DefectDojo · Maffooch · Apr 18, 2025 · Apr 15, 2025 · Apr 15, 2025 · Apr 16, 2025
@@ -8,6 +8,16 @@ weight: 3
 
 Need help with DefectDojo? Here are some ways to get assistance.
 
+## Open-Source Support
+
+Open-Source users can receive help and advice through our community channels.
+
+For Open-Source users, the quickest way to get help is through the [OWASP Slack Channel](https://owasp.org/slack/invite).  Our community members are active on the **# defectdojo channel** and can help you with issues you're facing.
+
+To report a bug, issues can be raised on our [GitHub](https://github.com/DefectDojo/django-DefectDojo).
+
+See our [Community Site](https://defectdojo.com/community) for more information.
+
 ## DefectDojo Pro Support
 
 DefectDojo Pro subscriptions come with full support from the DefectDojo Inc team during the initial trial period and beyond.
@@ -33,13 +43,3 @@ You can also contact our support team through your Cloud Portal:
 * or via **<https://cloud.defectdojo.com/resources/contact>**.
 
 ![image](images/contact_defectdojo_support_2.png)
-
-## Open-Source Support
-
-Open-Source users can receive help and advice through our community channels.
-
-For Open-Source users, the quickest way to get help is through the [OWASP Slack Channel](https://owasp.org/slack/invite).  Our community members are active on the **# defectdojo channel** and can help you with issues you're facing.
-
-To report a bug, issues can be raised on our [GitHub](https://github.com/DefectDojo/django-DefectDojo).
-
-See our [Community Site](https://defectdojo.com/community) for more information.
@@ -22,6 +22,6 @@ All of these features can be automated, and because DefectDojo can handle over 1
 
 ### Other guides
 
-- Does your organization use Jira? Learn how to use our [Jira integration](/en/share_your_findings/jira_integration/connect_to_jira) to create Jira tickets from the data you ingest.
+- Does your organization use Jira? Learn how to use our [Jira integration](/en/share_your_findings/jira_guide/) to create Jira tickets from the data you ingest.
 - Are you expecting to share DefectDojo with many users in your organization? Check out our guides to [user management](/en/customize_dojo/user_management/about_perms_and_roles/) and set up role-based access control (RBAC).
 - Ready to dive into automation? Learn how to use the [DefectDojo API](/en/connecting_your_tools/import_scan_files/api_pipeline_modelling) to automatically import new data, and build a robust CI / CD pipeline.
@@ -12,7 +12,7 @@ DefectDojo Pro comes with many additional features.  Here is list of those featu
 ## Improved UX
 
 ### Pro UI
-DefectDojo's UI has been reworked in DefectDojo Pro to be faster, more functional and to be better at navigating through enterprise-level data volume.  See our [Beta UI Guide](../ui_pro_vs_os) for more information.
+DefectDojo's UI has been reworked in DefectDojo Pro to be faster, more functional and to be better at navigating through enterprise-level data volume.  It also includes a dark mode.  See our [Beta UI Guide](../ui_pro_vs_os) for more information.
 
 ![image](images/enabling_deduplication_within_an_engagement_2.png)
 
@@ -22,8 +22,14 @@ Build custom workflows and bulk actions to handle Findings and other objects.  S
 
 ![image](images/rules_engine_4.png)
 
+### Pro Dashboards and Reporting
+Generate [instant reports and metrics](../ui_pro_vs_os/#new-dashboards) to share the security posture of your apps and repos.  Evaluate your security tools and your team's performance in addressing security issues.
+
 ## Streamlined import
 
+### Background Imports
+For enterprise-level reports, DefectDojo Pro offers an optimized upload method which processes Findings in the background.
+
 ### CLI Tools
 Quickly build a command-line pipeline to import, reimport and export data to your DefectDojo Pro instance using our Universal Importer and DefectDojo CLI apps.  These tools are maintained by the DefectDojo Pro team and can be run in Windows, Macintosh or Linux environments.  See our [External Tools Guide](/en/connecting_your_tools/external_tools/) for more information.
 
@@ -43,10 +49,11 @@ Supported tools for Connectors include:
 * SonarQube
 * Snyk
 * Tenable
+* Wiz
 
 ### Universal Parser
 Are you using an unsupported or customized scanning tool?  Or do you just wish DefectDojo handled a report slightly differently?
 
