Merge pull request #55 from secureCodeBox/feature/defect-dojo-integration

Feature/defect dojo integration

Author: J12934

Dockerfile

@@ -24,6 +24,7 @@ COPY --from=builder ./scb-scanprocesses/subdomain-scanner-process/target/subdoma
 
 COPY --from=builder ./scb-persistenceproviders/elasticsearch-persistenceprovider/target/elasticsearch-persistenceprovider-0.0.1-SNAPSHOT-jar-with-dependencies.jar /scb-engine/lib/
 COPY --from=builder ./scb-persistenceproviders/s3-persistenceprovider/target/s3-persistenceprovider-0.0.1-SNAPSHOT-jar-with-dependencies.jar /scb-engine/lib/
+COPY --from=builder ./scb-persistenceproviders/defectdojo-persistenceprovider/target/defectdojo-persistenceprovider-0.0.1-SNAPSHOT-jar-with-dependencies.jar /scb-engine/lib/
 
 WORKDIR /scb-engine
 

scb-engine/pom.xml

@@ -190,6 +190,12 @@
                     <version>0.0.1-SNAPSHOT</version>
                     <scope>runtime</scope>
                 </dependency>
+                <dependency>
+                    <groupId>io.securecodebox.persistenceproviders</groupId>
+                    <artifactId>defectdojo-persistenceprovider</artifactId>
+                    <version>0.0.1-SNAPSHOT</version>
+                    <scope>runtime</scope>
+                </dependency>
             </dependencies>
             <dependencyManagement>
                 <!-- This will overwrite spring boot dependency management version for elastic search-->

scb-engine/src/main/resources/application-dev.yaml

@@ -9,8 +9,11 @@ logging.level.io.securecodebox: DEBUG
 # Configure which persistence provider you would like to choose
 # - none
 # - elasticsearch
-securecodebox.persistence.provider: none
-
+securecodebox.persistence.defectdojo.enabled: "true"
 securecodebox.rest.user.scanner-default:
   user-id: default-scanner
   password: scan
+
+securecodebox.persistence.defectdojo.baseurl: http://localhost:8000
+securecodebox.persistence.defectdojo.apikey:
+

scb-engine/src/main/resources/application.yaml

@@ -29,10 +29,11 @@ camunda.bpm:
 logging.level: INFO
 logging.level.io.securecodebox: INFO
 
-# Configure which persistence provider you would like to choose
-# - none
-# - elasticsearch
-securecodebox.persistence.provider: none
+# Persistence Provider Config
+securecodebox.persistence.none.enabled: "false"
+securecodebox.persistence.elasticsearch.enabled: "false"
+securecodebox.persistence.s3.enabled: "false"
+securecodebox.persistence.defectdojo.enabled: "false"
 
 # Configuration for the s3 persistence provider:
 securecodebox.persistence.s3.bucket: abc-def
@@ -44,6 +45,7 @@ securecodebox.persistence.elasticsearch.port: 9200
 securecodebox.persistence.elasticsearch.index.prefix: securecodebox
 securecodebox.persistence.elasticsearch.index.delete_on_init: false
 
+
 securecodebox.default.target.name: BodgeIT Public Host
 securecodebox.default.target.location: bodgeit
 securecodebox.default.target.uri: http://bodgeit:8080/bodgeit

scb-persistenceproviders/defectdojo-persistenceprovider/pom.xml

@@ -0,0 +1,98 @@
+<!--
+  ~ /*
+  ~ * SecureCodeBox (SCB)
+  ~ * Copyright 2015-2018 iteratec GmbH
+  ~ *
+  ~ * Licensed under the Apache License, Version 2.0 (the "License");
+  ~ * you may not use this file except in compliance with the License.
+  ~ * You may obtain a copy of the License at
+  ~ *
+  ~ * 	http://www.apache.org/licenses/LICENSE-2.0
+  ~ *
+  ~ * Unless required by applicable law or agreed to in writing, software
+  ~ * distributed under the License is distributed on an "AS IS" BASIS,
+  ~ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ * See the License for the specific language governing permissions and
+  ~ * limitations under the License.
+  ~ */
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <groupId>io.securecodebox.persistenceproviders</groupId>
+        <artifactId>default-persistence-collection</artifactId>
+        <version>0.0.1-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>defectdojo-persistenceprovider</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+
+    <dependencies>
+        <dependency>
+            <groupId>io.securecodebox.core</groupId>
+            <artifactId>sdk</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-web</artifactId>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.elasticsearch.client</groupId>
+            <artifactId>elasticsearch-rest-high-level-client</artifactId>
+            <version>6.2.4</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.4</version>
+            <scope>provided</scope>
+        </dependency>
+    </dependencies>
+
+
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>3.1.0</version>
+                <configuration>
+                    <descriptorRefs>
+                        <descriptorRef>jar-with-dependencies</descriptorRef>
+                    </descriptorRefs>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>make-assembly</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+
+</project>

scb-persistenceproviders/defectdojo-persistenceprovider/src/main/java/io/securecodebox/persistence/DefectDojoMetaFields.java

@@ -0,0 +1,6 @@
+package io.securecodebox.persistence;
+
+public enum DefectDojoMetaFields {
+    DEFECT_DOJO_USER,
+    DEFECT_DOJO_PRODUCT
+}

scb-persistenceproviders/defectdojo-persistenceprovider/src/main/java/io/securecodebox/persistence/DefectDojoPersistenceException.java

@@ -0,0 +1,29 @@
+/*
+ *
+ *  SecureCodeBox (SCB)
+ *  Copyright 2015-2018 iteratec GmbH
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  	http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ * /
+ */
+package io.securecodebox.persistence;
+
+public class DefectDojoPersistenceException extends PersistenceException{
+    public DefectDojoPersistenceException(String message) {
+        super(message);
+    }
+
+    public DefectDojoPersistenceException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}