search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.5k stars 1.48k forks source link

Rengine Integration #8544

Open smaranchand opened 10 months ago

smaranchand commented 10 months ago

Is your feature request related to a problem? Please describe

I've been utilizing both DefectDojo and Rengine for vulnerability management and reconnaissance, respectively. While DefectDojo offers a comprehensive platform for vulnerability management, integrating Rengine could add significant value by enhancing the reconnaissance phase.

Describe the solution you'd like

I propose the integration of Rengine as a plugin or native feature in DefectDojo. This could allow users to kick off automated reconnaissance tasks directly from DefectDojo and have the results imported seamlessly.

Benefits of this integration:

Unified Workflow: Combines the vulnerability management workflow with the reconnaissance phase, streamlining the process for security professionals. Enhanced Visibility: Rengine's results can provide additional context to the vulnerabilities identified, aiding in better risk assessments. Automation: With the right API hooks, this could potentially pave the way for more automated, continuous reconnaissance as part of the vulnerability management process.

Describe alternatives you've considered

While users can currently manually conduct reconnaissance with Rengine and then feed the results into DefectDojo, a direct integration would reduce manual steps and potential errors.

Additional context Rengine's growing popularity and comprehensive toolset make it an excellent candidate for integration. Users of both tools would significantly benefit from a more cohesive and integrated experience.

https://github.com/yogeshojha/rengine

hsppdy01 commented 1 month ago

Hey @smaranchand , have you found any alternative for this? Or is it possible for you to let me know how you are currently sending the rengine data to defectdojo

smaranchand commented 1 month ago

Hi @hsppdy01 I am currently using a very dirty hack to populate vulnerability scan results to DD and its kind of semi automatic, use the API endpoint to fetch the details and parse in DD.

Regards, Smaran

hsppdy01 commented 1 month ago

Can you share a little bit more about it? i mean the dirty hack code how you are doing it 😅.