Skip to content

docs(connectors): Cloudflare, Contrast, GitGuardian, Google Cloud SCC, HackerOne, Shodan setup#15199

Open
devGregA wants to merge 2 commits into
DefectDojo:bugfixfrom
devGregA:connector-findings-docs-dev
Open

docs(connectors): Cloudflare, Contrast, GitGuardian, Google Cloud SCC, HackerOne, Shodan setup#15199
devGregA wants to merge 2 commits into
DefectDojo:bugfixfrom
devGregA:connector-findings-docs-dev

Conversation

@devGregA

@devGregA devGregA commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds tool-specific setup documentation for five findings connectors to the connector reference, so users have step-by-step setup for each. Each section follows the existing format (description, prerequisites, connector mappings) and is inserted in alphabetical order:

  • Contrast — username + API key + service key + organization id.
  • GitGuardian — single API key; documents the leak-proof behavior (only incident metadata is imported, never the secret value) and the open-incident / auto-mitigation semantics.
  • Google Cloud Security Command Center — service-account JSON key + parent resource; notes SCC activation and the securitycenter.findingsViewer role.
  • HackerOne — organization API token (identifier + token), with the personal-vs-organization token caveat.
  • Shodan — API key + a search query scoped to the org's own assets; notes the membership requirement and query-credit usage.

One file changed, +~100 lines, additive only.

Notes

Connectors these document

Go connectors: Contrast, Google Cloud SCC, Shodan, GitGuardian, HackerOne (DefectDojo-Inc/connectors). DD Pro registrations are stacked in dojo-pro (#1790#1797).

🤖 Generated with Claude Code

@github-actions github-actions Bot added the docs label Jul 9, 2026
… Shodan setup

Add tool-specific setup sections to the connector reference for five
findings connectors, following the existing per-tool format
(description, prerequisites, connector mappings).

- Contrast: username + API key + service key + organization id.
- GitGuardian: single API key; documents the leak-proof behavior
  (only incident metadata is imported, never the secret value) and the
  open-incident / auto-mitigation semantics.
- Google Cloud Security Command Center: service-account JSON key +
  parent resource; notes SCC activation and the findingsViewer role.
- HackerOne: organization API token (identifier + token), with the
  personal-vs-organization token caveat.
- Shodan: API key + search query scoping to the org's own assets;
  notes the membership requirement and query-credit usage.

Veracode and Qualys are covered separately in the connector-docs
backfill PR (DefectDojo#15198).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@Maffooch Maffooch force-pushed the connector-findings-docs-dev branch from 404b519 to c20601d Compare July 9, 2026 05:00
@Maffooch Maffooch changed the base branch from dev to bugfix July 9, 2026 05:01
@Maffooch Maffooch requested a review from paulOsinski July 9, 2026 05:17
@Maffooch Maffooch added this to the 3.1.100 milestone Jul 9, 2026
Cloudflare WAF/edge-security connector: Security Center insights per
zone, API token auth, auto-discovered accounts/zones. Added alongside
the other findings-connector sections in this PR.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@devGregA devGregA changed the title docs(connectors): Contrast, GitGuardian, Google Cloud SCC, HackerOne, Shodan setup docs(connectors): Cloudflare, Contrast, GitGuardian, Google Cloud SCC, HackerOne, Shodan setup Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants