OWASP Dependency-check report import ends with an error

[ddudnyk]

Unable to import OWASP Dependency-check scan report using API v2:

For example, sending report:

curl -X POST "https://demo.defectdojo.org/api/v2/import-scan/" -H "accept: application/json" -H "Authorization: 548afd6fab3bea9794a41b31da0e9404f733e222" -H "Content-Type: multipart/form-data" -H "X-CSRFToken: 5LMxAW1u9etB6KMGgj5KAcxpn5MP2kK90hKKsC9OrEBEhLIIj4XB0pokOERj0Sb8" -F "scan_date=2021-10-21" -F "minimum_severity=Info" -F "active=true" -F "verified=true" -F "scan_type=Dependency Check Scan" -F "file=@dependency-check-report.xml;type=text/xml" -F "engagement=14" -F "tags=test" -F "close_old_findings=false" -F "push_to_jira=false"

using absolutely correct credentials and existing engagement ends in error:

{"detail":"Authentication credentials were not provided."}

Curl command was received on https://demo.defectdojo.org/api/v2/doc/ and works fine on a demo but does not work when sending a report remotely, requiring authorization credentials.

Reproduce the error as easy as shelling peas.

Hope you will restore the integration with Dependency-check.

Thanks!

[StefanFl]

@ddudnyk I think the Authorization header is not correct. It needs to be -H "Authorization: Token 548afd6fab3bea9794a41b31da0e9404f733e222" You have missed the keyword Token .

[ddudnyk]

I really appreciate your help in highlighting the problem, thank you!