Talisman
Run Talisman in CLI mode and use “–scan” argument to scan the git commit history along with “–reportDirectory” argument to save the scan reports to a directory. The report will be in JSON format.
Additionally, you can set up Git Hooks to automate the scan and then send the generated reports to DefectDojo using its API.
Example:
#!/bin/sh
# Set DefectDojo API credential and other variables
DEFECTDOJO_API_KEY="your-api-key"
DEFECTDOJO_URL="https://your-defectdojo-url.com"
TALISMAN_RESULTS_DIR="$HOME"
# Run talisman in CLI mode and output the result in JSON format
CMD="talisman --scan --ignoreHistory --reportDirectory $TALISMAN_RESULTS_DIR"
$CMD
# Extract the result
result=$(jq '.results[].filename' "${TALISMAN_RESULTS_DIR}/talisman_reports/data/report.json")
# Check if result is not empty
if [ -n "$result" ]; then
# If talisman found issues, send the JSON output to DefectDojo API endpoint
curl -X POST \
-H "Authorization: Token $DEFECTDOJO_API_KEY" \
-H "Content-Type: application/json" \
-d "@$TALISMAN_RESULTS_DIR/talisman_reports/data/report.json" \
"$DEFECTDOJO_URL/api/v2/import-scan/"
# Exit with a non-zero status code to indicate that the commit should be rejected
exit 1
else
# If talisman did not find any issues, exit with a zero status code
exit 0
fi
Sample Scan Data
Sample Talisman scans can be found here.
Last modified November 18, 2024: Merge pull request #11287 from DefectDojo/master-into-dev/2.40.2-2.41.0-dev (3b0fd30)