Skip to content

CLI reference

This page is auto-generated from the Typer app via mkdocs-click, so the flags and help text always match the installed version.

dd

Production-grade CLI for managing DefectDojo.

Usage:

dd [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--install-completion boolean Install completion for the current shell. None
--show-completion boolean Show completion for the current shell, to copy it or customize the installation. None
--help, -h boolean Show this message and exit. False

Subcommands

  • config: Manage dd-cli profiles and on-disk configuration.
  • configure: Interactively create or update a profile.
  • dojo-groups: List and get DefectDojo authorization groups.
  • endpoints: List and get DefectDojo endpoints.
  • engagements: List and get DefectDojo engagements.
  • finding-templates: List and get DefectDojo finding templates.
  • findings: List and get DefectDojo findings.
  • import: Import scanner findings or language data into DefectDojo.
  • jira-instances: List and get DefectDojo Jira instance configurations.
  • metadata: List and get DefectDojo metadata entries.
  • ping: Verify connectivity and authentication against DefectDojo.
  • product-types: List and get DefectDojo product types.
  • products: List and get DefectDojo products.
  • report: Generate a security report for a DefectDojo product.
  • risk-acceptances: List and get DefectDojo risk acceptances.
  • tests: List and get DefectDojo tests.
  • users: List and get DefectDojo users.

dd config

Manage dd-cli profiles and on-disk configuration.

Usage:

dd config [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • delete: Delete a profile from the on-disk config.
  • get: Print one field from the active profile (env-merged).
  • list: List all profiles in the on-disk config.
  • set: Set a field in a TOML profile. Creates the profile if it does not exist.
  • show: Show the resolved configuration for a profile (env vars merged in).
  • unset: Clear a field in a profile (resets it to the model default).
  • use: Set the default profile used when no --profile is given.

dd config delete

Delete a profile from the on-disk config.

Usage:

dd config delete [OPTIONS] NAME

Options:

Name Type Description Default
--yes, -y boolean Skip confirmation prompt. False
--help, -h boolean Show this message and exit. False

dd config get

Print one field from the active profile (env-merged).

Usage:

dd config get [OPTIONS] KEY

Options:

Name Type Description Default
--profile, -p text N/A None
--show-secrets boolean Reveal secret values like api_key. False
--help, -h boolean Show this message and exit. False

dd config list

List all profiles in the on-disk config.

Usage:

dd config list [OPTIONS]

Options:

Name Type Description Default
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd config set

Set a field in a TOML profile. Creates the profile if it does not exist.

Usage:

dd config set [OPTIONS] KEY VALUE

Options:

Name Type Description Default
--profile, -p text N/A None
--help, -h boolean Show this message and exit. False

dd config show

Show the resolved configuration for a profile (env vars merged in).

Usage:

dd config show [OPTIONS]

Options:

Name Type Description Default
--profile, -p text Profile to show. Defaults to the active profile. None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd config unset

Clear a field in a profile (resets it to the model default).

Usage:

dd config unset [OPTIONS] KEY

Options:

Name Type Description Default
--profile, -p text N/A None
--help, -h boolean Show this message and exit. False

dd config use

Set the default profile used when no --profile is given.

Usage:

dd config use [OPTIONS] NAME

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

dd configure

Interactively create or update a profile.

Usage:

dd configure [OPTIONS]

Options:

Name Type Description Default
--profile, -p text Profile name to create or update. None
--url text DefectDojo URL (skips the URL prompt). None
--api-key text API token (skips the prompt). None
--no-input boolean Fail instead of prompting for missing values. False
--help, -h boolean Show this message and exit. False

dd dojo-groups

List and get DefectDojo authorization groups.

Usage:

dd dojo-groups [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • create: Create a new dojo group.
  • delete: Delete a dojo group by ID.
  • edit: Open a dojo group as YAML in $EDITOR; PATCH the diff.
  • get: Get a single dojo group by ID or name.
  • list: List dojo groups.
  • update: Update an existing dojo group by ID.

dd dojo-groups create

Create a new dojo group.

Usage:

dd dojo-groups create [OPTIONS]

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the payload. None
--field text key=value to set on the payload (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd dojo-groups delete

Delete a dojo group by ID.

Usage:

dd dojo-groups delete [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Print what would happen without contacting DefectDojo. False
--help, -h boolean Show this message and exit. False

dd dojo-groups edit

Open a dojo group as YAML in $EDITOR; PATCH the diff.

Usage:

dd dojo-groups edit [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--dry-run boolean Print the patch that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd dojo-groups get

Get a single dojo group by ID or name.

Usage:

dd dojo-groups get [OPTIONS] [GROUP_ID]

Options:

Name Type Description Default
--name text Resolve by exact group name. None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd dojo-groups list

List dojo groups.

Usage:

dd dojo-groups list [OPTIONS]

Options:

Name Type Description Default
--name text Filter by exact name. None
--social-provider text Filter by social-auth provider (e.g. 'AzureAD', 'Google'). None
--limit integer Maximum rows. Default: 50. 50
--all boolean Stream every page. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd dojo-groups update

Update an existing dojo group by ID.

Usage:

dd dojo-groups update [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the patch payload. None
--field text key=value to patch (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd endpoints

List and get DefectDojo endpoints.

Usage:

dd endpoints [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • create: Create a new endpoint.
  • delete: Delete a endpoint by ID.
  • edit: Open a endpoint as YAML in $EDITOR; PATCH the diff.
  • get: Get a single endpoint by ID or host.
  • list: List endpoints with optional filters.
  • update: Update an existing endpoint by ID.

dd endpoints create

Create a new endpoint.

Usage:

dd endpoints create [OPTIONS]

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the payload. None
--field text key=value to set on the payload (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd endpoints delete

Delete a endpoint by ID.

Usage:

dd endpoints delete [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Print what would happen without contacting DefectDojo. False
--help, -h boolean Show this message and exit. False

dd endpoints edit

Open a endpoint as YAML in $EDITOR; PATCH the diff.

Usage:

dd endpoints edit [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--dry-run boolean Print the patch that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd endpoints get

Get a single endpoint by ID or host.

Usage:

dd endpoints get [OPTIONS] [ENDPOINT_ID]

Options:

Name Type Description Default
--name text Resolve by host (exact match). None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd endpoints list

List endpoints with optional filters.

Usage:

dd endpoints list [OPTIONS]

Options:

Name Type Description Default
--host text Filter by host. None
--port integer Filter by port. None
--path text Filter by path. None
--protocol text Filter by protocol (e.g. 'http', 'https'). None
--product integer Filter by owning product ID. None
--tag text Filter by tag (exact match). None
--limit integer Maximum rows. Default: 50. 50
--all boolean Stream every page. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd endpoints update

Update an existing endpoint by ID.

Usage:

dd endpoints update [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the patch payload. None
--field text key=value to patch (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd engagements

List and get DefectDojo engagements.

Usage:

dd engagements [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • close: Close an engagement via DefectDojo's dedicated /close/ endpoint.
  • create: Create a new engagement.
  • delete: Delete a engagement by ID.
  • edit: Open a engagement as YAML in $EDITOR; PATCH the diff.
  • get: Get a single engagement by ID or name.
  • list: List engagements with optional filters.
  • reopen: Reopen a closed engagement via DefectDojo's dedicated /reopen/ endpoint.
  • update: Update an existing engagement by ID.

dd engagements close

Close an engagement via DefectDojo's dedicated /close/ endpoint.

Usage:

dd engagements close [OPTIONS] ENGAGEMENT_ID

Options:

Name Type Description Default
--yes, -y boolean Skip confirmation. False
--dry-run boolean Print intent only. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd engagements create

Create a new engagement.

Usage:

dd engagements create [OPTIONS]

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the payload. None
--field text key=value to set on the payload (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd engagements delete

Delete a engagement by ID.

Usage:

dd engagements delete [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Print what would happen without contacting DefectDojo. False
--help, -h boolean Show this message and exit. False

dd engagements edit

Open a engagement as YAML in $EDITOR; PATCH the diff.

Usage:

dd engagements edit [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--dry-run boolean Print the patch that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd engagements get

Get a single engagement by ID or name.

Usage:

dd engagements get [OPTIONS] [ENGAGEMENT_ID]

Options:

Name Type Description Default
--name text Resolve by exact engagement name. None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd engagements list

List engagements with optional filters.

