inno-devops-labs · danielambda · Feb 11, 2026 · Mar 14, 2026 · Feb 11, 2026 · Feb 11, 2026
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,28 @@
+## Goal
+<!-- Briefly explain the purpose of this PR. -->
+
+## Changes
+<!-- List the main changes introduced in this PR. -->
+-
+-
+-
+
+## Testing
+<!-- Describe how you verified your changes. -->
+- [ ] Application runs locally
+- [ ] Commands executed successfully
+- [ ] Documentation reviewed for accuracy
+
+## Artifacts & Screenshots
+<!-- Link or embed any relevant artifacts (screenshots, logs, curl output, markdown files). -->
+- Screenshots:
+  -
+  -
+
+---
+
+### Checklist
+- [ ] PR title is clear and descriptive
+- [ ] Documentation updated (if applicable)
+- [ ] No secrets, credentials, or large temporary files committed
+
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+.docker/
diff --git a/labs/lab10/.gitignore b/labs/lab10/.gitignore
@@ -0,0 +1,3 @@
+setup/django-DefectDojo/
+setup/django-DefectDojo-src/
+setup/initializer.log
diff --git a/labs/lab10/imports/import-grype-vuln-results.json.json b/labs/lab10/imports/import-grype-vuln-results.json.json
@@ -0,0 +1 @@
+{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":4,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":12,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":12},"low":{"active":3,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":3},"medium":{"active":32,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":32},"high":{"active":64,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":64},"critical":{"active":11,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":11},"total":{"active":122,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":122}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Anchore Grype","close_old_findings":false,"close_old_findings_product_scope":false,"test":4}
diff --git a/labs/lab10/imports/import-semgrep-results.json.json b/labs/lab10/imports/import-semgrep-results.json.json
@@ -0,0 +1 @@
+{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":2,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"low":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"medium":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"high":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"critical":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"total":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Semgrep Pro JSON Report","close_old_findings":false,"close_old_findings_product_scope":false,"test":2}
diff --git a/labs/lab10/imports/import-trivy-vuln-detailed.json.json b/labs/lab10/imports/import-trivy-vuln-detailed.json.json
@@ -0,0 +1 @@
+{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":3,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":0,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":0},"low":{"active":18,"verified":18,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":18},"medium":{"active":36,"verified":34,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":36},"high":{"active":83,"verified":81,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":83},"critical":{"active":10,"verified":10,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":10},"total":{"active":147,"verified":143,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":147}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Trivy Scan","close_old_findings":false,"close_old_findings_product_scope":false,"test":3}
diff --git a/labs/lab10/imports/import-zap-report-noauth.json.json b/labs/lab10/imports/import-zap-report-noauth.json.json
@@ -0,0 +1 @@
+{"message":"['Internal error: Wrong file format, please use xml.']","pro":["Pro comes with support. Try today for free or email us at hello@defectdojo.com"]}
diff --git a/labs/lab10/report/dojo-report.html b/labs/lab10/report/dojo-report.html
@@ -0,0 +1,83 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>DefectDojo Lab 10 Report</title>
+  <style>
+    body { font-family: Arial, sans-serif; margin: 2rem; color: #1f2937; }
+    h1, h2 { margin-bottom: 0.4rem; }
+    .muted { color: #6b7280; margin-top: 0; }
