DefectDojo
Gitlab Container Scan report fails to be imported
Bug description Gitlab Container Scan report generates an error; both when imported from a pipeline via an API call and from the GUI
Steps to reproduce Import a Gitlab Container Scan report
Expected behavior The scan should be imported and the findings added to the engagement
Deployment method (select with an X)
- [ ] Docker Compose
- [X] Kubernetes
- [ ] GoDojo
Logs
Traceback (most recent call last):
││ File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch
││ response = handler(request, *args, **kwargs)
││ File "/usr/local/lib/python3.8/site-packages/rest_framework/mixins.py", line 19, in create
││ self.perform_create(serializer)
││ File "/app/./dojo/api_v2/views.py", line 2005, in perform_create
││ serializer.save(push_to_jira=push_to_jira)
││ File "/app/./dojo/api_v2/serializers.py", line 1547, in save
││ test, finding_count, closed_finding_count, test_import = importer.import_scan(scan, scan_type, engagement, lead, environment,
││ File "/app/./dojo/importers/importer/importer.py", line 298, in import_scan
││ parsed_findings = parser.get_findings(scan, test)
││ File "/app/./dojo/tools/gitlab_container_scan/parser.py", line 30, in get_findings
││ date = datetime.strptime(data["scan"]["end_time"], "%Y-%m-%dT%H:%M:%S")
││ KeyError: 'scan'
Sample scan files container_scanning-report.json.txt
Screenshots
From the GUI import:
It seems that some data are missing in the report, will improve the parser to support that.
Thanks a lot for your quick reply. I'm getting that there's not a lot I can currently do to address that in the meantime, is there ?
I'm afraid the only solution should be to alter a little bit the data to add missing values or modify the parser by hand.
