uploadsarifdd-sample.conf

## @var DD_TOKEN
## @brief authentication token for interacting with DefectDojo (required)
## @details
## The API token may be found throught DefectDojo's web user interface
## by going to <server name>/api/key-v2
DD_TOKEN="abc123"

## @var DD_PRODUCT
## @brief name of the product in DefectDojo (required)
DD_PRODUCT="foobar"

## @var DD_ENGAGEMENT
## @brief name of the engagement in DefectDojo
## @details
## The default value is "cicd" (lowercase, no slash).
DD_ENGAGEMENT="cicd"

## @var DD_SERVER_PROTO
## @brief the protocol / scheme to use when interacting with DefectDojo
## @details
## The default value is 'HTTPS'.
## Note: all letters are translated to lowercase.  No :// required
DD_SERVER_PROTO="https"

## @var DD_SERVER_HOST
## @brief the hostname of the DefectDojo server (required)
DD_SERVER_HOST="defectdojo.domain.tld"

## @var DD_SERVER_PATH
## @brief path on the DefectDojo server to the import-scan API endpoint
## @details
## The default is '/api/v2/import-scan/' which is the standard when
## DefectDojo runs at the root of the server (i.e., dojo.example.com)
DD_SERVER_PATH="/api/v2/import-scan/"

## @var DD_SCAN_DATE
## @brief the date the scan took place
## @details
## DefectDojo accepts ISO-8601 dates (but just year, month, and day)
## for when scans took place; the default value is when the file being
## uploaded was last modified
DD_SCAN_DATE=""

## @var DD_MINIMUM_SEVERITY
## @brief minimum severity level to be imported
## @details
## The default value is 'Info'; values may be 'Info', 'Low',
## 'Medium', 'High', or 'Critical'
DD_MINIMUM_SEVERITY="Info"

## @var DD_ACTIVE
## @brief whether or not the findings are active
## @details
## The default value is 'true'
DD_ACTIVE="true"

## @var DD_VERIFIED
## @brief whether or not a finding has been verified
## @details
## The default value is 'true'
DD_VERIFIED="true"

## @var DD_SCAN_TYPE
## @brief the type of scan results to be imported
## @details
## The default value is determined by the file's extension
DD_SCAN_TYPE=""

## @var DD_CLOSE_OLD_FINDINGS
## @brief close old findings as mitigated when importing
## @details
## The default value is 'false'
DD_CLOSE_OLD_FINDINGS="false"

## @var DD_CLOSE_OLD_FINENIDS_PRODUCT_SCOPE
## @brief restrict closing findings to only this specific product
## @details
## The default value is 'false'
DD_CLOSE_OLD_FINDINGS_PRODUCT_SCOPE="false"

## @var DD_PUSH_TO_JIRA
## @brief whether or not to push findings to Jira as well
## @details
## The default value is 'false'
DD_PUSH_TO_JIRA="false"

## @var DD_CREATE_FINDINGS_GROUP
## @brief if false, findings will be grouped only when multiple findings
## @details
## The default value is 'true'.  Regardless of this setting,
## scans with multiple findings will always be grouped
DD_CREATE_FINDINGS_GROUP="true"

## @var DD_FILE_TYPE
## @brief the MIME type for the file to be uploaded
## @details
## The default value is determined by the file's extension
DD_FILE_TYPE=""

## @var DD_BRANCH
## @brief SCM branch where the finding was applicable
## @details
## This is an optional field with no default
DD_BRANCH=""

## @var DD_SCM_URL
## @brief the URL to the SCM repository
## @details
## This is an optional field; the default value is determined
## using `git remote`.  Please be aware that some URLs may
## include encoded credentials.  The default functionality
## strips those credentials (and any trailing .git extension)
## but if you set it yourself, be sure to take that into account.
DD_SCM_URL=""

## @var DD_COMMIT_HASH
## @brief the commit hash to send to DefectDojo
## @details
## @details
## This an optional field; the default value is determined
## using `git log`.
DD_COMMIT_HASH=""