You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/content/en/working_with_findings/organizing_engagements_tests/source-code-repositories.md
+11-10Lines changed: 11 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,17 +1,18 @@
1
1
---
2
-
title: "Source code repositories"
2
+
title: "Link Findings to source code"
3
3
description: "Integration of repositories to navigate to the locaction of findings in the source code."
4
4
draft: false
5
5
weight: 5
6
6
---
7
7
8
-
Findings can have a filepath and a line number as the location of the vulnerability. This is typically set when scanning an application with a Static Application Security Test (SAST) tool. If the repository of the source code is specified in the Engagement, DefectDojo will present the filepath as a link and the user can navigate directly to the location of the vulnerability.
8
+
Certain tools (particularly SAST tools) will include the associated file name and line number in vulnerability data. If the repository of the source code is specified in the Engagement, DefectDojo will present the filepath as a link and the user can navigate directly to the location of the vulnerability.
9
9
10
10
## Setting the repository in the Engagement and Test
11
11
12
12
### Engagement
13
13
While editing the Engagement, users can set the URL of the specific SCM repo.
14
-
For Interactive Engagement it needs to be the URL including the branch:
14
+
15
+
For an Interactive Engagement, it needs to be a URL that specifies the branch:
15
16
- for GitHub - like https://github.com/DefectDojo/django-DefectDojo/tree/dev
- for GitLab - like https://gitlab.com/gitlab-org/gitlab/-/tree/master
@@ -21,13 +22,13 @@ For Interactive Engagement it needs to be the URL including the branch:
21
22
- for standalone/onpremise BitBucket https://bb.example.com/scm/some-project/some-repo.git or https://bb.example.com/scm/some-user-name/some-repo.git for user public repo (like git clone url)
For CI/CD Engagement, where user could set commit hash, branch/tag and code line it should look like examples below:
25
-
- for GitHub - like https://github.com/DefectDojo/django-DefectDojo
26
-
- for GitLab - like https://gitlab.com/gitlab-org/gitlab
27
-
- for public BitBucket, Gitea and Codeberg - like https://bitbucket.org/some-user/some-project.git (like git clone url)
28
-
- for standalone/onpremise BitBucket https://bb.example.com/scm/some-project.git or https://bb.example.com/scm/some-user-name/some-repo.git for user public repo (like git clone url)
25
+
For CI/CD Engagements, the commit hash, branch/tag and code line can vary, so you only need to include the URL of the repository.
26
+
- for GitHub - like `https://github.com/DefectDojo/django-DefectDojo`
27
+
- for GitLab - like `https://gitlab.com/gitlab-org/gitlab`
28
+
- for public BitBucket, Gitea and Codeberg - like `https://bitbucket.org/some-user/some-project.git` (like git clone url)
29
+
- for standalone/onpremise BitBucket `https://bb.example.com/scm/some-project.git` or `https://bb.example.com/scm/some-user-name/some-repo.git` for user public repo (like git clone url)
29
30
30
-
If user does not set commit hash or branch/tag in appropriate fields of CI/CD Engagement edit form, the URL should look like in Interactive Engagement edit form.
31
+
In a CI/CD Engagement, you can specify a commit hash or branch/tag in the **Edit Engagement** form, which will be appended to any links rendered by DefectDojo. If these are not set, the SCM URL will need to contain a complete link which includes the code branch.
31
32
32
33
SCM navigation URL is composed from Repo URL using SCM Type. A specific SCM type can be set in Product custom field "scm-type". If no "scm-type" is set and the URL contains "https://github.com", a "github" SCM type is assumed.
33
34
@@ -42,7 +43,7 @@ Product SCM type add:
42
43
Possible SCM types could be 'github', 'gitlab', 'bitbucket', 'bitbucket-standalone', 'gitea', 'codeberg' or nothing (for default github).
43
44
44
45
45
-
## Link in Finding
46
+
## Source code Links in Findings
46
47
47
48
When viewing a finding, the location will be presented as a link, if the repository of the source code has been set in the Engagement:
0 commit comments