Defect Dojo
Defect-Dojo is a vulnerability management tool and Rekono is integrated with it to import the findings obtained during the executions of hacking tools.
Defect-Dojo integration should be configured in Rekono settings page by an administrator:
- Defect-Dojo URL (
/api/endpoints will be appended to make API requests) - Defect-Dojo API key to authenticate API requests
- Tag to be assigned to every items created by Rekono in Defect-Dojo
- Product type name of the products created by Rekono in Defect-Dojo
- Test type name related to Rekono executions imported in Defect-Dojo
- Test name related to Rekono executions imported in Defect-Dojo
After configuring the Defect-Dojo integration, the synchronization between the platforms can be enabled at project level using this form:
-
Synchronization: if checked, findings obtained in the scope of these project will be imported automatically in Defect-Dojo
-
Product: a specific and existing Defect-Dojo product Id can be provided to be linked with these Rekono project. Otherwise, Defect-Dojo product could be created and linked to the Rekono project automatically
-
Engagement: it's possible to use a specific and existing Defect-Dojo engagement Id to import the findings, a new one can be created automatically to import all project findings or a new one can be created automatically to import the findings of each target.
For example, one of the most easiest configuration is to enable synchronization, automatic product creation and automatic engagement creation for each target. With this configuration, the following Defect-Dojo product will be created and linked to the Rekono project Test:
After that all Rekono executions will be imported in Defect-Dojo engagement related to the target:
