StackHawk has contributed a custom parser to the Defect Dojo project. The parser is capable of importing webhook event JSON as findings into the Defect Dojo platform.
This integration will require you to create and host a webhook consuming application, capable of feeding these webhook events to your Defect Dojo installation.
There are some example snippets below to assist you with your own webhook consuming application.
When you’re ready to set up your Defect Dojo integration, be sure to check out the guide to enable the webhook integration,
and have your application’s webhook endpoint ready to go!
HawkScan findings can be auto imported as Defect Dojo findings.
Updates to scan results (re-imports) can auto close findings in Defect Dojo.
To interact with the StackHawk parser, please specify the scan_type as StackHawk HawkScan for both operations.
It is important that you make use of both of the above operations in your webhook consumer, as the reimport of a scan in Defect Dojo
has useful behavior associated to it, such as automatically closing out resolved issues, allowing you to better track findings by StackHawk in Defect Dojo.
Authenticating with Defect Dojo
You can find example documentation for authenticating to Defect Dojo on the demo site.
When you’re ready to get your own API key for the Defect Dojo API, you can find personalized instructions at <YOUR_DEFECT_DOJO_DOMAIN>/api/key-v2.
The Defect Dojo custom parser works on the webhook payload verbatim. No modifications are necessary.
We strongly recommend saving the webhook payload contents as-is to a file for upload into Defect Dojo.
Downloading the Webhook from StackHawk
These examples will showcase an endpoint (/my-webhook) downloading the contents of the StackHawk webhook payload to stackhawk-webhook.json.
We use first and third party cookies to ensure that we give you the best experience on
website and in our products. If you continue to use this site we will assume that you are happy with it and
we'll let corporate know.