django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Support osv-scanner Export

Open themenucha opened this issue 3 years ago • 5 comments

Recently google release an open source scanner - osv-scanner. For more information: https://osv.dev/

As a Security Engineer, I will be glad if DefectDojo could support export from osv-scanner tool so that the results will appear in DefectDojo.

Since the tool is very new there are many alternatives, but I think it worth to give them a try.

Detailed info with output examples could be found here: https://github.com/google/osv-scanner

themenucha avatar Dec 25 '22 10:12 themenucha

@themenucha You can use Betterscan.io for this and import to DefectDojo via SARIF. Betterscan consumes "osv-scanner" results and adds many more (for Code and Cloud) and produces SARIF final report.

Code repo of Betterscan: https://github.com/marcinguy/betterscan-ce/

I also started a discussion about it here:

https://github.com/DefectDojo/django-DefectDojo/discussions/7353

marcinguy avatar Jan 03 '23 15:01 marcinguy

Any updates on supporting. osv-scanner JSON format directly?

jaskaransinghdr6j avatar Apr 23 '23 19:04 jaskaransinghdr6j

@marcinguy, do you have example output to get imported into defectdojo (e.g. also SARIF output), then we can advance the unittests and close this ticket?

manuel-sommer avatar Feb 02 '24 19:02 manuel-sommer

Any update on this @marcinguy or @themenucha ?

manuel-sommer avatar Feb 14 '24 19:02 manuel-sommer

@jaskaransinghdr6j do you have an output available?

manuel-sommer avatar Feb 18 '24 17:02 manuel-sommer

Completed.

devGregA avatar Mar 04 '24 16:03 devGregA