The information in this document applies to version 18.104.22.168 of Syhunt Hybrid.
DefectDojo is a security tool that automates application security vulnerability management. DefectDojo streamlines the application security testing process by offering features such as importing third party security findings, merging and de-duping, integration with Jira, templating, report generation and security metrics.
Syhunt generates a DefectDojo-compatible vulnerability report file if the output parameter is set to a filename that ends with the double extension .sast.json or .dast.json, as shown in the examples below. Finally when importing the JSON files into DefectDojo, specify the GitLab SAST or DAST format.
Note: currently, only GitLab SAST support is documented in DefectDojo. The DAST support may or may not come with some limitations
- SAST: scancode [target] -xout:anyfilename.sast.json
- DAST: scanurl [target] -xout:anyfilename.dast.json
When launching the scan through GitHub, GitLab and Powershell: use the outputex parameter of the scan function to pass the filename.
When launching the scan through Jenkins: use the outFilename parameter of the scan function to pass the filename.
For additional product documentation, visit syhunt.com/docs