Usage:

dd engagements list [OPTIONS]

Options:

Name Type Description Default
--name text Filter by exact name. None
--product integer Filter by product ID. None
--status text Filter by status (e.g. 'In Progress', 'Completed', 'Not Started'). None
--target-start text Filter by target_start (YYYY-MM-DD). None
--target-end text Filter by target_end (YYYY-MM-DD). None
--tag text Filter by tag (exact match). None
--limit integer Maximum rows. Default: 50. 50
--all boolean Stream every page. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd engagements reopen

Reopen a closed engagement via DefectDojo's dedicated /reopen/ endpoint.

Usage:

dd engagements reopen [OPTIONS] ENGAGEMENT_ID

Options:

Name Type Description Default
--yes, -y boolean Skip confirmation. False
--dry-run boolean Print intent only. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd engagements update

Update an existing engagement by ID.

Usage:

dd engagements update [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the patch payload. None
--field text key=value to patch (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd finding-templates

List and get DefectDojo finding templates.

Usage:

dd finding-templates [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • create: Create a new finding template.
  • delete: Delete a finding template by ID.
  • edit: Open a finding template as YAML in $EDITOR; PATCH the diff.
  • get: Get a single finding template by ID or title.
  • list: List finding templates with optional filters.
  • update: Update an existing finding template by ID.

dd finding-templates create

Create a new finding template.

Usage:

dd finding-templates create [OPTIONS]

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the payload. None
--field text key=value to set on the payload (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd finding-templates delete

Delete a finding template by ID.

Usage:

dd finding-templates delete [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Print what would happen without contacting DefectDojo. False
--help, -h boolean Show this message and exit. False

dd finding-templates edit

Open a finding template as YAML in $EDITOR; PATCH the diff.

Usage:

dd finding-templates edit [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--dry-run boolean Print the patch that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd finding-templates get

Get a single finding template by ID or title.

Usage:

dd finding-templates get [OPTIONS] [TEMPLATE_ID]

Options:

Name Type Description Default
--name text Resolve by exact template title. None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd finding-templates list

List finding templates with optional filters.

Usage:

dd finding-templates list [OPTIONS]

Options:

Name Type Description Default
--title text Filter by exact title. None
--severity text Filter by severity. One of: Critical, High, Info, Low, Medium. None
--cwe integer Filter by CWE number. None
--tag text Filter by tag (exact match). None
--limit integer Maximum rows. Default: 50. 50
--all boolean Stream every page. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd finding-templates update

Update an existing finding template by ID.

Usage:

dd finding-templates update [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the patch payload. None
--field text key=value to patch (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd findings

List and get DefectDojo findings.

Usage:

dd findings [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • close: Close a finding via DefectDojo's dedicated /close/ endpoint.
  • create: Create a new finding.
  • delete: Delete a finding by ID.
  • edit: Open a finding as YAML in $EDITOR; PATCH the diff.
  • get: Get a single finding by ID or title.
  • list: List findings with optional filters.
  • reopen: Reopen a closed finding (PATCH is_mitigated=false, active=true).
  • risk-accept: Create a risk acceptance for a finding.
  • update: Update an existing finding by ID.

dd findings close

Close a finding via DefectDojo's dedicated /close/ endpoint.

Usage:

dd findings close [OPTIONS] FINDING_ID

Options:

Name Type Description Default
--note text Mitigation note attached to the closure. None
--false-positive boolean Mark as a false positive. False
--out-of-scope boolean Mark as out of scope. False
--duplicate boolean Mark as a duplicate. False
--yes, -y boolean Skip confirmation. False
--dry-run boolean Print intent only. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd findings create

Create a new finding.

Usage:

dd findings create [OPTIONS]

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the payload. None
--field text key=value to set on the payload (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd findings delete

Delete a finding by ID.

Usage:

dd findings delete [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Print what would happen without contacting DefectDojo. False
--help, -h boolean Show this message and exit. False

dd findings edit

Open a finding as YAML in $EDITOR; PATCH the diff.

Usage:

dd findings edit [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--dry-run boolean Print the patch that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd findings get

Get a single finding by ID or title.

Usage:

dd findings get [OPTIONS] [FINDING_ID]

Options:

Name Type Description Default
--name text Resolve by exact finding title. None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd findings list

List findings with optional filters.

