Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated all DD scanTypes to v2.29 due to a lot more parser integrated already #100

Merged
merged 1 commit into from
Jan 16, 2024

Conversation

rseedorff
Copy link
Member

Updated all DefectDojo scanTypes to v2.29 due to a lot more parser integrated due to a lot more parser integrated like kube-hunter and ssh-audit. Reordered the list of scanTypes by name asc.

Added the following new defectdojo parsers to the list of scanTypes:

  1. AnchoreCTL Policies Report
  2. AnchoreCTL Vuln Report
  3. AWS Prowler V3
  4. AWS Security Finding Format (ASFF) Scan
  5. Azure Security Center Recommendations Scan
  6. BlackDuck API
  7. Bugcrowd API Import
  8. Burp GraphQL API
  9. Codechecker Report native
  10. docker-bench-security Scan
  11. Edgescan Scan
  12. Ggshield Scan
  13. Govulncheck Scanner
  14. HCLAppScan XML
  15. Horusec Scan
  16. Humble Json Importer
  17. Hydra Scan
  18. JFrog Xray API Summary Artifact Scan
  19. JFrog Xray On Demand Binary Scan
  20. KubeHunter Scan
  21. NeuVector (compliance)
  22. NeuVector (REST)
  23. OpenVAS XML
  24. pip-audit Scan
  25. Popeye Scan
  26. PWN SAST
  27. Rubocop Scan
  28. Rusty Hog Scan
  29. Solar Appscreener Scan
  30. SSH Audit Importer
  31. StackHawk HawkScan
  32. Sysdig Vulnerability Report - Pipeline, Registry and Runtime (CSV)
  33. Talisman Scan
  34. Tenable Scan
  35. Threagile risks report
  36. Trivy Operator Scan
  37. Veracode SourceClear Scan
  38. Vulners
  39. Wazuh
  40. Whispers Scan

Full List of integrated parsers within OWASP DefectDojo in v2.29:

  • Acunetix Scan - Acunetix Scan
  • Acunetix360 Scan - Acunetix360 Scan
  • Anchore Engine Scan - Anchore Engine Scan
  • Anchore Enterprise Policy Check - Anchore Enterprise Policy Check
  • Anchore Grype - Anchore Grype
  • AnchoreCTL Policies Report - AnchoreCTL Policies Report
  • AnchoreCTL Vuln Report - AnchoreCTL Vuln Report
  • AppSpider Scan - AppSpider Scan
  • Aqua Scan - Aqua Scan
  • Arachni Scan - Arachni Scan
  • AuditJS Scan - AuditJS Scan
  • AWS Prowler Scan - AWS Prowler Scan
  • AWS Prowler V3 - AWS Prowler V3
  • AWS Scout2 Scan - AWS Scout2 Scan
  • AWS Security Finding Format (ASFF) Scan - AWS Security Finding Format (ASFF) Scan
  • AWS Security Hub Scan - AWS Security Hub Scan
  • Azure Security Center Recommendations Scan - Azure Security Center Recommendations Scan
  • Bandit Scan - Bandit Scan
  • BlackDuck API - BlackDuck API
  • Blackduck Component Risk - Blackduck Component Risk
  • Blackduck Hub Scan - Blackduck Hub Scan
  • Brakeman Scan - Brakeman Scan
  • Bugcrowd API Import - Bugcrowd API Import
  • BugCrowd Scan - BugCrowd Scan
  • Bundler-Audit Scan - Bundler-Audit Scan
  • Burp Enterprise Scan - Burp Enterprise Scan
  • Burp GraphQL API - Burp GraphQL API
  • Burp REST API - Burp REST API
  • Burp Scan - Burp Scan
  • CargoAudit Scan - CargoAudit Scan
  • Checkmarx OSA - Checkmarx OSA
  • Checkmarx Scan - Checkmarx Scan
  • Checkmarx Scan detailed - Checkmarx Scan detailed
  • Checkov Scan - Checkov Scan
  • Clair Klar Scan - Clair Klar Scan
  • Clair Scan - Clair Scan
  • Cloudsploit Scan - Cloudsploit Scan
  • Cobalt.io API Import - Cobalt.io API Import
  • Cobalt.io Scan - Cobalt.io Scan
  • Codechecker Report native - Codechecker Report native
  • Contrast Scan - Contrast Scan
  • Coverity API - Coverity API
  • Crashtest Security JSON File - Crashtest Security JSON File
  • Crashtest Security XML File - Crashtest Security XML File
  • CredScan Scan - CredScan Scan
  • CycloneDX Scan - CycloneDX Scan
  • DawnScanner Scan - DawnScanner Scan
  • Dependency Check Scan - Dependency Check Scan
  • Dependency Track Finding Packaging Format (FPF) Export - Dependency Track Finding Packaging Format (FPF) Export
  • Detect-secrets Scan - Detect-secrets Scan
  • docker-bench-security Scan - docker-bench-security Scan
  • Dockle Scan - Dockle Scan
  • DrHeader JSON Importer - DrHeader JSON Importer
  • DSOP Scan - DSOP Scan
  • Edgescan Scan - Edgescan Scan
  • ESLint Scan - ESLint Scan
  • Fortify Scan - Fortify Scan
  • Generic Findings Import - Generic Findings Import
  • Ggshield Scan - Ggshield Scan
  • Github Vulnerability Scan - Github Vulnerability Scan
  • GitLab API Fuzzing Report Scan - GitLab API Fuzzing Report Scan
  • GitLab Container Scan - GitLab Container Scan
  • GitLab DAST Report - GitLab DAST Report
  • GitLab Dependency Scanning Report - GitLab Dependency Scanning Report
  • GitLab SAST Report - GitLab SAST Report
  • GitLab Secret Detection Report - GitLab Secret Detection Report
  • Gitleaks Scan - Gitleaks Scan
  • Gosec Scanner - Gosec Scanner
  • Govulncheck Scanner - Govulncheck Scanner
  • HackerOne Cases - HackerOne Cases
  • Hadolint Dockerfile check - Hadolint Dockerfile check
  • Harbor Vulnerability Scan - Harbor Vulnerability Scan
  • HCLAppScan XML - HCLAppScan XML
  • Horusec Scan - Horusec Scan
  • Humble Json Importer - Humble Json Importer
  • HuskyCI Report - HuskyCI Report
  • Hydra Scan - Hydra Scan
  • IBM AppScan DAST - IBM AppScan DAST
  • Immuniweb Scan - Immuniweb Scan
  • IntSights Report - IntSights Report
  • JFrog Xray API Summary Artifact Scan - JFrog Xray API Summary Artifact Scan
  • JFrog Xray On Demand Binary Scan - JFrog Xray On Demand Binary Scan
  • JFrog Xray Scan - JFrog Xray Scan
  • JFrog Xray Unified Scan - JFrog Xray Unified Scan
  • KICS Scan - KICS Scan
  • Kiuwan Scan - Kiuwan Scan
  • kube-bench Scan - kube-bench Scan
  • KubeHunter Scan - KubeHunter Scan
  • Meterian Scan - Meterian Scan
  • Microfocus Webinspect Scan - Microfocus Webinspect Scan
  • MobSF Scan - MobSF Scan
  • Mobsfscan Scan - Mobsfscan Scan
  • Mozilla Observatory Scan - Mozilla Observatory Scan
  • Netsparker Scan - Netsparker Scan
  • NeuVector (compliance) - NeuVector (compliance)
  • NeuVector (REST) - NeuVector (REST)
  • Nexpose Scan - Nexpose Scan
  • Nikto Scan - Nikto Scan
  • Nmap Scan - Nmap Scan
  • Node Security Platform Scan - Node Security Platform Scan
  • NPM Audit Scan - NPM Audit Scan
  • Nuclei Scan - Nuclei Scan
  • Openscap Vulnerability Scan - Openscap Vulnerability Scan
  • OpenVAS CSV - OpenVAS CSV
  • OpenVAS XML - OpenVAS XML
  • ORT evaluated model Importer - ORT evaluated model Importer
  • OssIndex Devaudit SCA Scan Importer - OssIndex Devaudit SCA Scan Importer
  • Outpost24 Scan - Outpost24 Scan
  • PHP Security Audit v2 - PHP Security Audit v2
  • PHP Symfony Security Check - PHP Symfony Security Check
  • pip-audit Scan - pip-audit Scan
  • PMD Scan - PMD Scan
  • Popeye Scan - Popeye Scan
  • PWN SAST - PWN SAST
  • Qualys Infrastructure Scan (WebGUI XML) - Qualys Infrastructure Scan (WebGUI XML)
  • Qualys Scan - Qualys Scan
  • Qualys Webapp Scan - Qualys Webapp Scan
  • Retire.js Scan - Retire.js Scan
  • Risk Recon API Importer - Risk Recon API Importer
  • Rubocop Scan - Rubocop Scan
  • Rusty Hog Scan - Rusty Hog Scan
  • SARIF - SARIF
  • Scantist Scan - Scantist Scan
  • Scout Suite Scan - Scout Suite Scan
  • Semgrep JSON Report - Semgrep JSON Report
  • SKF Scan - SKF Scan
  • Snyk Scan - Snyk Scan
  • Solar Appscreener Scan - Solar Appscreener Scan
  • SonarQube API Import - SonarQube API Import
  • SonarQube Scan - SonarQube Scan
  • SonarQube Scan detailed - SonarQube Scan detailed
  • Sonatype Application Scan - Sonatype Application Scan
  • SpotBugs Scan - SpotBugs Scan
  • SSH Audit Importer - SSH Audit Importer
  • SSL Labs Scan - SSL Labs Scan
  • Sslscan - Sslscan
  • Sslyze Scan - Sslyze Scan
  • SSLyze Scan (JSON) - SSLyze Scan (JSON)
  • StackHawk HawkScan - StackHawk HawkScan
  • Sysdig Vulnerability Report - Pipeline, Registry and Runtime (CSV) - Sysdig Vulnerability Report - Pipeline, Registry and Runtime (CSV)
  • Talisman Scan - Talisman Scan
  • Tenable Scan - Tenable Scan
  • Terrascan Scan - Terrascan Scan
  • Testssl Scan - Testssl Scan
  • TFSec Scan - TFSec Scan
  • Threagile risks report - Threagile risks report
  • Trivy Operator Scan - Trivy Operator Scan
  • Trivy Scan - Trivy Scan
  • Trufflehog Scan - Trufflehog Scan
  • Trufflehog3 Scan - Trufflehog3 Scan
  • Trustwave Fusion API Scan - Trustwave Fusion API Scan
  • Trustwave Scan (CSV) - Trustwave Scan (CSV)
  • Twistlock Image Scan - Twistlock Image Scan
  • VCG Scan - VCG Scan
  • Veracode Scan - Veracode Scan
  • Veracode SourceClear Scan - Veracode SourceClear Scan
  • Vulners - Vulners
  • Wapiti Scan - Wapiti Scan
  • Wazuh - Wazuh
  • WFuzz JSON report - WFuzz JSON report
  • Whispers Scan - Whispers Scan
  • WhiteHat Sentinel - WhiteHat Sentinel
  • Whitesource Scan - Whitesource Scan
  • Wpscan - Wpscan
  • Xanitizer Scan - Xanitizer Scan
  • Yarn Audit Scan - Yarn Audit Scan
  • ZAP Scan - ZAP Scan

… like kube-hunter and ssh-audit. Ordered list by name asc.
@rseedorff rseedorff added enhancement New feature or request java Pull requests that update Java code labels Dec 22, 2023
@rseedorff rseedorff requested a review from J12934 December 22, 2023 22:27
@Weltraumschaf Weltraumschaf merged commit 29490c5 into main Jan 16, 2024
3 checks passed
@Weltraumschaf Weltraumschaf deleted the update_scantype_to_v2.29 branch January 16, 2024 13:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request java Pull requests that update Java code
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

3 participants