Integration in Vulnerability Management Solutions

Manage your vulnerabilities as efficient as ever.

This guide will focus on the easy integration of the Crashtest Security Suite with vulnerability management solutions, such as DefectDojo or Faraday.
See below how your existing systems can be used with Crashtest Security.

DefectDojo

DefectDojo is an Open Source application, available through their GitHub
For more details on the different usage types, please refer to the different usage examples.

The importing of our scan results is available through an easy integration. Once you start an engagement, you can easily import our machine-readable scan result and have them shown as findings, including CVSS scoring, vulnerability description, URL, as well as remediation advice and included link to our wiki system.

Add a Crashtest Security Scan in DefectDojo

If you want to completely automate this process, you can use the DefectDojo API to automatically send our scan reports to the API.
This process would need to be defined in your CI/CD to make sure this happens after every scan. Also see the below example of importing a scan result via the API. 

Additionally, DefectDojo allows you to integrate with Jira, so you can easily create Jira tickets from your DefectDojo and close findings if the corresponding ticket is closed.

More documentation is available through the DefectDojo documentation website.

If you need any support to set this process up, please feel free to contact us.

Example for importing a scan result in DefectDojo

Below is an example on how to test the DefectDojo API with a tool, such as Postman.
We assume your DefectDojo is running at https://defectdojo.herokuapp.com/ (demo application)

engagement:3
verified:true
active:true
lead:1
tags:test
scan_date:2019-04-30
scan_type:Crashtest Security Scan
minimum_severity:Info
skip_duplicates:true
close_old_findings:false
  • Body tab
    • Click “Key-value” edit
    • Add a “file” parameter of type “file”. This will trigger multi-part form data for sending the file content
    • Browse for the file to upload
  • Click send

Faraday

Faraday is a vulnerability management solution, developed by Infobyte. There is a free Community edition available on GitHub. For more documentation, please check out their wiki.

The process of importing, collecting, and reporting on findings is similar to the above described process for DefectDojo. If you need any help to import our findings, please send us a request via email.