Severity is case-insensitive on input but normalised to DefectDojo's canonical capitalisation (Critical, High, …) before the API call.

Usage:

dd findings list [OPTIONS]

Options:

Name Type Description Default
--title text Filter by exact finding title. None
--product integer Filter by product ID. None
--engagement integer Filter by engagement ID. None
--test integer Filter by test ID. None
--severity text Filter by severity. One of: Critical, High, Info, Low, Medium. None
--active / --inactive boolean Filter by active flag. None
--verified / --unverified boolean Filter by verified flag. None
--duplicate / --non-duplicate boolean Filter by duplicate flag. None
--tag text Filter by tag (exact match). None
--limit integer Maximum rows. Default: 50. 50
--all boolean Stream every page. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd findings reopen

Reopen a closed finding (PATCH is_mitigated=false, active=true).

Usage:

dd findings reopen [OPTIONS] FINDING_ID

Options:

Name Type Description Default
--yes, -y boolean Skip confirmation. False
--dry-run boolean Print intent only. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd findings risk-accept

Create a risk acceptance for a finding.

Usage:

dd findings risk-accept [OPTIONS] FINDING_ID

Options:

Name Type Description Default
--until text Expiration date (YYYY-MM-DD). Findings reactivate at expiry by default. None
--name text Risk-acceptance name (default: 'Risk acceptance for finding '). None
--decision text Decision letter. One of ['A', 'F', 'M', 'T', 'V'] = A=Accept, V=Avoid, M=Mitigate, F=Fix, T=Transfer. A
--reason text Decision details (compensating controls, rationale). None
--owner integer Owner user ID. Defaults to the calling user. None
--keep-expired boolean Do NOT reactivate findings when the acceptance expires. False
--yes, -y boolean Skip confirmation. False
--dry-run boolean Print intent only. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd findings update

Update an existing finding by ID.

Usage:

dd findings update [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the patch payload. None
--field text key=value to patch (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd import

Import scanner findings or language data into DefectDojo.

Usage:

dd import [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • findings: Import scanner output into DefectDojo (replaces dd-reimport-findings).
  • languages: Upload cloc JSON output to DefectDojo (replaces dd-import-languages).

dd import findings

Import scanner output into DefectDojo (replaces dd-reimport-findings).

Usage:

dd import findings [OPTIONS]

Options:

Name Type Description Default
--file, -f file Path to the scanner output file (JSON, XML, etc.). None
--scanner text Test type name from DefectDojo (e.g. 'Trivy Scan', 'Bandit Scan'). None
--product-type text Product type name (created if missing). None
--product text Product name (created if missing). None
--engagement text Engagement name (required for traditional flow, optional for --auto-create). None
--test-name text Test title (required for traditional flow, optional for --auto-create). None
--auto-create / --traditional boolean Use DefectDojo's single-call auto-create flow instead of find-or-create per resource. None
--minimum-severity text Drop findings below this severity (Info Low
--push-to-jira / --no-push-to-jira boolean N/A None
--close-old-findings / --keep-old-findings boolean N/A None
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Validate options and print intent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd import languages

Upload cloc JSON output to DefectDojo (replaces dd-import-languages).

Usage:

dd import languages [OPTIONS]

Options:

Name Type Description Default
--file, -f file Path to the cloc JSON output. None
--product-type text Product type name (created if missing). None
--product text Product name (created if missing). None
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Validate options and print intent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd jira-instances

List and get DefectDojo Jira instance configurations.

Usage:

dd jira-instances [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • create: Create a new JIRA instance.
  • delete: Delete a JIRA instance by ID.
  • edit: Open a JIRA instance as YAML in $EDITOR; PATCH the diff.
  • get: Get a single Jira instance by ID or configuration name.
  • list: List Jira instance configurations.
  • update: Update an existing JIRA instance by ID.

dd jira-instances create

Create a new JIRA instance.

Usage:

dd jira-instances create [OPTIONS]

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the payload. None
--field text key=value to set on the payload (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd jira-instances delete

Delete a JIRA instance by ID.

Usage:

dd jira-instances delete [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Print what would happen without contacting DefectDojo. False
--help, -h boolean Show this message and exit. False

dd jira-instances edit

Open a JIRA instance as YAML in $EDITOR; PATCH the diff.

