当前位置: 文江博客话题详情

如何将 minIO(例如 Nmap、Nikto、Sslyze、Zap)的扫描输出上传到 OWASP DefectDojo

发布于 2025-01-12 13:29:30 字数 4101 浏览 4 评论 0原文

我在将 minIO securecodebox 输出的结果上传到 OWASP DefectDojo 时遇到问题。

错误截图 https://drive.google.com/file/d/1PqVOazjr7r_1oMPf6SQsh8_iPFgnqkjC/ view?usp=sharing

我尝试遵循这些步骤 https://github.com/DefectDojo/django- DefectDojo/blob/dev/readme-docs/KUBERNETES.md 然后 https://docs.securecodebox.io/docs/hooks/defectdojo/

这个是扫描仪的链接 https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners

错误:

2022-03-07 07:23:54 INFO DefectDojoPersistenceProvider:35 - 下载扫描结果提供程序 2022-03-07 07:23:56 INFO DefectDojoPersistenceProvider:39 - 将结果上传到 DefectDojo:http: //defectdojo.default.minikube.local:8080/ tDojo 位于:http://defectdojo.default.minikube.local:8080/ 线程“main”中出现异常 org.springframework.web.client.ResourceAccessException:“http://defectdojo.default.minikube.locarr”的 GET 请求出现 I/O 错误,“http://defectdojo.default.minikube”的 GET 请求出现 I/O 错误.local:8080/api/v2/users/": defectdojo.default.minikube.local; 嵌套异常是 java.net.UnknownHostException: defectdojo.default.minikube.local 在 org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785) 在 org.springframework.web.client.RestTemplate.execute(RestTemplate.java:751) rnalSearch(GenericDefectDojoService.java:151) 在 org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:621) ch(GenericDefectDojoService.java:167) 在 io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.intechUnique(GenericDefectDojoService.java:187)rnalSearch(GenericDefectDojoService.java:151) ionedEngagementsStrategy.java:82) 在 io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.search(GenericDefectDojoService.java:167) 在 io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.searchUnique(GenericDefectDojoService.java:187) 在 io.securecodebox.persistence.strategies.VersionedEngagementsStrategy.run(VersionedEngagementsStrategy.java:82) 在 io.securecodebox.persistence.DefectDojoPersistenceProvider.main(DefectDojoPersistenceProvider.java:42) 引起原因:java.net.UnknownHostException:defectdojo.default.minikube.local 在 java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:229) 在 java.base/java.net.Socket.connect(Socket.java:609) 在 java.base/java.net.Socket.connect(Socket.java:558) 在 java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:182) 在 java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474) 在 java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569) 在 java.base/sun.net.www.http.HttpClient.(HttpClient.java:242) 在 java.base/sun.net.www.http.HttpClient.New(HttpClient.java:341) 在 java.base/sun.net.www.http.HttpClient.New(HttpClient.java:362) 在 java.base/sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1253) 在 java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1187) 在 java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081) 在 java.base/sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:1015) 在org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76) 在org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) 在 org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66) 在 org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776) ... 7 更多

谢谢您的回复!

原文

I have problem uploading the findings of minIO securecodebox outputs to OWASP DefectDojo.

Screenshot of Error
https://drive.google.com/file/d/1PqVOazjr7r_1oMPf6SQsh8_iPFgnqkjC/view?usp=sharing

I try following these steps
https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/KUBERNETES.md
then
https://docs.securecodebox.io/docs/hooks/defectdojo/

This is the link for the scanners
https://github.com/secureCodeBox/secureCodeBox/tree/main/scanners

The Error:

2022-03-07 07:23:54 INFO DefectDojoPersistenceProvider:35 - Downloading Scan Result ence provider
2022-03-07 07:23:56 INFO DefectDojoPersistenceProvider:39 - Uploading Findings to DefectDojo at: http://defectdojo.default.minikube.local:8080/ tDojo at: http://defectdojo.default.minikube.local:8080/
Exception in thread "main" org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://defectdojo.default.minikube.locarror on GET request for "http://defectdojo.default.minikube.local:8080/api/v2/users/": defectdojo.default.minikube.local; nested exception is java.net.UnknownHostException: defectdojo.default.minikube.local
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:751) rnalSearch(GenericDefectDojoService.java:151)
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:621) ch(GenericDefectDojoService.java:167)
at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.intechUnique(GenericDefectDojoService.java:187)rnalSearch(GenericDefectDojoService.java:151) ionedEngagementsStrategy.java:82)
at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.search(GenericDefectDojoService.java:167)
at io.securecodebox.persistence.defectdojo.service.GenericDefectDojoService.searchUnique(GenericDefectDojoService.java:187)
at io.securecodebox.persistence.strategies.VersionedEngagementsStrategy.run(VersionedEngagementsStrategy.java:82)
at io.securecodebox.persistence.DefectDojoPersistenceProvider.main(DefectDojoPersistenceProvider.java:42)
Caused by: java.net.UnknownHostException: defectdojo.default.minikube.local
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:229)
at java.base/java.net.Socket.connect(Socket.java:609)
at java.base/java.net.Socket.connect(Socket.java:558)
at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:182)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569)
at java.base/sun.net.www.http.HttpClient.(HttpClient.java:242)
at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:341)
at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:362)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1253)
at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1187)
at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1081)
at java.base/sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:1015)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)
... 7 more

Thank you for the reponse!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

就像说晚安 2025-01-19 13:29:30

有一个专用的 DefectDojo Hook 可以为您完成此操作。
您只需使用一些基本配置安装在集群上即可。

安装 DefectDojo persistenceProvider 挂钩会将 ReadAndWrite Hook 添加到您的命名空间。

kubectl 创建秘密通用缺陷dojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..."

helm 升级 --install dd secureCodeBox/persistence-defectdojo
--set="defectdojo.url=https://defectdojo-django.default.svc"

该挂钩会自动将扫描结果导入到 DefectDojo 中的参与中。如果参与不存在,则挂钩将创建参与(CI/CD 参与)及其所需的所有对象(产品和产品类型)。然后,该钩子将从 DefectDojo 中提取导入的信息,并使用它们替换 secureCodeBox 内的发现结果。

更多https://docs.securecodebox.io/docs/hooks/defectdojo

there is a dedicated DefectDojo Hook which will do it for you.
You just need to install in on a cluster with some basic configuration.

Installing the DefectDojo persistenceProvider hook will add a ReadAndWrite Hook to your namespace.

kubectl create secret generic defectdojo-credentials --from-literal="username=admin" --from-literal="apikey=08b7..."

helm upgrade --install dd secureCodeBox/persistence-defectdojo
--set="defectdojo.url=https://defectdojo-django.default.svc"

The hook will automatically import the scan results into an engagement in DefectDojo. If the engagement doesn't exist the hook will create the engagement (CI/CD engagement) and all objects required for it (product & product type). The hook will then pull the imported information from DefectDojo and use them to replace the findings inside secureCodeBox.

More https://docs.securecodebox.io/docs/hooks/defectdojo

回复 原文
~没有更多了~

关于作者

后eg是否自

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

十二

文章 0 评论 0

飞烟轻若梦

文章 0 评论 0

OPleyuhuo

文章 0 评论 0

wxb0109

文章 0 评论 0

旧城空念

文章 0 评论 0

-小熊_

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文