Skip to content

GitHub Action

DefectDojo Actions

1.0.4 Latest version

DefectDojo Actions


DefectDojo Actions

Import data into DefectDojo


Copy and paste the following snippet into your .yml file.


- name: DefectDojo Actions

uses: C4tWithShell/defectdojo-action@1.0.4

Learn more about this action in C4tWithShell/defectdojo-action

Choose a version

DefectDojo Actions

This uploads reports to your DefectDojo. It allows to execute the following actions:

  1. Check productType. It will not create it. You need to preconfigure it manually with necessary permissions.
  2. Check and create product for setted productType if needed.
  3. Check and create engagement inside product if needed.
  4. Check and create environment.
  5. Integrate SonarQube API and use it for importing the tests.
  6. Get Github Vulnerability report.
  7. Import reports/api scan


See action.yml

Upload Report

  - name: Clone code repository
    uses: actions/checkout@v4
  - name: DefectDojo
    id: defectdojo
    uses: C4tWithShell/defectdojo-action@1.0.1
      token: ${{ secrets.DEFECTOJO_TOKEN }}
      defectdojo_url: ${{ secrets.DEFECTOJO_URL }}
      product_type: iroha2
      product: ${{ github.repository }}
      engagement: ${{ github.ref_name }}
      tools: "Trivy Scan, Github Vulnerability Scan"
      sonar_projectKey: iroha2:test_repo
      github_token: ${{ secrets.GITHUB_TOKEN }}
      github_repository: ${{ github.repository }}
      reports: '{"Github Vulnerability Scan": "github.json"}'
  - name: Show response
    run: |
      set -e
      printf '%s\n' '${{ steps.defectdojo.outputs.response }}'