DefectDojo

DefectDojo

DefectDojo is an open source application vulnerability management platform that streamlines the handling of security findings from various tools, including seamless integration with Anchore Enterprise.

Anchore Enterprise vulnerability and policy reports, whether obtained through the UI or using anchorectl, can be seamlessly parsed and imported into DefectDojo for centralized vulnerability management.

Importing Anchore Enterprise analysis Data into DefectDojo

You can obtain vulnerability and policy evaluation reports from Anchore Enterprise through:

  • The Anchore Enterprise UI
  • The anchorectl
  • The Anchore API (for automation workflows)

The downloaded reports can be uploaded to DefectDojo by selecting the appropriate parser during the import process. For more details on available DefectDojo and Anchore parsers, see: DefectDojo Integration.

Downloading Vulnerability report from Anchore UI

To download vulnerability report data from Anchore UI

Click on the “Images” icon Image list

Select the image tag for which you want to download the vulnerability data. Image tags

Now navigate to the “Vulnerabilities” section, Click on “Vulnerability Report” to download the report. Vulnerability list

Download the report in JSON format, then proceed to import it into DefectDojo.

Downloading Vulnerability and Policy report via anchorectl

To download vulnerability report using anchorectl run the following:

anchorectl image vulnerabilities <Image sha> -o json > <filename.json>

To download policy report using anchorectl run the following:

anchorectl image check <name:tag> -o json > <filename.json>

The filename.json download can then be uploaded into DefectDojo

Exporting vulnerability report data using Anchore API

Automation workflows can be created using the Anchore Enterprise API to pull vulnerability data and submit it to DefectDojo via its API.

To retrieve vulnerability data for an image using the Anchore Enterprise API, use the following curl command:

curl -X 'GET' \
  'https://myanchore.com/v2/images/<Imagesha>/vuln/all?force_refresh=false&include_vuln_description=false&vendor_only=true' \
  -H 'accept: application/json'

For more details on how to automate this process using DefectDojo API, see: DefectDojo API usage.

Last modified May 19, 2025