search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.6k stars 1.51k forks source link

Rewrite of GitLab parsers #5863

Closed kiblik closed 6 months ago

kiblik commented 2 years ago
  1. DD supports multiple GitLab formats (API fuzzing, container scan, DAST, Dep. Scan, SAST, Secret detection) but there is documentation only for SAST and Dep. scan
  2. All GitLab scanners use the same common format (which is partially but nicely described here and full up-to-date examples are available here) so it should be merged into the one. If there will be some change in format, it is easier to maintain one common code than multiple of them. Plus it will automatically support newly created scan categories (for example, "Cluster Image Scanning", "IaC Scanning" and "Coverage-guided fuzz testing" are missing right now)
  3. (real bug) "GitLab DAST Report" uses IDs as names of findings even there is a meaningful title in the report (field name is "message"). image
manuel-sommer commented 6 months ago

@mtesauro, @kiblik and @Maffooch, I would take time to investigate here (but in multiple PRs, not one PR to merge all at once). Would you approve the work or is it a bad timing at the moment?

manuel-sommer commented 6 months ago

Can you close this @mtesauro because of: https://github.com/DefectDojo/django-DefectDojo/discussions/9690