Usage:

dd jira-instances edit [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--dry-run boolean Print the patch that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd jira-instances get

Get a single Jira instance by ID or configuration name.

Usage:

dd jira-instances get [OPTIONS] [INSTANCE_ID]

Options:

Name Type Description Default
--name text Resolve by exact configuration_name. None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd jira-instances list

List Jira instance configurations.

Usage:

dd jira-instances list [OPTIONS]

Options:

Name Type Description Default
--url text Filter by Jira base URL. None
--limit integer Maximum rows. Default: 50. 50
--all boolean Stream every page. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd jira-instances update

Update an existing JIRA instance by ID.

Usage:

dd jira-instances update [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the patch payload. None
--field text key=value to patch (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd metadata

List and get DefectDojo metadata entries.

Usage:

dd metadata [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • create: Create a new metadata entry.
  • delete: Delete a metadata entry by ID.
  • edit: Open a metadata entry as YAML in $EDITOR; PATCH the diff.
  • get: Get a single metadata entry by ID or name.
  • list: List metadata entries with optional filters.
  • update: Update an existing metadata entry by ID.

dd metadata create

Create a new metadata entry.

Usage:

dd metadata create [OPTIONS]

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the payload. None
--field text key=value to set on the payload (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd metadata delete

Delete a metadata entry by ID.

Usage:

dd metadata delete [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Print what would happen without contacting DefectDojo. False
--help, -h boolean Show this message and exit. False

dd metadata edit

Open a metadata entry as YAML in $EDITOR; PATCH the diff.

Usage:

dd metadata edit [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--dry-run boolean Print the patch that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd metadata get

Get a single metadata entry by ID or name.

Usage:

dd metadata get [OPTIONS] [ENTRY_ID]

Options:

Name Type Description Default
--name text Resolve by exact metadata key name (must be unique). None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd metadata list

List metadata entries with optional filters.

Usage:

dd metadata list [OPTIONS]

Options:

Name Type Description Default
--name text Filter by exact key name. None
--value text Filter by value. None
--product integer Filter by owning product ID. None
--finding integer Filter by owning finding ID. None
--endpoint integer Filter by owning endpoint ID. None
--limit integer Maximum rows. Default: 50. 50
--all boolean Stream every page. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd metadata update

Update an existing metadata entry by ID.

Usage:

dd metadata update [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the patch payload. None
--field text key=value to patch (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd ping

Verify connectivity and authentication against DefectDojo.

Usage:

dd ping [OPTIONS]

Options:

Name Type Description Default
--profile, -p text Profile to use. None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd product-types

List and get DefectDojo product types.

Usage:

dd product-types [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • create: Create a new product type.
  • delete: Delete a product type by ID.
  • edit: Open a product type as YAML in $EDITOR; PATCH the diff.
  • get: Get a single product type by ID or name.
  • list: List product types.
  • update: Update an existing product type by ID.

dd product-types create

Create a new product type.

Usage:

dd product-types create [OPTIONS]

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the payload. None
--field text key=value to set on the payload (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd product-types delete

Delete a product type by ID.

Usage:

dd product-types delete [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Print what would happen without contacting DefectDojo. False
--help, -h boolean Show this message and exit. False

dd product-types edit

Open a product type as YAML in $EDITOR; PATCH the diff.

Usage:

dd product-types edit [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--dry-run boolean Print the patch that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd product-types get

Get a single product type by ID or name.

Usage:

dd product-types get [OPTIONS] [PRODUCT_TYPE_ID]

Options:

Name Type Description Default
--name text Resolve by exact product type name. None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd product-types list

List product types.

Usage:

dd product-types list [OPTIONS]

Options:

Name Type Description Default
--name text Filter by exact name. None
--critical / --non-critical boolean Filter by critical_product flag. None
--key / --non-key boolean Filter by key_product flag. None
--limit integer Maximum rows. Default: 50. 50
--all boolean Stream every page. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd product-types update

Update an existing product type by ID.

Usage:

dd product-types update [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the patch payload. None
--field text key=value to patch (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd products

List and get DefectDojo products.

