Generic Findings Import
On this page
You can use Generic Findings Import as a method to ingest JSON or CSV files into DefectDojo which are not already in the supported parsers list.
Files uploaded using Generic Findings Import must conform to the accepted format with respect to CSV column headers / JSON attributes.
These attributes are supported for CSV:
- Date: Date of the finding in mm/dd/yyyy format.
- Title: Title of the finding
- CweId: Cwe identifier, must be an integer value.
- Url: Url associated with the finding.
- Severity: Severity of the finding. Must be one of Info, Low, Medium, High, or Critical.
- Description: Description of the finding. Can be multiple lines if enclosed in double quotes.
- Mitigation: Possible Mitigations for the finding. Can be multiple lines if enclosed in double quotes.
- Impact: Detailed impact of the finding. Can be multiple lines if enclosed in double quotes.
- References: References associated with the finding. Can be multiple lines if enclosed in double quotes.
- Active: Indicator if the finding is active. Must be empty, TRUE or FALSE
- Verified: Indicator if the finding has been verified. Must be empty, TRUE, or FALSE
- FalsePositive: Indicator if the finding is a false positive. Must be TRUE, or FALSE.
- Duplicate: Indicator if the finding is a duplicate. Must be TRUE, or FALSE
The CSV expects a header row with the names of the attributes.
Example of JSON format:
This parser supports an attributes that accept files as Base64 strings. These files are attached to the respective findings.
Example:
This parser supports an attribute name
and type
to be able to define TestType
. Based on this, you can define custom HASHCODE_FIELDS
or DEDUPLICATION_ALGORITHM
in the settings.
Example:
Sample Scan Data
Sample Generic Findings Import scans can be found here.