Issue #1622 DefectDojo integration reimport enhancement - Part 2

docs/_docs/integrations/defectdojo.md

@@ -61,5 +61,10 @@ The additional configuration property is defined as below:
 | ---------------| --------------------------------- |
 | Group Name     | `integrations`                    |
 | Property Name  | `defectdojo.reimport`             |
-| Property Value | 'true' or 'false'                 |
+| Property Value | 'true'                            |
 | Property Type  | `BOOLEAN`                         |
+
+#### Step 8: Global configuration for Reimport Enhancement (Optional)
+* Dependency-Track v4.6.0 or higher
+![Configure Project](/images/screenshots/defectdojo_global_reimport.png)
+Alternatively, you can turn on the above reimport feature for all projects in one click, by checking on 'Enable reimport' box as shown in the screenshot above.

src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoClient.java

@@ -150,8 +150,6 @@ public void reimportDependencyTrackFindings(final String token, final String eng
                 .header("accept", "application/json")
                 .header("Authorization", "Token " + token)
                 .field("file", findingsJson, "findings.json")
-                .field("product_name", "Cloud Data Services")
-                .field("engagement_name", "dash-services-dtrack-tst2")
                 .field("engagement", engagementId)
                 .field("scan_type", "Dependency Track Finding Packaging Format (FPF) Export")
                 .field("verified", "true")

src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoUploader.java

@@ -44,7 +44,7 @@ public class DefectDojoUploader extends AbstractIntegrationPoint implements Proj
     public boolean isReimportConfigured(final Project project) {
         final ProjectProperty reimport = qm.getProjectProperty(project, DEFECTDOJO_ENABLED.getGroupName(), REIMPORT_PROPERTY);
         if (reimport != null) {
-            return Boolean.parseBoolean(reimport.getPropertyValue());  
+            return Boolean.parseBoolean(reimport.getPropertyValue());
         } else {
             return false;
         }
@@ -82,12 +82,13 @@ public InputStream process(final Project project, final List<Finding> findings)
     public void upload(final Project project, final InputStream payload) {
         final ConfigProperty defectDojoUrl = qm.getConfigProperty(DEFECTDOJO_URL.getGroupName(), DEFECTDOJO_URL.getPropertyName());
         final ConfigProperty apiKey = qm.getConfigProperty(DEFECTDOJO_API_KEY.getGroupName(), DEFECTDOJO_API_KEY.getPropertyName());
+        final ConfigProperty globalReimportEnabled = qm.getConfigProperty(DEFECTDOJO_REIMPORT_ENABLED.getGroupName(), DEFECTDOJO_REIMPORT_ENABLED.getPropertyName());
         final ProjectProperty engagementId = qm.getProjectProperty(project, DEFECTDOJO_ENABLED.getGroupName(), ENGAGEMENTID_PROPERTY);
         try {
             final DefectDojoClient client = new DefectDojoClient(this, new URL(defectDojoUrl.getPropertyValue()));
-            if (isReimportConfigured(project)) {
-                final ArrayList testsIds = client.getDojoTestIds(apiKey.getPropertyValue(), engagementId.getPropertyValue());
-                final String testId = client.getDojoTestId(engagementId.getPropertyValue(), testsIds);
+            final ArrayList testsIds = client.getDojoTestIds(apiKey.getPropertyValue(), engagementId.getPropertyValue());
+            final String testId = client.getDojoTestId(engagementId.getPropertyValue(), testsIds);
+            if (isReimportConfigured(project) || Boolean.parseBoolean(globalReimportEnabled.getPropertyValue())) {
                 LOGGER.debug("Found existing test Id: " + testId);
                 if (testId.equals("")) {
                     client.uploadDependencyTrackFindings(apiKey.getPropertyValue(), engagementId.getPropertyValue(), payload);

src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java

@@ -56,6 +56,7 @@ public enum ConfigPropertyConstants {
     FORTIFY_SSC_URL("integrations", "fortify.ssc.url", null, PropertyType.URL, "Base URL to Fortify SSC"),
     FORTIFY_SSC_TOKEN("integrations", "fortify.ssc.token", null, PropertyType.ENCRYPTEDSTRING, "The token to use to authenticate to Fortify SSC"),
     DEFECTDOJO_ENABLED("integrations", "defectdojo.enabled", "false", PropertyType.BOOLEAN, "Flag to enable/disable DefectDojo integration"),
+    DEFECTDOJO_REIMPORT_ENABLED("integrations", "defectdojo.reimport.enabled", "false", PropertyType.BOOLEAN, "Flag to enable/disable DefectDojo reimport-scan API endpoint"),
     DEFECTDOJO_SYNC_CADENCE("integrations", "defectdojo.sync.cadence", "60", PropertyType.INTEGER, "The cadence (in minutes) to upload to DefectDojo"),
     DEFECTDOJO_URL("integrations", "defectdojo.url", null, PropertyType.URL, "Base URL to DefectDojo"),
     DEFECTDOJO_API_KEY("integrations", "defectdojo.apiKey", null, PropertyType.STRING, "API Key for DefectDojo"),

src/test/java/org/dependencytrack/persistence/DefaultObjectGeneratorTest.java

@@ -78,7 +78,7 @@ public void testLoadDefaultConfigProperties() throws Exception {
         Method method = generator.getClass().getDeclaredMethod("loadDefaultConfigProperties");
         method.setAccessible(true);
         method.invoke(generator);
-        Assert.assertEquals(42, qm.getConfigProperties().size());
+        Assert.assertEquals(43, qm.getConfigProperties().size());
     }
 
     @Test