Skip to content

Add complete GitHub Actions workflow structure for DefectDojo integration #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Copilot wants to merge 5 commits into
base: LukeLarge-patch-2
Choose a base branch
from
Open

Add complete GitHub Actions workflow structure for DefectDojo integration #7

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b7c4cac
Initial plan
Copilot Dec 9, 2025
1e4be4c
Add complete GitHub Actions workflow structure to codacy.yml
Copilot Dec 9, 2025
c7037ce
Remove unused optional parameters for cleaner workflow file
Copilot Dec 9, 2025
e8f55e3
Add TODO comment for product name placeholder
Copilot Dec 9, 2025
36183bf
Add explicit GITHUB_TOKEN permissions for security
Copilot Dec 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 22 additions & 30 deletions .github/workflows/codacy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,30 +1,22 @@
- name: defectdojo findings threshold
# You may pin to the exact commit or the version.
# uses: portswigger-cloud/defectdojo-findings-thresholds@d61c4c6fe732eded4828e76dd538098b48b7d245
uses: portswigger-cloud/defectdojo-findings-thresholds@v1.0.1
with:
# the url of your defectdojo instance
defectdojo-url: ${{ secrets.DEFECTDOJO_URL }}
# the username to login into your defectdojo instance
defectdojo-username: ${{ secrets.DEFECTDOJO_USERNAME }}
# the password to login into your defectdojo instance
defectdojo-password: ${{ secrets.DEFECTDOJO_PASSWORD }}
# the defectdojo product that the scan result relates to
defectdojo-product: 'your-product-name'
# the file path for a client side certificate if required
client-certificate-file-path: # optional
# the file path for a client side private key if required
client-key-file-path: # optional
# total findings threshold
total-threshold: # optional, default is false
# critical findings threshold
critical-threshold: # optional, default is false
# high findings threshold
high-threshold: # optional, default is false
# medium findings threshold
medium-threshold: # optional, default is false
# low findings threshold
low-threshold: # optional, default is false
# info findings threshold
info-threshold: # optional, default is false

name: DefectDojo Findings Threshold
on: [push, pull_request]
jobs:
check-findings:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: defectdojo findings threshold
# You may pin to the exact commit or the version.
# uses: portswigger-cloud/defectdojo-findings-thresholds@d61c4c6fe732eded4828e76dd538098b48b7d245
uses: portswigger-cloud/defectdojo-findings-thresholds@v1.0.1
with:
# the url of your defectdojo instance
defectdojo-url: ${{ secrets.DEFECTDOJO_URL }}
# the username to login into your defectdojo instance
defectdojo-username: ${{ secrets.DEFECTDOJO_USERNAME }}
# the password to login into your defectdojo instance
defectdojo-password: ${{ secrets.DEFECTDOJO_PASSWORD }}
# the defectdojo product that the scan result relates to
# TODO: Replace 'your-product-name' with the actual product name in DefectDojo
defectdojo-product: 'your-product-name'
Loading