At the end of the DevSecOps Pipeline we want to gather all the results and analyze them.
DefectDojo is an open-source vulnerability management tool build by security engineers and OWASP. It is available as a docker image https://github.com/DefectDojo/django-DefectDojoarrow-up-right.
I install it on the same server as where my gitlab is running. Think of changing the ports when running it.
Another free vulnerability management tool is Farady https://faradaysec.com/arrow-up-right
After each script execution we want to upload the scan results to out vulnerability analysis tool. Defect Dojo supports many scanners, documentation is available here https://defectdojo.github.io/django-DefectDojo/integrations/import/arrow-up-right
Last updated 4 years ago