This feature is available only for Probely Plus.
By connecting Probely to your DefectDojo server you can get the scan results synchronized with a DefectDojo product of your choice.
The synchronization is uni-directional, meaning that a finding reported by Probely is sent to DefectDojo, but if its state changes at DefectDojo, the matching finding at Probely will not have its state updated.
If Probely detects a change, it will update the DefectDojo finding. For instance, if the underlying vulnerability was fixed: Probely detects it, sets the finding as fixed, and updates the DefectDojo finding to fixed as well.
The DefectDojo instance is set at the account level and then enabled on demand for each target. Configurations such as which Product and Engagement to use are set in the target settings.
Configure Probely and DefectDojo
To connect Probely and your DefectDojo server, follow the instructions below. This should take you less than 5 minutes...
1- Configure DefectDojo API key
Probely needs the URL of your DefectDojo server and an API v2 Key to authenticate itself.
You can find your API v2 Key at <your DefectDojo>/api/key-v2 or by clicking in the top right dropdown and click API v2 Key.
Copy the API key value.
Go to https://plus.probely.app/integrations and enter your DefectDojo URL and the copied API key. It should look like this:
Probely will try to connect and authenticate to DefectDojo, and a success message will appear. Done!
If the Probely servers cannot connect or the API key is incorrect, an error will be displayed. Please review your configuration and ensure your server can receive connections from our IPs.
2- Choose your synchronization settings
You need to choose which targets to synchronize and how. To configure a target to use DefectDojo go to its settings at Settings -> Integrations and then DefectDojo.
You will see the following screen:
Product - choose which DefectDojo product to sync with.
Engagement - choose which Engagement to sync with. The list will only show engagements for the selected Product.
Test - an optional name to identify Probely scans. If empty, the scans can be identified by the test type Probely Scan. The test type is created automatically when the integration is configured.
Set findings to active/verified - sets the findings reported by Probely to active/verified.
These are enabled by default to ensure findings get adequate visibility at DefectDojo. Non-active and non-verified findings might not be visible in the DefectDojo dashboards.
Delete - removes the configuration for this target. Findings already synchronized are not affected.