dd-cli¶
A production-grade CLI for managing DefectDojo — list / create / update / delete every resource the API exposes, plus a fully backward-compatible import path for users coming from the original dd-import tool (now archived).
Why dd-cli¶
- Complete API coverage. Every read and write across 12 DefectDojo resource types — products, product-types, engagements, tests, findings, users, dojo-groups, jira-instances, risk-acceptances, metadata, endpoints, finding-templates — driven from a typed client generated from DefectDojo's OpenAPI spec.
- Drop-in replacement for
dd-import. Existing CI pipelines that invokedd-reimport-findingsordd-import-languageswithDD_*env vars keep working unchanged. The legacy console scripts are wired as thin shims over the new workflow code. - Pleasant interactive use. Rich tables, JSON / YAML output for piping, profiles for switching between DefectDojo instances,
dd configureinteractive setup,dd <resource> edit <id>opens the resource as YAML in$EDITOR, action verbs likedd findings close,risk-accept,dd engagements close/reopen,dd users deactivate. - Safe writes.
--dry-runpreviews every mutation without sending HTTP.--yes/-yskips the destructive-op confirmation prompt for scripts. Typed exit codes (auth=3, not-found=5, etc.) so CI can branch on what went wrong. - Validated against real DefectDojo. 24 integration tests run against a live DefectDojo instance per release, including a full Trivy-report import round-trip with finding-count assertions.
Where to next¶
- Install — PyPI, Docker, source
- Quickstart — first session:
configure,ping, list, manage, import - Configuration — TOML profiles, env-var precedence, exit codes
- Importing findings — both modes, scanner-specific tips
- Migration from dd-import — drop-in replacement details
- CLI reference — every command, every flag
- CI recipes — copy-paste pipelines
Status¶
dd-cli is v2.0 — feature-complete, shipped 2026-05-07. Maintained by Osama Mahmood under the BSD 3-Clause license, the same as the upstream dd-import project it succeeds.