DefectDojo Triage - VSCode Extension
A VSCode extension that retrieves and displays DefectDojo findings for triage.
Features
- Fetch all active, unverified, non-duplicate findings from DefectDojo
- Configure connection parameters through VSCode commands
- Show results in the VSCode Output panel
- Automatically resolve product ID and test type by name
- Triage findings: edit Impact, Mitigation, and Status
- Submit triage data back to DefectDojo
Limitations
- Jira push: Automatic Jira push for findings with status "Verified" is not implemented because DefectDojo API v2 does not expose an endpoint for it. The
/finding/{id}/jira/push endpoint is only available through the web UI and requires CSRF token plus cookie authentication, which is not supported when using an API token.
Usage
Request parameters
The extension uses these API parameters:
active: true (only active findings)duplicate: false (exclude duplicates)verified: false (only unverified)limit: 99999
Project structure
.
├── src/
│ └── extension.ts # Main extension code
├── package.json # Extension configuration
├── tsconfig.json # TypeScript configuration
└── README.md # Documentation
Requirements
- VSCode version 1.74.0 or newer
- Node.js 16.x or newer
Building
Compile TypeScript
Compile TypeScript to JavaScript:
npm run compile
Compiled files go to out/.
Watch mode (development)
Recompile automatically while editing:
npm run watch
Watch mode is useful during development because it recompiles on save.
Build a .vsix package
Create an installable .vsix package:
npm run package
Note: Ensure dependencies are installed:
npm install
Both variants automatically:
- Compile the TypeScript code
- Create a .vsix file in the project root
The package will be named defectdojo-triage-0.0.1.vsix and can be installed into VSCode with:
code --install-extension defectdojo-triage-0.0.1.vsix
Development
For development and debugging:
- Install dependencies:
npm install
- Start watch mode:
npm run watch
- Press F5 in VSCode to launch the Extension Development Host
- Use the extension commands in the new window
License
MIT
