Skip to content

feat(lab10): defectdojo governance report + capstone walkthrough#10

Open
RII6 wants to merge 1 commit into
mainfrom
feature/lab10
Open

feat(lab10): defectdojo governance report + capstone walkthrough#10
RII6 wants to merge 1 commit into
mainfrom
feature/lab10

Conversation

@RII6

@RII6 RII6 commented Jun 30, 2026

Copy link
Copy Markdown
Owner

Goal

Implemented a full Vulnerability Management program using DefectDojo, imported historical scans, calculated SLA/metrics, and produced an executive governance report.

Changes

  • Started DefectDojo locally via docker-compose and provisioned a Product/Engagement via API.
  • Implemented an automated Bash importer to ingest Semgrep, Trivy, Checkov, and KICS scans, resulting in 158 unique findings mapped to the Juice Shop product.
  • Applied an SLA matrix (Critical 24h, High 7d) and exported program metrics (MTTR, Vuln-age, Severity distribution).
  • Documented findings, risk-accepted items (with expiry dates), and next-quarter SAMM goals in submissions/lab10.md.
  • Bonus: Prepared a timed 5-minute DevSecOps interview walkthrough script in submissions/lab10-walkthrough.md.

Checklist

  • Task 1 — DefectDojo setup + imports + dedup proof
  • Task 2 — Governance report with MTTD/MTTR/SLA/backlog
  • Bonus — 5-minute walkthrough script with timed practice

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant