Vulnerability Analysis

At the end of the DevSecOps Pipeline we want to gather all the results and analyze them.

Defect Dojo Open Source

DefectDojo is an open-source vulnerability management tool build by security engineers and OWASP. It is available as a docker image https://github.com/DefectDojo/django-DefectDojo.

I install it on the same server as where my gitlab is running. Think of changing the ports when running it.

Farady

Another free vulnerability management tool is Farady https://faradaysec.com/

Integration into the CD/CI pipeline

After each script execution we want to upload the scan results to out vulnerability analysis tool. Defect Dojo supports many scanners, documentation is available here https://defectdojo.github.io/django-DefectDojo/integrations/import/

PreviousSystem Compliance AnalysisNextReady-to-use and train DevSecOps CD/CI Pipeline

Last updated