Connect APVISO with DefectDojo

How APVISO Integrates with DefectDojo

APVISO's DefectDojo integration imports penetration testing findings into the open-source vulnerability management platform. For organizations that use DefectDojo to aggregate and manage findings from multiple security tools, this integration adds APVISO's AI-driven pentest results to your centralized vulnerability database.

Automatic Finding Import

When an APVISO scan completes, findings are automatically imported into DefectDojo via the API v2. Each finding maps to a DefectDojo product (representing your application) and engagement (representing the pentest). Findings include the vulnerability title, severity, description with reproduction steps, affected endpoint, and APVISO-specific metadata.

The import creates or updates DefectDojo findings with all the context developers need for remediation. APVISO's detailed reproduction steps, evidence, and remediation guidance are preserved in the DefectDojo finding record.

Cross-Tool Deduplication

DefectDojo's core strength is deduplication across multiple security tools. When APVISO and another scanner (like OWASP ZAP, Burp Suite, or Nessus) both identify the same vulnerability, DefectDojo recognizes the overlap and links the findings. Your vulnerability metrics count unique issues, not duplicate reports from multiple tools.

This deduplication is especially valuable for organizations running multiple scanning tools. DefectDojo provides the single source of truth for unique vulnerability count, while preserving the detailed findings from each tool for reference.

Product and Engagement Mapping

APVISO targets map to DefectDojo products, and scans map to engagements. A typical configuration creates a product for each application and either creates a new engagement per scan or appends to a running engagement. The engagement type (CI/CD or Interactive) and other metadata are configurable in the integration settings.

SLA Tracking and Metrics

DefectDojo's SLA tracking features apply to APVISO findings. Define remediation SLAs by severity (e.g., Critical within 24 hours, High within 7 days) and DefectDojo tracks compliance. Metrics dashboards show finding age, SLA compliance rates, remediation velocity, and trends over time across all imported tools including APVISO.

Status Synchronization

When a finding is marked as mitigated or risk-accepted in DefectDojo, APVISO can sync this status update. Conversely, when APVISO retests a vulnerability and confirms remediation, the DefectDojo finding is updated with verification evidence. This bidirectional sync ensures both platforms maintain an accurate view of remediation status.