{"id":51564072,"url":"https://github.com/soprasteria/defectdojo-report","last_synced_at":"2026-07-10T13:03:15.429Z","repository":{"id":80427477,"uuid":"558247577","full_name":"soprasteria/defectdojo-report","owner":"soprasteria","description":"Export the security debt of an application from DefectDojo","archived":false,"fork":false,"pushed_at":"2025-08-20T14:25:46.000Z","size":572,"stargazers_count":5,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-11-04T04:17:06.777Z","etag":null,"topics":["debt","defectdojo","report","security","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/soprasteria.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-10-27T07:07:49.000Z","updated_at":"2025-08-20T14:25:50.000Z","dependencies_parsed_at":"2023-12-21T12:07:07.797Z","dependency_job_id":"c0ac11b4-d224-45d5-89b2-64efd5a0a155","html_url":"https://github.com/soprasteria/defectdojo-report","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/soprasteria/defectdojo-report","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soprasteria%2Fdefectdojo-report","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soprasteria%2Fdefectdojo-report/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soprasteria%2Fdefectdojo-report/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soprasteria%2Fdefectdojo-report/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/soprasteria","download_url":"https://codeload.github.com/soprasteria/defectdojo-report/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soprasteria%2Fdefectdojo-report/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35331955,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-10T02:00:06.465Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["debt","defectdojo","report","security","vulnerability"],"created_at":"2026-07-10T13:03:14.838Z","updated_at":"2026-07-10T13:03:15.419Z","avatar_url":"https://github.com/soprasteria.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DefectDojo Report\n\n[![Version](https://img.shields.io/npm/v/defectdojo-report)](https://www.npmjs.com/package/defectdojo-report)\n[![License](https://img.shields.io/npm/l/defectdojo-report)](./LICENSE)\n[![Node.js](https://img.shields.io/node/v/defectdojo-report)](https://nodejs.org/download/)\n[![GitHub Actions Workflow status](https://github.com/soprasteria/defectdojo-report/actions/workflows/test.yml/badge.svg)](https://github.com/soprasteria/defectdojo-report/actions/workflows/test.yml)\n[![README - English](https://img.shields.io/badge/readme-%F0%9F%87%AC%F0%9F%87%A7-blue)](./README.md)\n[![README - French](https://img.shields.io/badge/readme-%F0%9F%87%AB%F0%9F%87%B7-blue)](./README_fr.md)\n\n_DefectDojo Report_ is a tool made to export the security debt of an\napplication from DefectDojo with support for additional features:\n\n- Calculation of the resultant criticity from the impact (`severity`), the\n  ease of exploitation (set using a _tag_) and a mapping matrix\n- Support for additional information provided using _tags_:\n  - Audit origin\n  - Vulnerability fix under the service provider responsibility\n- Generation of customizable reports in HTML, CSV and JSON formats\n- Aggregation of the debt associated to multiple products\n\n## Usage\n\nInstall Node.js \u003e= 22 and NPM, then run the following commands:\n\n```bash\nnpm i -g defectdojo-report\ndefectdojo-report [options]\n```\n\nRun `defectdojo-report --help` to show the help message.\n\nOptions are documented here: [`src/cli.js`](./src/cli.js#L15).\n\nA proxy can be configured using the conventional `http_proxy`, `https_proxy`\nand `no_proxy` environment variables.\n\n## Example\n\nThe following command allows to export the security debt associated to the\nproduct `product-name` and the engagement `engagement-name` to 2 files\n(`./secdebt.csv` and `./secdebt.html`) including only active and not out of\nscope vulnerabilities:\n\n```bash\ndefectdojo-report                                          \\\n  --url \"https://defectdojo.acme.corp:8080\"                \\\n  --token \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\"       \\\n  --product \"product-name\" --engagement \"engagement-name\"  \\\n  --status \"active,!out_of_scope\"                          \\\n  --output \"./secdebt\"     --format \"csv,html\"             \\\n  --config \"./config.json\"\n```\n\nThe `config.json` file (optional) allows to customize the tool\n[configuration](src/config.js#L12), e.g. :\n\n```json\n{\n  \"title\": \"Custom HTML report title\",\n  \"criticities\": [\"unknown\", \"low\", \"moderate\", \"high\", \"critical\"]\n}\n```\n\n## License\n\n_DefectDojo Report_ is licensed under the GNU General Public License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoprasteria%2Fdefectdojo-report","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoprasteria%2Fdefectdojo-report","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoprasteria%2Fdefectdojo-report/lists"}