DependencyTrack
diff --git a/‎docs/_docs/integrations/defectdojo.md‎
Lines changed: 65 additions & 0 deletions b/‎docs/_docs/integrations/defectdojo.md‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoClient.java‎
Lines changed: 54 additions & 10 deletions b/‎src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoClient.java‎
Lines changed: 54 additions & 10 deletions
@@ -101,3 +101,68 @@ The DefectDojo documentation says 'If no test_title is provided, the latest test
 * Dependency-Track v4.6.0 or higher
 ![Configure Project](/images/screenshots/defectdojo_global_reimport.png)
 Alternatively, you can turn on the above reimport feature for all projects in one click, by checking on 'Enable reimport' box as shown in the screenshot above.
+
+### Auto Context Creation (Optional)
+
+Instead of manually creating Products and Engagements in DefectDojo for each project, you can enable automatic context creation. When enabled, DefectDojo will automatically create the Product Type, Product, and Engagement if they don't already exist.
+
+#### Prerequisites
+* Manual `defectdojo.engagementId` configuration always takes precedence over auto-create
+* Auto-create is opt-in via global configuration
+
+#### Global Configuration
+
+Enable auto-create by setting the following configuration property:
+
+| Property Name | Default Value | Description |
+|--------------|---------------|-------------|
+| `defectdojo.autocreate.enabled` | `false` | Enable/disable auto context creation |
+| `defectdojo.autocreate.engagementName` | `dependencytrack` | Default engagement name for all projects |
+| `defectdojo.autocreate.productTypeName` | `Dependency Track` | Default product type name for all projects |
+
+#### Per-project Property Overrides (Optional)
+
+You can override the default names on a per-project basis:
+
+| Attribute      | Value                             |
+| ---------------| --------------------------------- |
+| Group Name     | `integrations`                    |
+| Property Name  | `defectdojo.autocreate.productName`         |
+| Property Value | Custom product name (defaults to project name if not set) |
+| Property Type  | `STRING`                          |
+
+| Attribute      | Value                             |
+| ---------------| --------------------------------- |
+| Group Name     | `integrations`                    |
+| Property Name  | `defectdojo.autocreate.engagementName`      |
+| Property Value | Custom engagement name (defaults to global config if not set) |
+| Property Type  | `STRING`                          |
+
+| Attribute      | Value                             |
+| ---------------| --------------------------------- |
+| Group Name     | `integrations`                    |
+| Property Name  | `defectdojo.autocreate.productTypeName`     |
+| Property Value | Custom product type name (defaults to global config if not set) |
+| Property Type  | `STRING`                          |
+
+#### Configuration Priority
+
+The configuration follows this priority order:
+
+1. **Manual `defectdojo.engagementId`** (highest priority) - Uses traditional flow with engagement ID
+2. **Auto-create with per-project overrides** - Uses auto-create with project-specific names
+3. **Auto-create with global defaults** - Uses auto-create with global configuration values
+
+#### Example: Using Auto-create
+
+1. Enable auto-create globally in Dependency-Track configuration:
+   - Set `defectdojo.autocreate.enabled` to `true`
+   - Optionally customize `defectdojo.autocreate.engagementName` and `defectdojo.autocreate.productTypeName`
+
+2. For each project, the system will automatically:
+   - Use the project name as the Product name (or override with `defectdojo.autocreate.productName`)
+   - Use the global engagement name (or override with `defectdojo.autocreate.engagementName`)
+   - Use the global product type name (or override with `defectdojo.autocreate.productTypeName`)
+   - Create these entities in DefectDojo if they don't exist
+
+3. No manual Product or Engagement creation in DefectDojo is required!
