Skip to content

Feature/lab10#880

Open
Dart-NEW wants to merge 5 commits intoinno-devops-labs:mainfrom
Dart-NEW:feature/lab10
Open

Feature/lab10#880
Dart-NEW wants to merge 5 commits intoinno-devops-labs:mainfrom
Dart-NEW:feature/lab10

Conversation

@Dart-NEW
Copy link
Copy Markdown

@Dart-NEW Dart-NEW commented May 6, 2026

Goal

Complete Lab 10: Vulnerability Management & Response with DefectDojo.

Changes

  • Set up local DefectDojo evidence under labs/lab10/setup/.
  • Added multi-tool import workflow and import responses under labs/lab10/imports/.
  • Added reporting artifacts under labs/lab10/report/.
  • Completed labs/submission10.md with setup evidence, import results, metrics summary, and artifact links.

Testing

  • Verified DefectDojo runs locally on http://localhost:8081.
  • Verified UI responds with redirect to /login.
  • Checked imported findings metrics:
    • 40 active findings total
    • 5 High, 7 Medium, 5 Low, 23 Informational, 0 Critical
    • Nuclei: 21, ZAP: 10, Semgrep: 9, Trivy: 0
  • Confirmed Lab 10 files are committed and no secrets/API tokens are stored.

Artifacts & Screenshots

  • labs/submission10.md
  • labs/lab10/setup/setup-evidence.md
  • labs/lab10/report/metrics-snapshot.md
  • labs/lab10/report/dojo-report.html
  • labs/lab10/report/findings.csv
  • labs/lab10/report/findings-api.json
  • labs/lab10/report/tests-api.json
  • labs/lab10/imports/import-zap-report-noauth.xml.json
  • labs/lab10/imports/import-semgrep-results.standard.json
  • labs/lab10/imports/import-trivy-vuln-detailed.json.json
  • labs/lab10/imports/import-nuclei-results.json.json

Checklist

  • Clear title
  • Docs updated
  • No secrets in code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Dart-NEW @max-telega