Skip to content

Findings

The finding module facilitate the management of findings in the reports. A finding is defined by:

  • Title
  • Status
  • Severity
  • CVSS Score
  • CWE
  • Description
  • Location
  • Impact
  • Recommendation
  • References
  • Appendix
  • Attack path

List of findings

Findings

Create new findings

Create Findings

Add Finding from Templates

Can be added findings to a report from the template list previously created.

Add Finding from Template

Add custom fields

Can be added custom fields to the findings:

Add custom field

Add custom field

Import Findings from DefectDojo

We can import the findings from DefectDojo, first of all we need to edit the configuration file in order to add the API endpoint and the API key of our DefectDojo deployment.

Edit configuration in app/config/petereport_config.py

DEFECTDOJO_CONFIG = {
    'DefectDojoURL': 'https://demo.defectdojo.org',
    'apiKey': 'Token Key' # Format Token Key
}

Import Findings from CSV

Can be imported from a CSV findings following the next format:

// Comma-separated values (CSV) file format

"ID","Status","Title","Severity","CVSS Base Score","CVSS Score","CWE","Description","Location","Impact","Recommendation","References","Appendix","Appendix Description"

"2834q345-b24e-4ghf-r86d-ftue38af5480","Open","Finding 1","Low","3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)","3.7","73","Description","127.0.0.1","Impact","Recommendation","References","Appendix","Appendix Description"

CWE List

When a finding is created must be selected a CWE in order to create a category of findings, for reference has been populated the next CWE list from Mitre:

CWE