@@ -56,6 +56,11 @@ public DefectDojoClient(final DefectDojoUploader uploader, final URL baseURL) {
     }
 
     public void uploadDependencyTrackFindings(final String token, final String engagementId, final InputStream findingsJson, final Boolean verifyFindings, final String testTitle) {
+        uploadDependencyTrackFindings(token, engagementId, findingsJson, verifyFindings, testTitle, null, null, null, false);
+    }
+
+    public void uploadDependencyTrackFindings(final String token, final String engagementId, final InputStream findingsJson, final Boolean verifyFindings, final String testTitle,
+                                               final String productTypeName, final String productName, final String engagementName, final boolean autoCreateContext) {
         LOGGER.debug("Uploading Dependency-Track findings to DefectDojo");
         HttpPost request = new HttpPost(baseURL + "/api/v2/import-scan/");
         InputStreamBody inputStreamBody = new InputStreamBody(findingsJson, ContentType.APPLICATION_OCTET_STREAM, "findings.json");
@@ -64,14 +69,31 @@ public void uploadDependencyTrackFindings(final String token, final String engag
         MultipartEntityBuilder builder = MultipartEntityBuilder.create();
         builder.setMode(HttpMultipartMode.BROWSER_COMPATIBLE)
                 .addPart("file", inputStreamBody)
-                .addPart("engagement", new StringBody(engagementId, ContentType.MULTIPART_FORM_DATA))
                 .addPart("scan_type", new StringBody("Dependency Track Finding Packaging Format (FPF) Export", ContentType.MULTIPART_FORM_DATA))
                 .addPart("verified", new StringBody(Boolean.toString(verifyFindings), ContentType.MULTIPART_FORM_DATA))
                 .addPart("active", new StringBody("true", ContentType.MULTIPART_FORM_DATA))
                 .addPart("minimum_severity", new StringBody("Info", ContentType.MULTIPART_FORM_DATA))
                 .addPart("close_old_findings", new StringBody("true", ContentType.MULTIPART_FORM_DATA))
                 .addPart("push_to_jira", new StringBody("false", ContentType.MULTIPART_FORM_DATA))
                 .addPart("scan_date", new StringBody(DATE_FORMAT.format(new Date()), ContentType.MULTIPART_FORM_DATA));
+
+        if (autoCreateContext) {
+            // Use auto_create_context with product and engagement names
+            builder.addPart("auto_create_context", new StringBody("true", ContentType.MULTIPART_FORM_DATA));
+            if (productTypeName != null) {
+                builder.addPart("product_type_name", new StringBody(productTypeName, ContentType.MULTIPART_FORM_DATA));
+            }
+            if (productName != null) {
+                builder.addPart("product_name", new StringBody(productName, ContentType.MULTIPART_FORM_DATA));
+            }
+            if (engagementName != null) {
+                builder.addPart("engagement_name", new StringBody(engagementName, ContentType.MULTIPART_FORM_DATA));
+            }
+        } else {
+            // Use traditional engagement ID
+            builder.addPart("engagement", new StringBody(engagementId, ContentType.MULTIPART_FORM_DATA));
+        }
+
         if(testTitle != null) {
             builder.addPart("test_title", new StringBody(testTitle, ContentType.MULTIPART_FORM_DATA));
         }
@@ -160,37 +182,59 @@ public ArrayList<String> jsonToList(final JSONArray jsonArray) {
         return list;
     }
 
+    public void reimportDependencyTrackFindings(final String token, final String engagementId, final InputStream findingsJson, final String testId, final Boolean doNotReactivate, final Boolean verifyFindings, final String testTitle) {
+        reimportDependencyTrackFindings(token, engagementId, findingsJson, testId, doNotReactivate, verifyFindings, testTitle, null, null, null, false);
+    }
+
     /*
      * A Reimport will reuse (overwrite) the existing test, instead of create a new test.
      * The Successfully reimport will also  increase the reimport counter by 1.
