django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Implement NodeJsScan parser

Open karthik137 opened this issue 6 years ago • 13 comments

Bug description I am unable to import NodeJsScan report. The API doesn't have a key-type called 'NodeJsScan'. I am using docker setup with hot reloading.

Environment information

  • Operating System: [Ubuntu16.04]

Screenshots (optional) defectdojo

karthik137 avatar Jan 28 '20 04:01 karthik137

Could you explain what steps you are doing? Are you uploading via the api (if yes, v1 or v2?). The screenshot is from the UI, so are you uploading through the UI? And what type of scan are you uploading? There is Node Security Platform or NPM Audit available in Defect Dojo.

valentijnscholten avatar Feb 09 '20 18:02 valentijnscholten

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar May 09 '20 19:05 stale[bot]

Looks like this is not a bug but a request to support the SAST reports from https://github.com/ajinabraham/nodejsscan

valentijnscholten avatar May 10 '20 08:05 valentijnscholten

Hi @valentijnscholten check this issue https://github.com/ajinabraham/nodejsscan/issues/149

Yes i was using UI. I don't remember the exact version. Let me check that.

karthik137 avatar May 13 '20 11:05 karthik137

@karthik137 do you have a sample scan you can provide?

devGregA avatar Jul 15 '20 18:07 devGregA

Hi, I just ran into this as well.

Just a heads up that the docs do say that this tool is supported. @devGregA I have a report to share but I need to get it to you via some other channel. GitHub is just a little too public.

image https://defectdojo.readthedocs.io/en/latest/integrations.html

dmaselbas avatar Jul 31 '20 18:07 dmaselbas

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Oct 31 '20 04:10 stale[bot]

Hey, I am also facing similar issue, can you please let me know steps to resolve this.

blue4209211 avatar Dec 23 '20 14:12 blue4209211

@dmaselbas Which version you are using. I am using defectdojo version 2.6.1 and I am not seeing any option to upload nodejsscan report. image

spmishra121 avatar Feb 14 '22 08:02 spmishra121

Node JS Scans are currently not supported. If a proper sample is provided we can look at implementing it. https://defectdojo.github.io/django-DefectDojo/integrations/parsers/

valentijnscholten avatar Feb 14 '22 08:02 valentijnscholten

@valentijnscholten could you please look at it?

git clone [email protected]:do-/dia.js.git
docker run -v $PWD/dia:/src --rm -it opensecurity/nodejsscan:v4.7 nodejsscan --json /src

available formats are --sarif, --sonarcube, --json, are any of they supported?

what I need is somehow pass to defectdojo code snippet (physicalLocation.region.snippet for --sarif)

jonny64 avatar Nov 11 '22 14:11 jonny64

@jonny64 the format SARIF is supported and maintained. @karthik137 could you try to use SARIF format?

damiencarol avatar Nov 11 '22 18:11 damiencarol

What is the status here? Is someone interested to try out SARIF outpput and share a sample report if SARIF won't work?

manuel-sommer avatar Jan 29 '24 03:01 manuel-sommer

I guess this is stale @mtesauro

manuel-sommer avatar Feb 27 '24 12:02 manuel-sommer