Snyk
Snyk output file (snyk test --json > snyk.json) can be imported in JSON format. Only SCA (Software Composition Analysis) report is supported (SAST report not supported yet).
Sample Scan Data
Sample Snyk scans can be found here.
Default Deduplication Hashcode Fields
By default, DefectDojo identifies duplicate Findings using these hashcode fields:
- vuln id from tool
- file path
- component name
- component version