create_finding
Generate and manage findings in DefectDojo by specifying title, test ID, severity, and description to streamline vulnerability tracking and resolution.
Instructions
Create a new finding
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| cvssv3 | No | ||
| cwe | No | ||
| description | Yes | ||
| impact | No | ||
| mitigation | No | ||
| severity | Yes | ||
| steps_to_reproduce | No | ||
| test_id | Yes | ||
| title | Yes |
Implementation Reference
- src/defectdojo/findings_tools.py:173-233 (handler)The main handler function for the 'create_finding' tool. It validates inputs, constructs the data payload, calls the DefectDojo client to create the finding, and returns the result.
async def create_finding(title: str, test_id: int, severity: str, description: str, cwe: Optional[int] = None, cvssv3: Optional[str] = None, mitigation: Optional[str] = None, impact: Optional[str] = None, steps_to_reproduce: Optional[str] = None) -> Dict[str, Any]: """Create a new finding. Args: title: Title of the finding test_id: ID of the test to associate the finding with severity: Severity level (Critical, High, Medium, Low, Info) description: Description of the finding cwe: Optional CWE identifier cvssv3: Optional CVSS v3 score string mitigation: Optional mitigation steps impact: Optional impact description steps_to_reproduce: Optional steps to reproduce Returns: Dictionary with status and data/error """ # Validate severity (case-insensitive check, but send capitalized) valid_severities = ["critical", "high", "medium", "low", "info"] normalized_severity = severity.lower() if normalized_severity not in valid_severities: # Use title case for user-facing error message valid_display = [s.title() for s in valid_severities] return {"status": "error", "error": f"Invalid severity '{severity}'. Must be one of: {', '.join(valid_display)}"} # Use title case for API api_severity = severity.title() data = { "title": title, "test": test_id, "severity": api_severity, "description": description, # Set defaults expected by API if not provided explicitly by user? # e.g., "active": True, "verified": False? Check API docs. "active": True, "verified": False, } # Add optional fields if provided if cwe is not None: data["cwe"] = cwe if cvssv3: data["cvssv3"] = cvssv3 # Assuming API accepts the string directly if mitigation: data["mitigation"] = mitigation if impact: data["impact"] = impact if steps_to_reproduce: data["steps_to_reproduce"] = steps_to_reproduce client = get_client() result = await client.create_finding(data) if "error" in result: return {"status": "error", "error": result["error"], "details": result.get("details", "")} return {"status": "success", "data": result} - src/defectdojo/tools.py:52-56 (registration)Registers the 'create_finding' tool with the FastMCP server instance, importing the handler from findings_tools.py.
mcp.tool( name="create_finding", description="Create a new finding" )(create_finding) - src/defectdojo/client.py:62-64 (helper)The DefectDojoClient method called by the tool handler to perform the actual API POST request to create a finding.
async def create_finding(self, data: Dict[str, Any]) -> Dict[str, Any]: """Create a new finding.""" return await self._request("POST", "/api/v2/findings/", json=data) - src/defectdojo/findings_tools.py:50-50 (registration)Alternative registration of the 'create_finding' tool within the findings_tools module's register_tools function.
mcp.tool(name="create_finding", description="Create a new finding")(create_finding) - Input schema defined by the function type hints and docstring parameters for the create_finding tool.
async def create_finding(title: str, test_id: int, severity: str, description: str, cwe: Optional[int] = None, cvssv3: Optional[str] = None, mitigation: Optional[str] = None, impact: Optional[str] = None, steps_to_reproduce: Optional[str] = None) -> Dict[str, Any]: