnalSearch(GenericDefectDojoService.java:151) ionedEngagementsStrategy.java:82) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.search(GenericDefectDojoService.java:167) at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.searchUnique(GenericDefectDojoService.java:187) at io.securecodebox.persistence.strategies.VersionedEngagementsStrategy.run(VersionedEngagementsStrategy.java:82) at io.securecodebox.persistence.DefectDojoPersistenceProvider.main(DefectDojoPersistenceProvider.java:42) Caused by: java.net.UnknownHostException: defectdojo.default.minikube.local at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:229) at java.base/java.net.Socket.connect(Socket.java:609) at java.base/java.net.Socket.connect(Socket.java:558) at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:182) at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474) at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569) at java.base/sun.net.www.http.HttpClient.(HttpClient.java:242) at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:341) at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:362) at java.base/sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1253) at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1187) at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081) at java.base/sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:1015) at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76) at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776) ... 7 more

Thank you for the reponse!

devopsgoogle-kubernetes-enginekubernetes-helmowasp


Solution 1:[1]

there is a dedicated DefectDojo Hook which will do it for you. You just need to install in on a cluster with some basic configuration.

Installing the DefectDojo persistenceProvider hook will add a ReadAndWrite Hook to your namespace.

kubectl create secret generic defectdojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..."

helm upgrade --install dd secureCodeBox/persistence-defectdojo
--set="defectdojo.url=https://defectdojo-django.default.svc"

The hook will automatically import the scan results into an engagement in DefectDojo. If the engagement doesn't exist the hook will create the engagement (CI/CD engagement) and all objects required for it (product & product type). The hook will then pull the imported information from DefectDojo and use them to replace the findings inside secureCodeBox.

More https://docs.securecodebox.io/docs/hooks/defectdojo

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 mikerek

Related Questions

How to scan particular URL or page alone in owasp zap

DfectDojo pushing to JIRA

How to have a fork of a php project still get security checks with owasp dependency check

how to keep GKE cluster nodes in different regions?

Deploying a Keycloak HA cluster to kubernetes | Pods are not discovering each other

Volume not persistent in Google Cloud

Kubernetes cluster default timezone?

Kubernetes: Exclude Node from default scheduling

Issuing certificate as Secret does not exist

GKE metrics comparsion

kubectl exec/logs on GKE returns "remote error: tls: internal error"

cert-manager HTTP01 certificate challenge is inaccessible when rewrite-target is enabled

Why a pod can't connect to on-premise network

How to create more than one cluster in minikube

How do I get logs from all pods of a Kubernetes replication controller?