Skip to content

Vulners tool for DefectDojo

DefectDojo is an open-source vulnerability management tool built for DevOps. It allows to administer application security workflow, search for vulnerabilities, get consistent remediation advice, and feed the results to various project-tracking systems i.e., JIRA, Slack, etc. DefectDojo works by enriching and refining vulnerability data with a series of heuristic algorithms that improve over time the more they are applied.

Upgrade your DefectDojo with Vulners – the most complete and the only fully correlated security intelligence database – and manage all vulnerabilities in a single space!

Installation

Clone the repository https://github.com/vankyver/django-DefectDojo.git and go to the branch 'vulners'

git clone https://github.com/vankyver/django-DefectDojo.git 
cd Django-DefectDojo 
git checkout origin/vulners

If needed pull updates from the original repository

git remote add upstream https://github.com/DefectDojo/django-DefectDojo.git
git checkout master
git fetch upstream
git merge upstream/master 
git checkout vulners
git rebase master # OR "git merge master"

Or add changes to the existing repository

cd ./your_repository
git remote add vulners https://github.com/vankyver/django-DefectDojo.git
git fetch vulners
git checkout your_working_branch
git merge vulners/vulners

Create an image and run DefectDojo.

# building
./dc-build.sh
# running (for other profiles besides mysql-rabbitmq look at https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md)
./dc-up.sh mysql-rabbitmq
# obtain admin credentials. the initializer can take up to 3 minutes to run
# use docker-compose logs -f initializer to track progress
docker-compose logs initializer | grep "Admin password:"

Navigate to http://localhost:8080.

Detailed instructions can be found here: DefectDojo Readme

Configuration

Generate a Vulners API key to register your service. Log in to Vulners, go to the Userinfo space and click on the API KEYS tab. In the "Scope" field, select "scan", click SAVE and then copy the generated key. The result should look something like this:

RGB9YPJG7CFAXP35PMDVYFFJPGZ9ZIRO1VGO9K9269B0K86K6XQQQR32O6007NUK

Go to your DefectDojo control panel.

Add Tool Type. In the side menu, select Configuration-> Add Tool Type. Select Add Tool Type, enter the name Vulners and press Submit. Add Tool Type

Add Tool Configuration. In the side menu, select Configuration-> Add Tool Configuration. Select Add Tool Configuration, enter the name Vulners, select Tool Type Vulners.
In the URL field enter https://vulners.com or your Vulners proxy address. In the Authentication type field select "API Key" and insert your Vulners API key in the respective field, then press Submit. Add Tool Configuration

Add Product Configuration. In the side menu, go to Products to create new. Then go to settings. Settings -> Add API Scan Configuration. Select Tool Configuration Vulners. Add Product Configuration

Add Product Configuration

Getting results

Import scan report. In the menu, go to Engagement -> Add New Interactive Engagement. Set the required parameters and press Import Scan. Select Scan type Vulners and click Import.

Import scan report

If the settings are correct, you will get all the latest Vulners agent scans results:

View results View results View results

Back to top