Dependency-Track logov4.2

Dependency-Track can automatically publish results to DefectDojo providing a consolidated view of security-centric code findings and vulnerable component findings.

Dependency-Track accomplishes this in the following ways:

Requirements:

Dependency-Track Configuration

DefectDojo Configuration

Step 1: Create a product (or navigate to one you’ve created already

Create a product

Step 2: Create a CI/CD engagement for your product

Create CI/CD engagement menu Create CI/CD engagement

Step 3: Note down the ID of the new engagement

Note engagement ID

Step 4: Note down your API key

Note API Key Note API Key

Step 5: Add the API key in Dependency-Track configuration

Configure DefectDojo Integration

Per-project configuration

Dependency-Track includes the ability to specify configuration properties on a per-project basis. This feature is used to map projects in Dependency-Track to engagements in DefectDojo.

Attribute Value
Group Name integrations
Property Name defectdojo.engagementId
Property Value The CI/CD engagement ID to upload findings to, noted in Step 3
Property Type STRING