      */
-    public void reimportDependencyTrackFindings(final String token, final String engagementId, final InputStream findingsJson, final String testId, final Boolean doNotReactivate, final Boolean verifyFindings, final String testTitle) {
-        LOGGER.debug("Re-reimport Dependency-Track findings to DefectDojo per Engagement");
+    public void reimportDependencyTrackFindings(final String token, final String engagementId, final InputStream findingsJson, final String testId, final Boolean doNotReactivate, final Boolean verifyFindings, final String testTitle,
+                                                 final String productTypeName, final String productName, final String engagementName, final boolean autoCreateContext) {
+        LOGGER.debug("Reimporting Dependency-Track findings to DefectDojo");
         HttpPost request = new HttpPost(baseURL + "/api/v2/reimport-scan/");
+        InputStreamBody inputStreamBody = new InputStreamBody(findingsJson, ContentType.APPLICATION_OCTET_STREAM, "findings.json");
         request.addHeader("accept", "application/json");
         request.addHeader("Authorization", "Token " + token);
-        InputStreamBody inputStreamBody = new InputStreamBody(findingsJson, ContentType.APPLICATION_OCTET_STREAM, "findings.json");
         MultipartEntityBuilder builder = MultipartEntityBuilder.create();
         builder.setMode(HttpMultipartMode.BROWSER_COMPATIBLE)
                 .addPart("file", inputStreamBody)
-                .addPart("engagement", new StringBody(engagementId, ContentType.MULTIPART_FORM_DATA))
                 .addPart("scan_type", new StringBody("Dependency Track Finding Packaging Format (FPF) Export", ContentType.MULTIPART_FORM_DATA))
                 .addPart("verified", new StringBody(Boolean.toString(verifyFindings), ContentType.MULTIPART_FORM_DATA))
                 .addPart("active", new StringBody("true", ContentType.MULTIPART_FORM_DATA))
                 .addPart("minimum_severity", new StringBody("Info", ContentType.MULTIPART_FORM_DATA))
                 .addPart("close_old_findings", new StringBody("true", ContentType.MULTIPART_FORM_DATA))
                 .addPart("push_to_jira", new StringBody("false", ContentType.MULTIPART_FORM_DATA))
-                .addPart("do_not_reactivate", new StringBody(doNotReactivate.toString(), ContentType.MULTIPART_FORM_DATA))
-                .addPart("test", new StringBody(testId, ContentType.MULTIPART_FORM_DATA))
                 .addPart("scan_date", new StringBody(DATE_FORMAT.format(new Date()), ContentType.MULTIPART_FORM_DATA))
-                .build();
-        if(testTitle != null) {
+                .addPart("do_not_reactivate", new StringBody(Boolean.toString(doNotReactivate), ContentType.MULTIPART_FORM_DATA));
+
+        if (autoCreateContext) {
+            // Use auto_create_context with product and engagement names
+            builder.addPart("auto_create_context", new StringBody("true", ContentType.MULTIPART_FORM_DATA));
+            if (productTypeName != null) {
+                builder.addPart("product_type_name", new StringBody(productTypeName, ContentType.MULTIPART_FORM_DATA));
+            }
+            if (productName != null) {
+                builder.addPart("product_name", new StringBody(productName, ContentType.MULTIPART_FORM_DATA));
+            }
+            if (engagementName != null) {
+                builder.addPart("engagement_name", new StringBody(engagementName, ContentType.MULTIPART_FORM_DATA));
+            }
+        } else {
+            // Use traditional engagement ID and test ID
+            builder.addPart("engagement", new StringBody(engagementId, ContentType.MULTIPART_FORM_DATA));
+            builder.addPart("test", new StringBody(testId, ContentType.MULTIPART_FORM_DATA));
+        }
+
+        if (testTitle != null) {
             builder.addPart("test_title", new StringBody(testTitle, ContentType.MULTIPART_FORM_DATA));
         }
+
         request.setEntity(builder.build());
         try (CloseableHttpResponse response = HttpClientPool.getClient().execute(request)) {
             if (response.getStatusLine().getStatusCode() == HttpStatus.SC_CREATED) {
-                LOGGER.debug("Successfully reimport findings to DefectDojo");
+                LOGGER.debug("Successfully reimported findings to DefectDojo");
             } else {
                 uploader.handleUnexpectedHttpResponse(LOGGER, request.getURI().toString(), response.getStatusLine().getStatusCode(), response.getStatusLine().getReasonPhrase());
             }