For custom integration Dependency track with Defec Dojo.
The default integration isn't flexible. In version v4.3.2 of Dependency Track you can manipulate only with cadence (time to synchronization).
This integration for manipulate with DB of Dependency Track. So, script collect all data, that should be send and prepare it for import in Defect Dojo.
By default, when you run script:
- Collect all analysed with state
EXPLOITABLE(more about State in DTrack) - Create engagements in Defect Dojo products
- Import results with DependencyTrack parser(docs, github)
- Change State in Dependency Track from
EXPLOITABLEtoIN_TRIAGE(State in DTrack) - Add comment in
Audit Trails(docs)
IMPORTANT! It works only with Postgre DB of Dependency Track.
echo DD_TOKEN=<Your token> >> .env
echo POSTGRES_PASSWORD=<DB Password> >> .envI'm using with docker-compose integration.
Build docker container from source.
docker build -t dtrack-dd-integration .Run it in docker-compose.
sync:
image: dtrack-dd-integration
environment:
# Database Properties
- DB_HOST=db
- POSTGRES_USER=dtrack
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
# Configuration
- LOGLEVEL=INFO
- DD_TOKEN=${DD_TOKEN}
- DD_HOST=https://<DefectDojo Host>/api/v2
command: "python3 main.py"Just mount volume with sources
sync:
build:
context: ./dtrack-dd-integration
dockerfile: Dockerfile
environment:
# Database Properties
- DB_HOST=db
- POSTGRES_USER=dtrack
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- LOGLEVEL=DEBUG
- DD_TOKEN=${DD_TOKEN}
- DD_HOST=https://<DefectDojo Host>/api/v2
volumes:
- ./dtrack-dd-integration/:/service/server/
command: "python3 main.py"So, this case is up to you. For example, you can use cron task for scheduler run.
*/15 * * * * cd /path/to/docker-compose.yml && docker-compose (up -d / restart) sync In future, the autorun module will be appeare.