This repository publishes a generated Python client for the DefectDojo v2 API.
- Runtime package:
defectdojo_api_generated - Primary public entry point:
defectdojo_api_generated.client.DefectDojo - Generator source: OpenAPI Generator with custom mustache templates under
support/api_generation/custom_templates - Upstream schema source: DefectDojo OpenAPI schema fetched and lightly patched under
support/openapi
The codebase is mostly generated. The important mental model is:
- Fetch or refresh the OpenAPI schema.
- Apply small schema tweaks that add generator hints.
- Regenerate the package and generated tests.
- Keep handwritten customization in templates or helper modules, not in generated API/model files.
defectdojo_api_generated/api/One generated class per API area. These files are large and should be treated as generated output.defectdojo_api_generated/models/Generated Pydantic request/response models.defectdojo_api_generated/__init__.pyGenerated package export surface and version metadata.defectdojo_api_generated/api_client.pyGenerated HTTP client core.defectdojo_api_generated/configuration.py,rest.py,exceptions.py,api_response.pyGenerated runtime plumbing.
defectdojo_api_generated/client.pyCustom convenience wrapper exposing lazily constructed*_apiproperties and simpler auth setup.defectdojo_api_generated/helpers.pyHandwritten pagination helper used by generated iterator methods.
support/openapi/fetch_openapi.pyFetches the DefectDojo schema from either the live demo or a local Docker-backed instance.support/openapi/tweak_openapi.pyAdds custom vendor extensions for paginated endpoints so generated API classes expose iterator helpers.support/openapi/openapi.jsonStored raw schema snapshot.support/openapi/build/openapi.jsonTweaked schema used for generation.support/api_generation/generate.shRuns schema tweaking, OpenAPI Generator, and moves generated tests intotests/generated/.support/api_generation/config.yamlOpenAPI Generator config.support/api_generation/custom_templates/The real customization layer. If generation behavior needs to change, edit templates here rather than the generated output.support/api_generation/templates.spec/Reference snapshot of template files.
tests/generated/Generated smoke tests for API and model classes. Expect these to be overwritten on regeneration.tests/unit/Small handwritten unit tests for custom client behavior.tests/integration/End-to-end tests against a real DefectDojo instance.tests/data/Fixtures for integration scenarios, such as import/reimport payloads.
ALWAYS use unittest.TestCase to write new tests unless you really cannot.
support/integration/docker-compose.ymlLocal DefectDojo stack for schema refreshes and integration testing.support/integration/run_dojo.shStarts the stack and waits for the API to become ready.support/integration/stop_dojo.shStops the stack.
The package is intentionally thin:
DefectDojo(...)builds aConfiguration, infers proxy settings from the environment, and creates one sharedApiClient.- Each
*.apiproperty onDefectDojoreturns a generated API wrapper bound to that shared client. - Generated API methods serialize parameters, call the generated
ApiClient, then deserialize into Pydantic models. - For paginated GET endpoints,
support/openapi/tweak_openapi.pyannotates the schema withx-has-iterator, and the customapi.mustachetemplate emits*_iterator()helpers that stream results across pages viahelpers.get_all_pages().
Prefer these rules unless a task explicitly requires regeneration:
- Do not hand-edit files in
defectdojo_api_generated/api/. - Do not hand-edit files in
defectdojo_api_generated/models/. - Treat
tests/generated/as generated output. - If a change should survive regeneration, make it in:
support/api_generation/custom_templates/support/openapi/tweak_openapi.pysupport/openapi/fetch_openapi.pydefectdojo_api_generated/helpers.pydefectdojo_api_generated/client.py- handwritten tests in
tests/unit/ortests/integration/
When deciding where to edit:
- API signature/serialization/runtime generation issue: fix a mustache template or schema tweak.
- Pagination iteration issue: check
tweak_openapi.py,custom_templates/api.mustache, andhelpers.py. - Convenience client/auth/proxy behavior: check
client.py. - Upstream API shape drift: refresh schema, regenerate, then review diffs.
Environment:
uv sync --dev
Formatting and lint:
make lintmake lint-check
Repo-specific expectation:
- After any code, template, packaging, or GitHub Actions change, run
make lint. - Do not treat
make lintas optional or defer it unless the user explicitly asks not to run it or you are blocked.
Tests:
make testmake test-e2e
Schema and generation:
make schemamake generatemake templates
Publishing helper:
make testpub
Use this when the DefectDojo API changed or when template/schema customizations need to be applied across the client:
- Refresh dependencies with
uv sync --dev. - Fetch schema with
make schemaor runsupport/openapi/fetch_openapi.py --demo. - Regenerate with
make generate. - Review diffs carefully in:
defectdojo_api_generated/tests/generated/
- Run
make test. - If integration behavior changed, run
make test-e2e.
- CI runs lint, unit tests on multiple Python versions, and integration tests via GitHub Actions.
- Packaging metadata lives in
pyproject.toml. - Release publishing is tag-driven via
.github/workflows/publish-main.yml. - The package targets Python
>=3.9,<4.
- The repository currently includes generated artifacts and some local cache directories; focus changes on tracked source files.
README.mdis minimal and points contributors toCONTRIBUTING.md; this file is the better quick orientation for agentic work.- If generated output and handwritten files disagree, assume templates and schema-tweaking scripts are the source of truth, then regenerate instead of patching the generated leaf files by hand.