I am using trivy to do docker scanning and then saving the output into result.json file. Now I am trying to send the file to DefectDojo to visualize it there, how can I do that?
Go to "Products"
, Select a product,
in the "Findings" tab > "Import Scan Results"
or use API:
create an engagement:
curl -X POST "https://dojo:8080/api/v2/engagements/" -H "Authorization: Token <your token>" -F "name=Test" -F "product=<Product ID>" -F "target_start=2022-06-14" -F "target_end=2022-06-14"
Import Scan:
curl -X POST "https://dojo:8080/api/v2/import-scan/" -H "accept: application/json" -H "Content-Type: multipart/form-data" -H "Authorization: Token <your token>" -F "minimum_severity=Info" -F "active=true" -F "verified=true" -F "scan_type=Trivy Scan" -F "close_old_findings=false" -F "push_to_jira=false" -F "file=#result.json" -F "product_name=Test" -F "scan_date=2022-06-14" -F "engagement_name=Test"
Related
I'm unable to successfully update a repository variable and not sure why it's not working.
I've been able to get all the necessary IDs through the API and am making the following curl request:
curl -X PUT "https://api.bitbucket.org/2.0/repositories/{workspace}/{repository}/pipelines_config/variables/{variable_uuid}" -H 'Content-Type: application/json' -d '{"value":"{value}","key":"{name}"}'
From this I get:
{"type": "error", "error": {"message": "Resource not found"}}
Does anyone have any ideas what's missing as I've tried changing everything I can think of but with no luck
- curl -v -X PUT "https://api.bitbucket.org/2.0/repositories/$ORG_OR_WORKSPACE/$REPO/pipelines_config/variables/\{$HASH_VARIABLE\}" -H "Content-Type:application/json" -d "{\"key\":\"$VARIABLE_NAME\", \"value\":\"$VARIABLE_VALUE\" }" --user $PIPELINE_APP_PASS
The actual hash needs to be encased in brackets {} which are escaped with \
Try running the command from terminal to make sure you can update your variable. You might want to create a user app password with access, should be username:password
Found it
#!/bin/bash
set -x
export USER_NAME=user_name
export PASSWORD=password
curl --user "$USER_NAME":"$PASSWORD" 'https://api.bitbucket.org/2.0/repositories/{user_name}/{application}/pipelines_config/variables/' -H 'Content-Type: application/json'
curl -vX PUT -u "$USER_NAME":"$PASSWORD" --url 'https://api.bitbucket.org/2.0/repositories/{user_name}/{application}/pipelines_config/variables/%7B21212121-2d1e-201a-21c2-212121a21212%7D' -H 'Content-Type:application/json' -d "{\"value\":\"new_value\", \"key\":\"variable\"}"
https://community.atlassian.com/t5/Bitbucket-questions/How-to-get-variable-uuid/qaq-p/1496735
sh '''curl -X POST -H "Content-Type: application/json" -d '{ "name": "'"$GroupName"'", "deletable": "true"}’'https://"${username}":"${password}"#bitbucket.com/rest/api/1.0/admin/groups?name="$GroupName" '''
I use the. above in the Jenkins pipeline. on Executing I am getting an error
curl: no URL specified!
curl: try 'curl --help' or 'curl --manual' for more information
just figured out
This is an API call from Jenkins to Create Group in BB.
sh '''curl -X POST -H "Content-Type: application/json" -d '
{
"name": "'"$GroupName"'",
"deletable": "true"
}' https://"${username}":"${password}"#bitbucket.com//rest//api//1.0//admin//groups?name=$GroupName'''
}
replace your bitbucket URL.
Can someone explain me, how can I use sh-commands inside container without enter that container?
I use a shell script at my host. I want this shell-script to enter one of my container and then curl post to another container through overall network. So, my problem is that when i tring to do something like:
docker exec -ti nodejs sh "curl -X POST \
http://tgbot:3017/deploy \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'cache-control: no-cache' \
-d 'message=Prod has been updated!'"
I have in console:
sh: 0: Can't open curl -X POST http://tgbot:3017/ -H 'Content-Type: application/x-www-form-urlencoded' -H 'cache-control: no-cache' -d 'message=Prod has been updated!'
failed to resize tty, using default size
Or mayby I can curl into docker network right from host somehow?
You can just use Docker exec command on the host machine.
docker exec -it <container name> <command>
I am trying to change my default user password to database. I've tried this:
$ curl -H "Content-Type: application/json" \
-X POST \
-d '{"password":"password"}' \
-u neo4j:neo4j \
http://localhost:7474/user/neo4j/password"
but it doesn't let me and gave me this error:
Invalid input 'u': expected 'r/R' or 'a/A' (line 1, column 2 (offset:
1)) "curl -H "Content-Type: application/json" -X POST -d
'{"password":"qazWSXEDCRFV!1"}' -u neo4j:neo4j
http://localhost:7474/user/neo4j/password"" ^
How to fix this issue?
curl -H "Content-Type: application/json" -XPOST -d '{"password":"new password"}' -u neo4j:neo4j http://localhost:7474/user/neo4j/password
just worked for me (Neo4j 3.0.x)
If you use GUI, execute :server change-password. It will call changing password dialog where you have to type your current pass and a new one.
I want to delete images in docker private trusted registry.How we can see the available images and how we can delete the older images ?
I'm using registry:2
Thanks in advance.
From issue 1529, you can see your images with:
curl -k -u 'docker:sdf' -X GET https://localhost:5000/v2/_catalog
For each image, you can list its tags:
curl -k -u 'docker:sdf' -X GET https://localhost:5000/v2/bkf/ebbg/tags/list
Finally, for a tag, you can query its manifest:
curl -k -I -H Accept:\* https://<some_url_or_ip>:5000/v2/<image_name>/manifests/<tag_name>
(Steven Iveson)
Use the value of either of these headers (including the sha256: part if present) - they should be the same:
Docker-Content-Digest
Etag
And you need the manifest to delete an image
DELETE /v2/<name>/manifests/<reference>
curl -k -v -u 'docker:sdf' -X DELETE https://localhost:5000/v2/<name>/manifests/<reference>