With the Google Sheets sync feature, DefectDojo allow the users to export all the finding details of each test into a separate Google Spreadsheet. Users can review and edit finding details via Google Spreadsheets. Also, they can add new notes to findings and edit existing notes using the Google Spreadsheet. After reviewing and updating the finding details in the Google Spreadsheet, the user can import (sync) all the changes done via the Google Spreadsheet into DefectDojo database.
Creating a project and a Service Account
Enabling the required APIs
Configurations in DefectDojo
Click 'Configuration' from the left hand menu.
Click 'Google Sheets Sync'.
Fill the form.
a. Upload the downloaded json file into the Upload Credentials file field. b. Drive Folder Id
a. Create a folder inside the Google drive of the same gmail account used to create the service account. b. Get the **client\_email** from the downloaded json file and share the created drive folder with client\_email giving **edit access**. c. Extract the folder id from the URL and insert it as the **Drive Folder Id**.
c. Tick the Enable Service check box. (Optional as this has no impact on the configuration, but you must set it to true inorder to use the feature. Service can be enabled or disabled at any point after the configuration using this check box) d. For each field in the finding table there are two related entries in the form. a. In the drop down, select Hide if the column needs to be hidden in the Google Sheet, else select any other option based on the length of the entry that goes under the column. b. If the column needs to be protected in the Google Sheet, tick the check box. Otherwise leave it unchecked.
Admin has the privilege to revoke the access given to DefectDojo to access Google Sheets and Google Drive data by simply clicking the Revoke Access button.
Before a user can export a test to a Google Spreadsheet, admin must Configure Google Sheets Sync and Enable sync feature.Depending on whether a Google Spreadsheet exists for the test or not, the User interface displayed will be different.
If a Google Spreadsheet does not exist for the Test:
If a Google Spreadsheet is already created for the Test:
After creating a Google Spreadsheet, users can review and edit Finding details using the Google Sheet. If any change is done in the Google Sheet users can click the Sync Google Sheet button to get those changes into DefectDojo.