-Use DefectDojo Pro's Universal Parser to turn any .json or .csv report into an actionable set of Findings, and have DefectDojo parse the data however you like.  See our [Universal Parser Guide](/en/connecting_your_tools/universal_parser/)
+Use DefectDojo Pro's Universal Parser to turn any .json or .csv report into an actionable set of Findings, and have DefectDojo parse the data however you like.  See our [Universal Parser Guide](/en/connecting_your_tools/parsers/universal_parser/)
 
 ![image](images/universal_parser_3.png)
@@ -10,6 +10,9 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ## Apr 2025: v2.45
 
+### Apr 14, 2025: v2.45.1
+- **(Connectors)** Added a Connector for Wiz: see [tools reference](/en/connecting_your_tools/connectors/connectors_tool_reference/) for configuration instructions.
+
 ### Apr 7, 2025: v2.45.0
 - **(Beta UI)** Added Calendar view to Beta UI: Calendar view now displays Tests and Engagements, and can be filtered.  Clicking on a Calendar entry now displays a more detailed description of the object.
 ![image](images/pro_calendar_view.png)

@@ -1,5 +1,5 @@
 ---
-title: "API Connectors"
+title: "Connectors (Pro)"
 description: "Seamlessly connect DefectDojo to your security tools suite"
 summary: ""
 date: 2023-09-07T16:06:50+02:00

@@ -34,6 +34,7 @@ We currently support Connectors for the following tools, with more on the way:
 * **SonarQube**
 * **Snyk**
 * **Tenable**
+* **Wiz**
 
 These Connectors provide an API\-speed integration with DefectDojo, and can be used to automatically ingest and organize vulnerability data from the tool.
 

@@ -187,6 +187,11 @@ On\-premise Tenable Connectors are not available at this time.
 
 See [Tenable's API Documentation](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm) for more info.
 
+## Wiz
 
+Using the Wiz connector requires you to create a service account: see the [Wiz documentation](https://docs.wiz.io/wiz-docs/docs/service-accounts-settings#add-a-service-account) for more info.  You will need a Wiz account to access the documentation.
 
+#### **Connector Mappings**
 
+1. Enter your Wiz Client ID in the Client ID field.
+2. Enter the Wiz Client Secret in the Secret field.
@@ -1,5 +1,5 @@
 ---
-title: "External Tools: Universal Importer & DefectDojo-CLI"
+title: "External Tools: Universal Importer & DefectDojo-CLI (Pro)"
 description: "Import files to DefectDojo from the command line"
 draft: false
 weight: 2

@@ -12,13 +12,18 @@ DefectDojo allows you to connect your security tools in a flexible way to match
 
 When DefectDojo receives a vulnerability report from a security tool, it will create Findings based on the vulnerabilities contained within that report. DefectDojo acts as the central repository for these Findings where they can be triaged, remediated or otherwise addressed by you and your team.
 
-There are four main ways that DefectDojo can upload Finding reports:
+There are two main ways that DefectDojo can upload Finding reports.
 
-* Via direct **import** through the UI (“**Add Findings**”)
-* Via **API** endpoint (allowing for automated data ingest)
-* Via **Universal Importer**, a command-line tool which leverages the DefectDojo API
-* Via **Connectors** for certain tools, an ‘out of the box’ data integration
-* Via **Smart Upload** for certain tools, an importer designed to handle infrastructure scans
+* Via direct **import** through the UI: [Import Scan Form](../import_scan_files/import_scan_ui)
+* Via **API** endpoint (allowing for automated data ingest): See [API Docs](https://docs.defectdojo.com/en/api/api-v2-docs/)
+
+#### DefectDojo Pro Methods
+
+<span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Pro</span> users have an additional three methods to handle reports and data:
+
+* Via **Universal Importer** or **DefectDojo CLI**, command line tools which leverage the DefectDojo API: See [External Tools](../external_tools/)
+* Via **Connectors** for certain tools, an ‘out of the box’ data integration: See [Connectors Guide](../connectors/about_connectors/)
+* Via **Smart Upload** for certain tools, an importer designed to handle infrastructure scans: See [Smart Upload Guide](../import_scan_files/smart_upload/)
 
 ### Comparing Upload Methods
 
@@ -27,15 +32,28 @@ There are four main ways that DefectDojo can upload Finding reports:
 | **Supported Scan Types** | All: see [Supported Tools](/en/connecting_your_tools/parsers) | All: see [Supported Tools](/en/connecting_your_tools/parsers) | Snyk, Semgrep, Burp Suite, AWS Security Hub, Probely, Checkmarx, Tenable | Nexpose, NMap, OpenVas, Qualys, Tenable |
 | **Automation?** | Available via API: `/reimport` `/import` endpoints | Triggered from [CLI Importer](../external_tools) or external code | Connectors is inherently automated | Available via API: `/smart_upload_import` endpoint |
 
-### Product Hierarchy
+### Product Hierarchy and organization
 
 Each of these methods can create Product Hierarchy on the spot. Product Hierarchy refers to DefectDojo’s Product Types, Products, Engagements or Tests: objects in DefectDojo which help organize your data into relevant context.
 