Usage:

dd products [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • create: Create a new product.
  • delete: Delete a product by ID.
  • edit: Open a product as YAML in $EDITOR; PATCH the diff.
  • get: Get a single product by ID or name.
  • list: List products with optional filters.
  • update: Update an existing product by ID.

dd products create

Create a new product.

Usage:

dd products create [OPTIONS]

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the payload. None
--field text key=value to set on the payload (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd products delete

Delete a product by ID.

Usage:

dd products delete [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Print what would happen without contacting DefectDojo. False
--help, -h boolean Show this message and exit. False

dd products edit

Open a product as YAML in $EDITOR; PATCH the diff.

Usage:

dd products edit [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--dry-run boolean Print the patch that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd products get

Get a single product by ID or name.

Usage:

dd products get [OPTIONS] [PRODUCT_ID]

Options:

Name Type Description Default
--name text Resolve by exact product name. None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd products list

List products with optional filters.

Usage:

dd products list [OPTIONS]

Options:

Name Type Description Default
--name text Filter by exact product name. None
--prod-type integer Filter by product type ID. None
--tag text Filter by tag (exact match). None
--limit integer Maximum rows. Ignored with --all. Default: 50. 50
--all boolean Stream every page from DefectDojo (overrides --limit). False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd products update

Update an existing product by ID.

Usage:

dd products update [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the patch payload. None
--field text key=value to patch (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd report

Generate a security report for a DefectDojo product.

Usage:

dd report [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • generate: Generate a Markdown and/or HTML report for a DefectDojo product.

dd report generate

Generate a Markdown and/or HTML report for a DefectDojo product.

Usage:

dd report generate [OPTIONS]

Options:

Name Type Description Default
--product integer DefectDojo product ID. Required unless --sample. None
--format choice (md | html | both) Output format(s). 'both' writes Markdown + HTML side-by-side. both
--output-dir directory Output directory (created if it doesn't exist). Default: ./reports reports
--test text Limit the report to tests whose title, test_type_name, or scan_type contains this string (case-insensitive). Repeatable. None
--detailed boolean Fetch per-finding notes, Jira mappings, and endpoint status. Adds 3 reads per finding (parallelised). Slower but richer output. False
--with-history boolean Fetch test_imports per test to render the scan-delta block (created / reactivated / closed / untouched since last scan). False
--sample boolean Render from bundled mock data — no API call. Useful for previewing the layout before configuring DefectDojo. Honours --test, --detailed, --with-history, and --format. False
--help, -h boolean Show this message and exit. False

dd risk-acceptances

List and get DefectDojo risk acceptances.

Usage:

dd risk-acceptances [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • create: Create a new risk acceptance.
  • delete: Delete a risk acceptance by ID.
  • edit: Open a risk acceptance as YAML in $EDITOR; PATCH the diff.
  • get: Get a single risk acceptance by ID or name.
  • list: List risk acceptances with optional filters.
  • update: Update an existing risk acceptance by ID.

dd risk-acceptances create

Create a new risk acceptance.

Usage:

dd risk-acceptances create [OPTIONS]

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the payload. None
--field text key=value to set on the payload (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd risk-acceptances delete

Delete a risk acceptance by ID.

Usage:

dd risk-acceptances delete [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Print what would happen without contacting DefectDojo. False
--help, -h boolean Show this message and exit. False

dd risk-acceptances edit

Open a risk acceptance as YAML in $EDITOR; PATCH the diff.

Usage:

dd risk-acceptances edit [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--dry-run boolean Print the patch that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd risk-acceptances get

Get a single risk acceptance by ID or name.

Usage:

dd risk-acceptances get [OPTIONS] [ACCEPTANCE_ID]

Options:

Name Type Description Default
--name text Resolve by exact risk-acceptance name. None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd risk-acceptances list

List risk acceptances with optional filters.

Usage:

dd risk-acceptances list [OPTIONS]

Options:

Name Type Description Default
--name text Filter by exact name. None
--owner integer Filter by owner user ID. None
--decision text Filter by decision (e.g. 'Accept', 'Transfer', 'Avoid', 'Mitigate'). None
--expiration-date text Filter by expiration date (YYYY-MM-DD). None
--reactivate-expired / --keep-expired boolean Filter by the reactivate-on-expiration flag. None
--limit integer Maximum rows. Default: 50. 50
--all boolean Stream every page. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd risk-acceptances update

Update an existing risk acceptance by ID.

