It's me again, sorry for spamming this forum, we are first-time experimenters with Threadfix, so we might have some noob questions ;-)
I am trying to integrate an unsupported Scan report (Nikto), using the REST API. The best way that I found to do this is via the "Manual Finding" method; It works well, but I was wondering two things:
-> Is there a better way to script the parsing of unsupported scanners?
-> If not, is it possible to change the name of a scan ("Nikto" instead of "Manual", for example)
-> Is there any way to use CWE numbers instead of titles? Or is there a list of acceptable CWE names somewhere? Is there an acceptable value for "unidentified" CWEs?
Thank you very much and have a good day!
Could you resend the link for "creating an importer"? It does not seem to have worked...
To answer your question, I am currently importing via a python script that translates the XML file to a REST call... I will test using the SSLV and try creating an importer; Then I will see which solution works the best for us.
Thank you!