Import Cobalt Findings into DefectDojo

Integration Overview

DefectDojo is a security orchestration and vulnerability management platform. It’s a free open source tool that allows you to manage your application security program and streamline your DevSecOps workflows.

You can retrieve findings data from Cobalt using the API and import it into DefectDojo. Then you can manage, analyze, and triage vulnerabilities using reports, metrics, templates, and other tools available in DefectDojo.

What You Need

To configure the integration, you need the following:

• Cobalt API token. Learn how to create an API token.
• Cobalt organization token. Learn how to retrieve an organization token using the Cobalt API v1.
  • Make sure that you use the Cobalt API v1 and not v2. This integration doesn’t support organization tokens from the API v2.
• Asset identifier in Cobalt. You can get an asset ID in two ways:
  • In the Cobalt app, go to Assets, navigate to the asset page, and copy the ID from the URL. For example, the asset ID in this example URL https://app.cobalt.io/organization/assets/as_KoEUfS0 is as_KoEUfS0.
  • Retrieve your assets using the Cobalt API, and find the asset ID in the API response.

Step 1: Add a Tool Type

If you already have a tool type for Cobalt, you can skip this step and go to step 2.

1. In DefectDojo, on the sidebar, select Configuration > Tool Type.
2. From the menu in the upper-right corner, select Add Tool Type.
   
   
3. On the configuration screen, enter:
   • Name: Cobalt.io
   • (Optional) Description: You can add a meaningful description such as “Pentesting.”
4. Select Submit.
   
   

You should land on the screen showing your tool types.

Step 2: Add a Tool Configuration

You can create multiple tool configurations for Cobalt. The process of adding a new configuration is the same, regardless of whether you have existing configurations or not.

1. On the sidebar, select Configuration > Tool Configuration.
2. From the menu in the upper-right corner, select Add Tool Configuration.
   
   
3. On the configuration screen, enter:
   • Name: Enter a meaningful name for your tool configuration.
   • Tool Type: Select Cobalt.io.
   • Authentication Type: Select API Key.
   • Extras: Enter your Cobalt organization token.
   • API Key: Enter your Cobalt API key.
4. Select Submit.
   
   

You should land on the screen showing your tool type configurations. If needed, you can edit your configurations from here.

Step 3: Add an API Scan Configuration

You can create multiple API scan configurations for Cobalt. The process of adding a new configuration is the same, regardless of whether you have existing configurations or not.

1. Navigate to the product for which you want to import findings from Cobalt.
2. Go to Settings > Add API Scan Configuration.
   
   
3. On the configuration screen, enter:
   • Tool Configuration: Select the tool configuration you created.
   • Service Key: Enter an asset ID from Cobalt.
4. Select Save.
   
   

You should land on the screen showing your API scan configurations. If needed, you can edit your configurations from here.

Step 4: Import Findings

1. Navigate to the engagement for which you want to import findings.
2. Under Tests, select Import Scan Results from the three-line menu.
   
   
3. On the configuration screen, enter:
   • Scan type: Select Cobalt.io API Import.
   • Complete the required fields, and fill in optional fields if needed.
     
     
   • (If you have multiple API scan configurations) API Scan Configuration: Select an API scan configuration that you added earlier. Skip this step if you only have one configuration.
     
     
4. Select Import, and wait for DefectDojo to run API requests to fetch findings for the Cobalt asset you selected.

You should land on the page with imported Cobalt findings. Now you can analyze this data using DefectDojo tools.