Adding "Cyberwatch" Scan Type to DefectDojo

[gregorym35]

Hello,

I am currently working with DefectDojo (version X.XX) and noticed that the "Cyberwatch" scan type is not available among the configurable scan types. Cyberwatch is a vulnerability management solution that provides reports in CSV or JSON format, and it would be extremely helpful to import these reports directly into DefectDojo to centralize our analysis.

Here are a few points I’d like to discuss:

Existing support: Is there an existing way or alternative method to import a Cyberwatch report into DefectDojo, for example by mapping it to another available scan type?
Adding a parser: Would it be possible to develop and add native support for a Cyberwatch parser in DefectDojo? If so, what would be the recommended steps to contribute?
Technical dependencies: The Cyberwatch reports follow a relatively standard format (CSV with columns defining vulnerabilities). What would be the main technical challenges or prerequisites to implement this scan type?
I’d be happy to collaborate and, if needed, provide an example Cyberwatch report file to facilitate testing and development.

Thank you in advance for your insights and support.

Best regards,

Greg

[mtesauro]

@gregorym35

So, from a high level, we're always happy to add a new security tool to those supported by DefectDojo. You have a couple of choices:

(1) If you're not comfortable writing Python code, supplying example files from Cyberwatch that are sanitized / don't contain any sensitive data allows someone else from the community to create that parser.

(2) If you're comfortable writing Python, then feel free to write a new parser for Cyberwatch. Things to review before doing this contribution:

1. Contributing to DefectDojo
2. How to write a parser

Note: We just radically updated our documentation site so there's likely to be some broken links while we chase those down.

Existing support:

If you can convert the output of Cyberwatch to either a CSV or JSON that matches the format of the Generic CSV or JSON parsers, any finding/issue data can be added to DefectDojo. This is a good workaround when there isn't a native parser but native parser are the preferred way to add data to DefectDojo as they provide more/better control of how the data is mapped from the scanner's output to DefectDojo's data model.

Adding a parser:

As I said above, we love when the community adds parsers to DefectDojo. Its one of the least complicated ways to contribute and always appreciated.

Technical dependencies:

CSV or JSON in terms of the data format from a scanner has some choices around it:

• Does the JSON or CSV have more/different/better data than the other format. Then use the one with the best data
• Both CSV & JSON are relatively easy to parse with Python - you can find plenty of examples if you poke around in the existing parser code at https://github.com/DefectDojo/django-DefectDojo/tree/master/dojo/tools
• Some parsers support 2+ formats. For example, the Tenable parser supports CSV & XML (and provides a decent CSV parser example) at https://github.com/DefectDojo/django-DefectDojo/tree/master/dojo/tools/tenable

HTH