Closed bobdob42 closed 7 years ago
devGregA
commented
7 years ago Hi @bobdob42 we haven't supported nmap as a vulnerability scanner in the past because we didn't feel that open ports equal vulnerabilities. If you're using the nmap plugins that is different, but we do support nmap / port scans http://defectdojo.readthedocs.io/en/latest/features.html#port-scans
Let me know your thoughts. Thanks! --Greg
bobdob42
commented
7 years ago Hi Greg was thinking in terms of extending that "port-scans" feature, the DefectDojo server may not have access to the same parts of the infrastructure to allow those scans or the scans maybe run by a 3rd party and we want to import the results.
devGregA
commented
7 years ago @bobdob42 ah great point. Definitely would be a great enhancement. Unfortunately, I'm not sure when I'll be able to get to it due to my backlog.
patriknordlen
commented
7 years ago I have a working prototype for this, it essentially creates informational findings for each open port. Issuing a PR shortly.
devGregA
commented
7 years ago @bobdob42 done :) courtesy of @patriknordlen
could DefectDojo support Import of NMAP scan results, similar to Nessus or Burp XML The nmap scan results would be in .XML format https://nmap.org/book/output-formats-xml-output.html