Skip to main content

Vulnerability management integrations

You can use webhooks to import vulnerabilities discovered by DAST Essentials to vulnerability management solutions.

DefectDojo

DefectDojo is an Open Source application available through GitHub.
See the different usage examples for more details on the different usage types.

The importing of the scan results is available through easy integration. Once you start an engagement, you can easily import the machine-readable scan results and have them shown as findings, including CVSS scoring, vulnerability description, URL, and remediation advice, and included a link to the docs.

Add DAST Essentials to DefectDojo

If you want to automate this process altogether, you can automatically use the DefectDojo API to send the scan reports to the API.

This process would need to be defined in your CI/CD to ensure this happens after every scan. Also, see the below example of importing a scan result with the API.

DefectDojo allows you to integrate with Jira, so you can easily create Jira tickets from your DefectDojo and close findings if the ticket is closed.

See the DefectDojo documentation.

If you need help with this process, contact Veracode Technical Support.

Example: Import scan results to DefectDojo

Below is an example of testing the DefectDojo API with a tool like Postman.

This example assumes your DefectDojo is running at https://defectdojo.herokuapp.com/ (demo application)

engagement:3  
verified:true
active:true
lead:1
tags:test
scan_date:2019-04-30
scan_type:DAST Essentials Scan
minimum_severity:Info
skip_duplicates:true
close_old_findings:false
  • Body tab
    • Select Key-value edit.
    • Add a file parameter of type file. This will trigger multi-part form data for sending the file content.
    • Browse for the file to upload.
  • Select Send.

Faraday

Faraday is a vulnerability management solution developed by Infobyte. There is a free Community edition available on GitHub. For more information, see the Faraday documentation.

Importing, collecting, and reporting on findings is similar to the above-described process for DefectDojo. If you need help with importing your results, contact Veracode Technical Support.