https://github.com/soprasteria/defectdojo-report
Export the security debt of an application from DefectDojo
https://github.com/soprasteria/defectdojo-report
debt defectdojo report security vulnerability
Last synced: 7 days ago
JSON representation
Export the security debt of an application from DefectDojo
- Host: GitHub
- URL: https://github.com/soprasteria/defectdojo-report
- Owner: soprasteria
- License: gpl-3.0
- Created: 2022-10-27T07:07:49.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2025-08-20T14:25:46.000Z (11 months ago)
- Last Synced: 2025-11-04T04:17:06.777Z (9 months ago)
- Topics: debt, defectdojo, report, security, vulnerability
- Language: JavaScript
- Homepage:
- Size: 559 KB
- Stars: 5
- Watchers: 2
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# DefectDojo Report
[](https://www.npmjs.com/package/defectdojo-report)
[](./LICENSE)
[](https://nodejs.org/download/)
[](https://github.com/soprasteria/defectdojo-report/actions/workflows/test.yml)
[](./README.md)
[](./README_fr.md)
_DefectDojo Report_ is a tool made to export the security debt of an
application from DefectDojo with support for additional features:
- Calculation of the resultant criticity from the impact (`severity`), the
ease of exploitation (set using a _tag_) and a mapping matrix
- Support for additional information provided using _tags_:
- Audit origin
- Vulnerability fix under the service provider responsibility
- Generation of customizable reports in HTML, CSV and JSON formats
- Aggregation of the debt associated to multiple products
## Usage
Install Node.js >= 22 and NPM, then run the following commands:
```bash
npm i -g defectdojo-report
defectdojo-report [options]
```
Run `defectdojo-report --help` to show the help message.
Options are documented here: [`src/cli.js`](./src/cli.js#L15).
A proxy can be configured using the conventional `http_proxy`, `https_proxy`
and `no_proxy` environment variables.
## Example
The following command allows to export the security debt associated to the
product `product-name` and the engagement `engagement-name` to 2 files
(`./secdebt.csv` and `./secdebt.html`) including only active and not out of
scope vulnerabilities:
```bash
defectdojo-report \
--url "https://defectdojo.acme.corp:8080" \
--token "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
--product "product-name" --engagement "engagement-name" \
--status "active,!out_of_scope" \
--output "./secdebt" --format "csv,html" \
--config "./config.json"
```
The `config.json` file (optional) allows to customize the tool
[configuration](src/config.js#L12), e.g. :
```json
{
"title": "Custom HTML report title",
"criticities": ["unknown", "low", "moderate", "high", "critical"]
}
```
## License
_DefectDojo Report_ is licensed under the GNU General Public License.