+    table { border-collapse: collapse; width: 100%; margin: 1rem 0 2rem; }
+    th, td { border: 1px solid #d1d5db; padding: 0.55rem; text-align: left; }
+    th { background: #f3f4f6; }
+    .kpi { display: flex; gap: 1rem; flex-wrap: wrap; margin: 1rem 0 2rem; }
+    .card { border: 1px solid #d1d5db; border-radius: 6px; padding: 0.8rem 1rem; min-width: 180px; }
+    .card strong { display: block; font-size: 1.25rem; margin-top: 0.25rem; }
+  </style>
+</head>
+<body>
+  <h1>DefectDojo Reporting Snapshot</h1>
+  <p class="muted">Product: Juice Shop | Engagement: Labs Security Testing | Captured: 2026-04-06</p>
+
+  <div class="kpi">
+    <div class="card">Total Findings<strong>269</strong></div>
+    <div class="card">Active Findings<strong>269</strong></div>
+    <div class="card">Verified Findings<strong>143</strong></div>
+    <div class="card">Mitigated Findings<strong>0</strong></div>
+  </div>
+
+  <h2>Open vs Closed by Severity</h2>
+  <table>
+    <thead>
+      <tr><th>Severity</th><th>Open</th><th>Closed</th></tr>
+    </thead>
+    <tbody>
+      <tr><td>Critical</td><td>21</td><td>0</td></tr>
+      <tr><td>High</td><td>147</td><td>0</td></tr>
+      <tr><td>Medium</td><td>68</td><td>0</td></tr>
+      <tr><td>Low</td><td>21</td><td>0</td></tr>
+      <tr><td>Informational</td><td>12</td><td>0</td></tr>
+    </tbody>
+  </table>
+
+  <h2>Findings by Tool</h2>
+  <table>
+    <thead>
+      <tr><th>Tool</th><th>Imported Findings</th><th>Notes</th></tr>
+    </thead>
+    <tbody>
+      <tr><td>ZAP</td><td>0</td><td>Import attempted, parser expected XML for available ZAP importer.</td></tr>
+      <tr><td>Semgrep</td><td>0</td><td>Import succeeded with zero findings in source report.</td></tr>
+      <tr><td>Trivy</td><td>147</td><td>Highest contributor of High severity findings.</td></tr>
+      <tr><td>Nuclei</td><td>0</td><td>Input file not present in repository for this run.</td></tr>
+      <tr><td>Grype</td><td>122</td><td>Imported successfully via Anchore Grype parser.</td></tr>
+    </tbody>
+  </table>
+
+  <h2>SLA Outlook (14-day window)</h2>
+  <table>
+    <thead>
+      <tr><th>Metric</th><th>Count</th></tr>
+    </thead>
+    <tbody>
+      <tr><td>SLA breaches</td><td>0</td></tr>
+      <tr><td>Due within next 14 days</td><td>21</td></tr>
+    </tbody>
+  </table>
+
+  <h2>Top Recurring CWE Categories</h2>
+  <table>
+    <thead>
+      <tr><th>CWE</th><th>Count</th></tr>
+    </thead>
+    <tbody>
+      <tr><td>CWE-1333</td><td>29</td></tr>
+      <tr><td>CWE-407</td><td>13</td></tr>
+      <tr><td>CWE-22</td><td>11</td></tr>
+      <tr><td>CWE-20</td><td>6</td></tr>
+      <tr><td>CWE-674</td><td>6</td></tr>
+    </tbody>
+  </table>
+</body>
+</html>
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"minimum_severity":"Info","active":false,"verified":false,"endpoint_to_add":null,"product_type_name":"Engineering","product_name":"Juice Shop","engagement_name":"Labs Security Testing","auto_create_context":true,"deduplication_on_engagement":false,"lead":null,"push_to_jira":false,"api_scan_configuration":null,"create_finding_groups_for_all_findings":true,"test_id":4,"engagement_id":1,"product_id":1,"product_type_id":2,"statistics":{"after":{"info":{"active":12,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":12},"low":{"active":3,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":3},"medium":{"active":32,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":32},"high":{"active":64,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":64},"critical":{"active":11,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":11},"total":{"active":122,"verified":0,"duplicate":0,"false_p":0,"out_of_scope":0,"is_mitigated":0,"risk_accepted":0,"total":122}}},"apply_tags_to_findings":false,"apply_tags_to_endpoints":false,"scan_type":"Anchore Grype","close_old_findings":false,"close_old_findings_product_scope":false,"test":4}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"message":"['Internal error: Wrong file format, please use xml.']","pro":["Pro comes with support. Try today for free or email us at hello@defectdojo.com"]}