Stats
Actions
Tags
Deploys DefectDojo as centralized vulnerability management dashboard using Docker Compose, with scanner integrations (Nessus/ZAP), deduplication, metrics tracking, and Jira workflows. Useful for DevSecOps vuln tracking.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:building-vulnerability-dashboard-with-defectdojoThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
DefectDojo 是一个开源应用漏洞管理平台,可聚合来自 200+ 安全工具的发现结果、去重处理、跟踪修复进度,并提供高管级仪表盘。它作为漏洞管理的中心枢纽,可与 CI/CD 管道、Jira 工单系统和 Slack 通知集成。DefectDojo 支持基于 OWASP 的分类,并提供 REST API 进行自动化操作。
DefectDojo 是一个开源应用漏洞管理平台,可聚合来自 200+ 安全工具的发现结果、去重处理、跟踪修复进度,并提供高管级仪表盘。它作为漏洞管理的中心枢纽,可与 CI/CD 管道、Jira 工单系统和 Slack 通知集成。DefectDojo 支持基于 OWASP 的分类,并提供 REST API 进行自动化操作。
# 克隆 DefectDojo 仓库
git clone https://github.com/DefectDojo/django-DefectDojo.git
cd django-DefectDojo
# 使用 Docker Compose 启动(生产模式)
./dc-up-d.sh
# 备选:手动 Docker Compose
docker compose up -d
# 检查服务状态
docker compose ps
# 查看初始管理员凭据
docker compose logs initializer 2>&1 | grep "Admin password"
# 访问 DefectDojo:http://localhost:8080
# docker-compose.yml 中的关键环境变量
DD_DATABASE_ENGINE=django.db.backends.postgresql
DD_DATABASE_HOST=postgres
DD_DATABASE_PORT=5432
DD_DATABASE_NAME=defectdojo
DD_DATABASE_USER=defectdojo
DD_DATABASE_PASSWORD=<secure_password>
DD_ALLOWED_HOSTS=*
DD_SECRET_KEY=<random_64_char_key>
DD_CREDENTIAL_AES_256_KEY=<random_128_bit_key>
DD_SOCIAL_AUTH_GOOGLE_OAUTH2_ENABLED=True
产品类型(业务单元)
└── 产品(应用/服务)
└── 参与(评估/冲刺)
└── 测试(扫描器运行)
└── 发现(单个漏洞)
import requests
DD_URL = "http://localhost:8080/api/v2"
API_KEY = "your_api_key_here"
HEADERS = {"Authorization": f"Token {API_KEY}", "Content-Type": "application/json"}
# 创建产品类型
resp = requests.post(f"{DD_URL}/product_types/", headers=HEADERS, json={
"name": "Web Applications",
"description": "Customer-facing web application portfolio"
})
product_type_id = resp.json()["id"]
# 创建产品
resp = requests.post(f"{DD_URL}/products/", headers=HEADERS, json={
"name": "Customer Portal",
"description": "Main customer-facing web application",
"prod_type": product_type_id,
"sla_configuration": 1,
})
product_id = resp.json()["id"]
# 创建参与记录
resp = requests.post(f"{DD_URL}/engagements/", headers=HEADERS, json={
"name": "Q1 2024 Security Assessment",
"product": product_id,
"target_start": "2024-01-01",
"target_end": "2024-03-31",
"engagement_type": "CI/CD",
"status": "In Progress",
})
engagement_id = resp.json()["id"]
# 上传 Nessus 扫描结果
curl -X POST "${DD_URL}/reimport-scan/" \
-H "Authorization: Token ${API_KEY}" \
-F "scan_type=Nessus Scan" \
-F "file=@nessus_report.csv" \
-F "product_name=Customer Portal" \
-F "engagement_name=Q1 2024 Security Assessment" \
-F "auto_create_context=true" \
-F "deduplication_on_engagement=true"
# 上传 OWASP ZAP 结果
curl -X POST "${DD_URL}/reimport-scan/" \
-H "Authorization: Token ${API_KEY}" \
-F "scan_type=ZAP Scan" \
-F "file=@zap_report.xml" \
-F "product_name=Customer Portal" \
-F "engagement_name=Q1 2024 Security Assessment" \
-F "auto_create_context=true"
# 上传 Trivy 容器扫描结果
curl -X POST "${DD_URL}/reimport-scan/" \
-H "Authorization: Token ${API_KEY}" \
-F "scan_type=Trivy Scan" \
-F "file=@trivy_results.json" \
-F "product_name=Customer Portal" \
-F "engagement_name=Q1 2024 Security Assessment" \
-F "auto_create_context=true"
| 扫描器 | 类型字符串 | 格式 |
|---|---|---|
| Nessus | Nessus Scan | CSV/XML |
| OpenVAS | OpenVAS CSV | CSV |
| Qualys | Qualys Scan | XML |
| OWASP ZAP | ZAP Scan | XML/JSON |
| Burp Suite | Burp XML | XML |
| Trivy | Trivy Scan | JSON |
| Semgrep | Semgrep JSON Report | JSON |
| Snyk | Snyk Scan | JSON |
| SonarQube | SonarQube Scan | JSON |
| Checkov | Checkov Scan | JSON |
# .github/workflows/security-scan.yml
name: Security Scan
on: [push]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Semgrep
run: |
pip install semgrep
semgrep --config auto --json -o semgrep_results.json .
- name: Upload to DefectDojo
run: |
curl -X POST "${{ secrets.DD_URL }}/api/v2/reimport-scan/" \
-H "Authorization: Token ${{ secrets.DD_API_KEY }}" \
-F "scan_type=Semgrep JSON Report" \
-F "file=@semgrep_results.json" \
-F "product_name=${{ github.event.repository.name }}" \
-F "engagement_name=CI/CD" \
-F "auto_create_context=true"
# 在 DefectDojo 设置中配置 Jira 集成
jira_config = {
"url": "https://company.atlassian.net",
"username": "[email protected]",
"password": "jira_api_token",
"default_issue_type": "Bug",
"critical_mapping_severity": "Blocker",
"high_mapping_severity": "Critical",
"medium_mapping_severity": "Major",
"low_mapping_severity": "Minor",
"finding_text": "**漏洞**: {{ finding.title }}\n**严重性**: {{ finding.severity }}\n**CVE**: {{ finding.cve }}\n**描述**: {{ finding.description }}",
"accepted_mapping_resolution": "Done",
"close_status_key": 6,
}
# 按严重性获取发现计数
resp = requests.get(f"{DD_URL}/findings/?limit=0&active=true",
headers=HEADERS)
findings = resp.json()
# 获取 SLA 违规计数
resp = requests.get(f"{DD_URL}/findings/?limit=0&active=true&sla_breached=true",
headers=HEADERS)
# 获取产品级指标
resp = requests.get(f"{DD_URL}/products/{product_id}/",
headers=HEADERS)
product_data = resp.json()
npx claudepluginhub killvxk/cybersecurity-skills-zhDeploys DefectDojo vulnerability management dashboard via Docker Compose, integrating scanners, deduplication, metrics tracking, Jira ticketing, and REST API for automation.
Deploy DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication, metrics tracking, and Jira ticketing workflows.
Deploys DefectDojo as a centralized vulnerability management dashboard with scanner integrations, deduplication, metrics tracking, and Jira ticketing workflows.