Skip to content

docs(connectors): add GitHub Advanced Security, Qualys, Rapid7 InsightVM, Veracode references#15198

Open
devGregA wants to merge 2 commits into
bugfixfrom
connector-docs-backfill
Open

docs(connectors): add GitHub Advanced Security, Qualys, Rapid7 InsightVM, Veracode references#15198
devGregA wants to merge 2 commits into
bugfixfrom
connector-docs-backfill

Conversation

@devGregA

@devGregA devGregA commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Backfills the connectors tool reference for four connectors that shipped without customer-facing docs. Each section follows the existing reference format — credential/token setup, connector field mappings, and what a Record maps to.

  • GitHub Advanced Security — personal access token scopes (code scanning / Dependabot / secret scanning), organization, api.github.com vs GitHub Enterprise Server (/api/v3); one Record per non-archived repo.
  • Qualys — VMDR API user + password and the per-subscription API platform (pod) URL; one Record per host.
  • Rapid7 InsightVM — Security Console URL (port 3780) + console credentials (HTTP Basic); one Record per site.
  • Veracode — API ID + secret key (HMAC) and the regional API base URL; one Record per application, split into SAST/DAST/SCA/Manual finding types.

Pairs with the connector implementations (connectors PRs #657, #654, #656, #653).

Stories: sc-13490, sc-12691, sc-13485, sc-13464

…tVM, Veracode

Backfills the connector reference for four connectors that had no
customer-facing docs. Each section covers credential/token setup, the
connector field mappings, and what a Record maps to:

- GitHub Advanced Security — PAT scopes (code scanning / Dependabot /
  secret scanning), org, api.github.com vs GHES.
- Qualys — VMDR API user + per-subscription platform (pod) URL.
- Rapid7 InsightVM — Security Console URL (:3780) + console credentials.
- Veracode — API ID + secret (HMAC) + regional API base URL.

Stories: sc-13490, sc-12691, sc-13485, sc-13464
@Maffooch Maffooch force-pushed the connector-docs-backfill branch from b838d0e to 1441bc7 Compare July 9, 2026 05:00
Maffooch pushed a commit to devGregA/django-DefectDojo that referenced this pull request Jul 9, 2026
… Shodan setup

Add tool-specific setup sections to the connector reference for five
findings connectors, following the existing per-tool format
(description, prerequisites, connector mappings).

- Contrast: username + API key + service key + organization id.
- GitGuardian: single API key; documents the leak-proof behavior
  (only incident metadata is imported, never the secret value) and the
  open-incident / auto-mitigation semantics.
- Google Cloud Security Command Center: service-account JSON key +
  parent resource; notes SCC activation and the findingsViewer role.
- HackerOne: organization API token (identifier + token), with the
  personal-vs-organization token caveat.
- Shodan: API key + search query scoping to the org's own assets;
  notes the membership requirement and query-credit usage.

Veracode and Qualys are covered separately in the connector-docs
backfill PR (DefectDojo#15198).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@Maffooch Maffooch changed the base branch from dev to bugfix July 9, 2026 05:00
@Maffooch Maffooch added this to the 3.1.100 milestone Jul 9, 2026
@Maffooch Maffooch requested a review from paulOsinski July 9, 2026 05:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants