diff --git a/docs/_docs/integrations/defectdojo.md b/docs/_docs/integrations/defectdojo.md index 2788aa0b02..0e1e24b132 100644 --- a/docs/_docs/integrations/defectdojo.md +++ b/docs/_docs/integrations/defectdojo.md @@ -61,5 +61,10 @@ The additional configuration property is defined as below: | ---------------| --------------------------------- | | Group Name | `integrations` | | Property Name | `defectdojo.reimport` | -| Property Value | 'true' or 'false' | +| Property Value | 'true' | | Property Type | `BOOLEAN` | + +#### Step 8: Global configuration for Reimport Enhancement (Optional) +* Dependency-Track v4.6.0 or higher +![Configure Project](/images/screenshots/defectdojo_global_reimport.png) +Alternatively, you can turn on the above reimport feature for all projects in one click, by checking on 'Enable reimport' box as shown in the screenshot above. diff --git a/docs/images/screenshots/defectdojo_global_reimport.png b/docs/images/screenshots/defectdojo_global_reimport.png new file mode 100644 index 0000000000..87d0bbd7b6 Binary files /dev/null and b/docs/images/screenshots/defectdojo_global_reimport.png differ diff --git a/src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoClient.java b/src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoClient.java index be31b29464..1f23927756 100644 --- a/src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoClient.java +++ b/src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoClient.java @@ -150,8 +150,6 @@ public void reimportDependencyTrackFindings(final String token, final String eng .header("accept", "application/json") .header("Authorization", "Token " + token) .field("file", findingsJson, "findings.json") - .field("product_name", "Cloud Data Services") - .field("engagement_name", "dash-services-dtrack-tst2") .field("engagement", engagementId) .field("scan_type", "Dependency Track Finding Packaging Format (FPF) Export") .field("verified", "true") diff --git a/src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoUploader.java b/src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoUploader.java index 03a6e3116b..53273c9f1a 100644 --- a/src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoUploader.java +++ b/src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoUploader.java @@ -44,7 +44,7 @@ public class DefectDojoUploader extends AbstractIntegrationPoint implements Proj public boolean isReimportConfigured(final Project project) { final ProjectProperty reimport = qm.getProjectProperty(project, DEFECTDOJO_ENABLED.getGroupName(), REIMPORT_PROPERTY); if (reimport != null) { - return Boolean.parseBoolean(reimport.getPropertyValue()); + return Boolean.parseBoolean(reimport.getPropertyValue()); } else { return false; } @@ -82,12 +82,13 @@ public InputStream process(final Project project, final List findings) public void upload(final Project project, final InputStream payload) { final ConfigProperty defectDojoUrl = qm.getConfigProperty(DEFECTDOJO_URL.getGroupName(), DEFECTDOJO_URL.getPropertyName()); final ConfigProperty apiKey = qm.getConfigProperty(DEFECTDOJO_API_KEY.getGroupName(), DEFECTDOJO_API_KEY.getPropertyName()); + final ConfigProperty globalReimportEnabled = qm.getConfigProperty(DEFECTDOJO_REIMPORT_ENABLED.getGroupName(), DEFECTDOJO_REIMPORT_ENABLED.getPropertyName()); final ProjectProperty engagementId = qm.getProjectProperty(project, DEFECTDOJO_ENABLED.getGroupName(), ENGAGEMENTID_PROPERTY); try { final DefectDojoClient client = new DefectDojoClient(this, new URL(defectDojoUrl.getPropertyValue())); - if (isReimportConfigured(project)) { - final ArrayList testsIds = client.getDojoTestIds(apiKey.getPropertyValue(), engagementId.getPropertyValue()); - final String testId = client.getDojoTestId(engagementId.getPropertyValue(), testsIds); + final ArrayList testsIds = client.getDojoTestIds(apiKey.getPropertyValue(), engagementId.getPropertyValue()); + final String testId = client.getDojoTestId(engagementId.getPropertyValue(), testsIds); + if (isReimportConfigured(project) || Boolean.parseBoolean(globalReimportEnabled.getPropertyValue())) { LOGGER.debug("Found existing test Id: " + testId); if (testId.equals("")) { client.uploadDependencyTrackFindings(apiKey.getPropertyValue(), engagementId.getPropertyValue(), payload); diff --git a/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java b/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java index 58d2730db3..5c6e85ec2f 100644 --- a/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java +++ b/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java @@ -56,6 +56,7 @@ public enum ConfigPropertyConstants { FORTIFY_SSC_URL("integrations", "fortify.ssc.url", null, PropertyType.URL, "Base URL to Fortify SSC"), FORTIFY_SSC_TOKEN("integrations", "fortify.ssc.token", null, PropertyType.ENCRYPTEDSTRING, "The token to use to authenticate to Fortify SSC"), DEFECTDOJO_ENABLED("integrations", "defectdojo.enabled", "false", PropertyType.BOOLEAN, "Flag to enable/disable DefectDojo integration"), + DEFECTDOJO_REIMPORT_ENABLED("integrations", "defectdojo.reimport.enabled", "false", PropertyType.BOOLEAN, "Flag to enable/disable DefectDojo reimport-scan API endpoint"), DEFECTDOJO_SYNC_CADENCE("integrations", "defectdojo.sync.cadence", "60", PropertyType.INTEGER, "The cadence (in minutes) to upload to DefectDojo"), DEFECTDOJO_URL("integrations", "defectdojo.url", null, PropertyType.URL, "Base URL to DefectDojo"), DEFECTDOJO_API_KEY("integrations", "defectdojo.apiKey", null, PropertyType.STRING, "API Key for DefectDojo"), diff --git a/src/test/java/org/dependencytrack/persistence/DefaultObjectGeneratorTest.java b/src/test/java/org/dependencytrack/persistence/DefaultObjectGeneratorTest.java index 6349c6cf08..235dcf06b0 100644 --- a/src/test/java/org/dependencytrack/persistence/DefaultObjectGeneratorTest.java +++ b/src/test/java/org/dependencytrack/persistence/DefaultObjectGeneratorTest.java @@ -78,7 +78,7 @@ public void testLoadDefaultConfigProperties() throws Exception { Method method = generator.getClass().getDeclaredMethod("loadDefaultConfigProperties"); method.setAccessible(true); method.invoke(generator); - Assert.assertEquals(42, qm.getConfigProperties().size()); + Assert.assertEquals(43, qm.getConfigProperties().size()); } @Test