Skip to main content

defectdojo

Facilitates vulnerability management and DevSecOps processes using DefectDojo's API for enhanced security integration.

Install this skill

or
39/100

Security score

The defectdojo skill was audited on Feb 19, 2026 and we found 25 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 122

Template literal with variable interpolation in command context

SourceSKILL.md
122```json
medium line 296

Template literal with variable interpolation in command context

SourceSKILL.md
296```yaml
medium line 329

Template literal with variable interpolation in command context

SourceSKILL.md
329```groovy
medium line 358

Template literal with variable interpolation in command context

SourceSKILL.md
358```yaml
medium line 245

Curl to non-GitHub URL

SourceSKILL.md
245curl -X POST "https://defectdojo.example.com/api/v2/import-scan/" \
medium line 273

Curl to non-GitHub URL

SourceSKILL.md
273curl -X POST "https://defectdojo.example.com/api/v2/reimport-scan/" \
medium line 545

Webhook reference - potential data exfiltration

SourceSKILL.md
5453. **Configure Webhook (bidirectional sync):**
medium line 546

Webhook reference - potential data exfiltration

SourceSKILL.md
546- Create webhook in JIRA pointing to:
medium line 547

Webhook reference - potential data exfiltration

SourceSKILL.md
547`https://<defectdojo>/jira/webhook/<webhook-secret>`
low line 781

Access to hidden dotfiles in home directory

SourceSKILL.md
781KUBECONFIG=~/.kube/aks-rg-hypera-cafehyna-dev-config kubectl get pods -n defectdojo
low line 787

Access to hidden dotfiles in home directory

SourceSKILL.md
787KUBECONFIG=~/.kube/aks-rg-hypera-cafehyna-dev-config kubectl logs -n defectdojo -l app.kubernetes.io/name=defectdojo -c uwsgi
low line 793

Access to hidden dotfiles in home directory

SourceSKILL.md
793KUBECONFIG=~/.kube/aks-rg-hypera-cafehyna-dev-config kubectl rollout restart deployment/defectdojo-django -n defectdojo
low line 40

External URL reference

SourceSKILL.md
40- Demo: <https://demo.defectdojo.org> (admin / 1Defectdojo@demo#appsec)
low line 129

External URL reference

SourceSKILL.md
129"DEFECTDOJO_URL": "https://defectdojo.dev.cafehyna.com.br",
low line 245

External URL reference

SourceSKILL.md
245curl -X POST "https://defectdojo.example.com/api/v2/import-scan/" \
low line 273

External URL reference

SourceSKILL.md
273curl -X POST "https://defectdojo.example.com/api/v2/reimport-scan/" \
low line 325

External URL reference

SourceSKILL.md
325Install the DefectDojo Jenkins plugin from: <https://plugins.jenkins.io/defectdojo/>
low line 333

External URL reference

SourceSKILL.md
333DEFECTDOJO_URL = 'https://defectdojo.example.com'
low line 431

External URL reference

SourceSKILL.md
431api = DefectDojoAPI('https://defectdojo.example.com', 'your-api-token')
low line 547

External URL reference

SourceSKILL.md
547`https://<defectdojo>/jira/webhook/<webhook-secret>`
low line 555

External URL reference

SourceSKILL.md
555value: "https://your-jira.atlassian.net"
low line 587

External URL reference

SourceSKILL.md
587| Redirect URI | `https://defectdojo.dev.cafehyna.com.br/complete/azuread-tenant-oauth2/` |
low line 663

External URL reference

SourceSKILL.md
663siteUrl: https://defectdojo.dev.cafehyna.com.br
low line 771

External URL reference

SourceSKILL.md
771https://defectdojo.dev.cafehyna.com.br/login?force_login_form
low line 814

External URL reference

SourceSKILL.md
814- [Swagger UI](https://defectdojo.dev.cafehyna.com.br/api/v2/oa3/swagger-ui/) - Interactive API docs
Scanned on Feb 19, 2026
View Security Dashboard
Installation guide →
GitHub Stars 106
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawapidevopssecurity-engineerdevops-srebackend-developerproduct-managerqa-engineerdevelopmentproduct
majiayu000/claude-skill-registry