Dependency Track
Dependency Track has implemented a DefectDojo integration. Information about how to configure the integration is documented here: https://docs.dependencytrack.org/integrations/defectdojo/
Alternatively, the Finding Packaging Format (FPF) from OWASP Dependency Track can be imported in JSON format. See here for more info on this JSON format: https://docs.dependencytrack.org/integrations/file-formats/
Sample Scan Data
Sample Dependency Track scans can be found here.
Default Deduplication Hashcode Fields
By default, DefectDojo identifies duplicate Findings using these hashcode fields:
- component name
- component version
- vulnerability ids
Prev
Dependency CheckNext
Detect-secrets