Skip to content
/ django-DefectDojo Public
forked from DefectDojo/django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.

defectdojo.com

License

BSD-3-Clause license
0 stars 1.6k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

r0075h3ll/django-DefectDojo

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10,710 Commits
.github
.github
 
 
components
components
 
 
docker
docker
 
 
docs
docs
 
 
dojo
dojo
 
 
helm/defectdojo
helm/defectdojo
 
 
nginx
nginx
 
 
readme-docs
readme-docs
 
 
tests
tests
 
 
unittests
unittests
 
 
.dockerignore
.dockerignore
 
 
.dryrunsecurity.yaml
.dryrunsecurity.yaml
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
Dockerfile.django-alpine
Dockerfile.django-alpine
 
 
Dockerfile.django-debian
Dockerfile.django-debian
 
 
Dockerfile.integration-tests-debian
Dockerfile.integration-tests-debian
 
 
Dockerfile.nginx-alpine
Dockerfile.nginx-alpine
 
 
Dockerfile.nginx-debian
Dockerfile.nginx-debian
 
 
LICENSE.md
LICENSE.md
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
_config.yml
_config.yml
 
 
app.json
app.json
 
 
ct.yaml
ct.yaml
 
 
dc-build.sh
dc-build.sh
 
 
dc-down.sh
dc-down.sh
 
 
dc-integration-tests.sh
dc-integration-tests.sh
 
 
dc-stop.sh
dc-stop.sh
 
 
dc-unittest.sh
dc-unittest.sh
 
 
dc-up-d.sh
dc-up-d.sh
 
 
dc-up.sh
dc-up.sh
 
 
docker-compose.override.debug.yml
docker-compose.override.debug.yml
 
 
docker-compose.override.dev.yml
docker-compose.override.dev.yml
 
 
docker-compose.override.https.yml
docker-compose.override.https.yml
 
 
docker-compose.override.integration_tests.yml
docker-compose.override.integration_tests.yml
 
 
docker-compose.override.unit_tests.yml
docker-compose.override.unit_tests.yml
 
 
docker-compose.override.unit_tests_cicd.yml
docker-compose.override.unit_tests_cicd.yml
 
 
docker-compose.yml
docker-compose.yml
 
 
manage.py
manage.py
 
 
requirements-lint.txt
requirements-lint.txt
 
 
requirements.txt
requirements.txt
 
 
ruff.toml
ruff.toml
 
 
wsgi.py
wsgi.py
 
 
wsgi_params
wsgi_params
 
 

Repository files navigation

Inspector Parser for ECR

AWS Inspector is a security service managed by AWS, that can detect software and network related vulnerabilities, along with generating findings related to these resources

  • Container Images from Elastic Container Registry (ECR)
  • AWS Lambda
  • EC2 Instances

Reporting in AWS Inspector requires KMS and S3 Bucket initialization, which is a hassle if you looking for a quick workaround to get your findings imported in DefectDojo. Additionally, list-findings API call lets you query the generated findings from AWS Inspector.

However, the current release of DefectDojo doesn't support the JSON format in which findings are presented by AWS Inspector using list-findings API call.

This fork of DefectDojo modifies the parser to support the list-findings API call response format for ECR related findings.

aws inspector2 list-findings --region="north-virginia" --filter-criteria '{"ecrImageRepository":[{"comparison": "EQUALS", "value": "ecr-repo-name"}]}' > report.json

# report.json can now be imported in dashboard under 'AWS Security Hub Scan' scanner type

About

DevSecOps, ASPM, Vulnerability Management. All on one platform.

defectdojo.com

Resources

Readme

License

BSD-3-Clause license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HTML 54.4%
  • Python 34.4%
  • JavaScript 10.5%
  • Smarty 0.3%
  • Shell 0.2%
  • CSS 0.2%