Note: The following external tools are DefectDojo Pro-only features. These binaries will not work unless they are connected to an instance with a DefectDojo Pro license.
Universal Importer and Dojo-CLI are command-line tools designed to seamlessly upload scan results into DefectDojo. It streamlines both the import and re-import processes of findings and associated objects. These tools are flexible and supports importing and re-importing scan results, making it ideal for users who need robust interaction with the DefectDojo API.
Dojo-CLI has the same functionality as Universal Importer but also includes the ability to export Findings from DefectDojo to JSON or CSV.
Use the DefectDojo UI to download the appropriate binary for your operating system from the platform.
Locate “External Tools” from your User Profile menu:
Extract the downloaded archive within a directory of your choice.
Optional: Add the directory containing the extracted binary to your system’s $PATH for repeat access.
Note that Macintosh users may be blocked from running Dojo-CLI or Universal Importer as they are apps from an unidentified developer. See Apple Support for instructions on how to override the block from Apple.
The Universal Importer can be configured using flags, environment variables, or a configuration file. The most important configuration is the API token, which must be set as an environment variable:
Add your API key to your environment variables.
You can retrieve your API key from: https://YOUR_INSTANCE.cloud.defectdojo.com/api/key-v2
or
Via the DefectDojo user interface
in the user dropdown in the top-right corner:
Set your environment variable for the API token.
export DD_IMPORTER_DOJO_API_TOKEN=YOUR_API_KEY
Note that this command is only available with Dojo-CLI.
To export Findings from Dojo-CLI, you will need to supply a configuration file which contains details explaining which Findings you wish to export. This is similar to the GET Findings method via the API.
Specify one or both of these options depending on the export format you want to use:
Note that Dojo-CLI will attempt to create a .csv or .json file if one does not exist already - your directory will need write permissions in order to do this.
You can also create the file in advance with touch findings.csv, for example.
These flags are all optional and can be used to filter out a specific list of Findings to be included in the export file. You can use any or all of these flags.
Complete Example
This example specifies the URL, export format and a few filter parameters to create a list of Findings.
If you encounter any issues, please check the following:
Ensure you’re using the correct binary for your operating system and CPU architecture.
Verify that the API key is set correctly in your environment variables.
Check that the DefectDojo URL is correct and accessible.
When importing, confirm that the report file exists and is in the supported format for the specified scan type. You can review the supported scanners for DefectDojo on our supported tools list.