Usage:

dd risk-acceptances update [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the patch payload. None
--field text key=value to patch (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd tests

List and get DefectDojo tests.

Usage:

dd tests [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • create: Create a new test.
  • delete: Delete a test by ID.
  • edit: Open a test as YAML in $EDITOR; PATCH the diff.
  • get: Get a single test by ID or title.
  • list: List tests with optional filters.
  • update: Update an existing test by ID.

dd tests create

Create a new test.

Usage:

dd tests create [OPTIONS]

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the payload. None
--field text key=value to set on the payload (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd tests delete

Delete a test by ID.

Usage:

dd tests delete [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Print what would happen without contacting DefectDojo. False
--help, -h boolean Show this message and exit. False

dd tests edit

Open a test as YAML in $EDITOR; PATCH the diff.

Usage:

dd tests edit [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--dry-run boolean Print the patch that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd tests get

Get a single test by ID or title.

Usage:

dd tests get [OPTIONS] [TEST_ID]

Options:

Name Type Description Default
--name text Resolve by exact test title. None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd tests list

List tests with optional filters.

Usage:

dd tests list [OPTIONS]

Options:

Name Type Description Default
--title text Filter by exact test title. None
--engagement integer Filter by engagement ID. None
--test-type integer Filter by test type ID. None
--tag text Filter by tag (exact match). None
--limit integer Maximum rows. Default: 50. 50
--all boolean Stream every page. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd tests update

Update an existing test by ID.

Usage:

dd tests update [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the patch payload. None
--field text key=value to patch (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd users

List and get DefectDojo users.

Usage:

dd users [OPTIONS] COMMAND [ARGS]...

Options:

Name Type Description Default
--help, -h boolean Show this message and exit. False

Subcommands

  • activate: Reactivate a user (PATCH is_active=true). Accepts ID or username.
  • create: Create a new user.
  • deactivate: Deactivate a user (PATCH is_active=false). Accepts ID or username.
  • delete: Delete a user by ID.
  • edit: Open a user as YAML in $EDITOR; PATCH the diff.
  • get: Get a single user by ID or username.
  • list: List users with optional filters.
  • update: Update an existing user by ID.

dd users activate

Reactivate a user (PATCH is_active=true). Accepts ID or username.

Usage:

dd users activate [OPTIONS] USER

Options:

Name Type Description Default
--yes, -y boolean Skip confirmation. False
--dry-run boolean Print intent only. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd users create

Create a new user.

Usage:

dd users create [OPTIONS]

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the payload. None
--field text key=value to set on the payload (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent without contacting DefectDojo. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd users deactivate

Deactivate a user (PATCH is_active=false). Accepts ID or username.

Usage:

dd users deactivate [OPTIONS] USER

Options:

Name Type Description Default
--yes, -y boolean Skip confirmation. False
--dry-run boolean Print intent only. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd users delete

Delete a user by ID.

Usage:

dd users delete [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--yes, -y boolean Skip the confirmation prompt. False
--dry-run boolean Print what would happen without contacting DefectDojo. False
--help, -h boolean Show this message and exit. False

dd users edit

Open a user as YAML in $EDITOR; PATCH the diff.

Usage:

dd users edit [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--dry-run boolean Print the patch that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd users get

Get a single user by ID or username.

Usage:

dd users get [OPTIONS] [USER_ID]

Options:

Name Type Description Default
--name text Resolve by exact username. None
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd users list

List users with optional filters.

Usage:

dd users list [OPTIONS]

Options:

Name Type Description Default
--username text Filter by exact username. None
--first-name text Filter by first name. None
--last-name text Filter by last name. None
--active / --inactive boolean Filter by active flag. None
--limit integer Maximum rows. Default: 50. 50
--all boolean Stream every page. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False

dd users update

Update an existing user by ID.

Usage:

dd users update [OPTIONS] RESOURCE_ID

Options:

Name Type Description Default
--from-file, -f file Path to a JSON or YAML file containing the patch payload. None
--field text key=value to patch (repeatable). Overrides --from-file. None
--dry-run boolean Print the request that would be sent. False
--output, -o choice (table | json | yaml) Output format. None
--help, -h boolean Show this message and exit. False