 * **Vulnerability data can be imported into an existing Product Hierarchy**. Product Types, Products, Engagements and Tests can all be created in advance, and then data can be imported to that location in DefectDojo.
 * **The contextual Product Hierarchy can be created at the time of import.** When importing a report, you can create a new Product Type, Product, Engagement and/or Test. This is handled by DefectDojo through the ‘auto\-create context’ option.
 
-# Next Steps
+## Using Import Methods (Pro UI)
+
+In DefectDojo Pro, all of these methods can be accessed from the **Import** section of the sidebar.
+
+![image](images/pro_import_sidebar.png)
+
+The Pro UI allows you to create Product Types, Products and Engagements directly from the Import Scan form, so these objects are not required.
+
+## Using Import Methods (Classic UI / Open Souce)
+
+In DefectDojo OS, you can access the [Import Scan Form](../import_scan_files/import_scan_ui) from two locations:
+
+* The Tests section of an Engagement:
+    ![image](images/import_scan_os.png)
+* The Findings section of the navigation bar on a Product:
+    ![image](images/import_scan_os_2.png)
 
-* If you have a brand new DefectDojo instance, learning how to use the [Import Scan Form](../import_scan_files/import_scan_ui) is a great starting point.
-* If you want to learn how to translate DefectDojo’s organizational system into a robust pipeline, you can start by consulting our article on [Product Hierarchy](/en/working_with_findings/organizing_engagements_tests/product_hierarchy/).
-* If you want to set up Connectors to work with a supported tool, see our [About Connectors](../connectors/about_connectors/) article.
+DefectDojo OS requires you to set up one or more Products / Product Types before you can import data through the UI.  See our article on [Product Hierarchy](/en/working_with_findings/organizing_engagements_tests/product_hierarchy/) for more information.
@@ -13,14 +13,23 @@ It’s easy to reorganize your Product Hierarchy in DefectDojo, so it’s ok if
 
 For now, it’s good to know that **Engagements** can store data from multiple tools, which can be useful if you’re running different tools concurrently as part of a single testing effort.
 
-## Accessing the Import Scan Form
+## Accessing the Import Scan Form (Pro UI)
 
 The Import Scan form can be accessed from multiple locations:
 
 1. Via the **Import \> Add Findings** menu option on the sidebar
 2. From a **Product’s** **‘⋮’ (horizontal dots) Menu**, from a **Products Table**
 3. From the **⚙️Gear Menu** on a **Product Page**
 
+## Accessing the Import Scan Form (Classic UI / Open Source)
+
+In DefectDojo OS, you can access this form from two locations:
+
+* The Tests section of an Engagement:
+    ![image](images/import_scan_os.png)
+* The Findings section of the navigation bar on a Product:
+    ![image](images/import_scan_os_2.png)
+
 ## Completing the Import Scan Form
 
 ![image](images/import_scan_ui.png)
@@ -39,13 +48,13 @@ If you do not select a Scan Date, Findings created from this report will use the
 * **Tags:** if you want to use tags to further organize your Test data, you can add Tags using this form. Type in the name of the tag you want to create, and press Enter on your keyboard to add it to the list of tags.
 * **Process Findings Asynchronously**: this field is enabled by default, but it can be disabled if you wish. See explanation below.
 
-### Process Findings Asynchronously
+### Process Findings Asynchronously (Pro)
 
 When this field is enabled, DefectDojo will use a background process to populate your Test file with Findings. This allows you to continue working with DefectDojo while Findings are being created from your scan file.
 
 When this field is disabled, DefectDojo will wait until all Findings have been successfully created before you can proceed to the next screen. This could take significant time depending on the size of your file.
 
-This option is especially relevant when using the API. If uploading data with Process Findings Asynchronously turned **off**, DefectDojo will not return a successful response until all Findings have been created successfully, 
+This option is especially relevant when using the API to import data. If uploading data with Process Findings Asynchronously turned **off**, DefectDojo will not return a successful response until all Findings have been created successfully, 
 
 ### Optional Fields
 
@@ -56,9 +65,9 @@ This option is especially relevant when using the API. If uploading data with Pr
 * **Source Code Management URI** can also be specified. This form option must be a valid URI.
 * **Group By:** if you want to create Finding Groups out of this File, you can specify the grouping method here.
 
-# Next Steps
+### Next Steps
 
 Once your upload has completed, you should be redirected to the Test Page which contains the Findings found in the scan file. You can start working with those results right away, but feel free to consult the following articles:
 
-* Learn how to organize your Product Hierarchy to manage different contexts for your Findings and Tests: [Product Hierarchy Overview](https://docs.defectdojo.com/en/working_with_findings/organizing_engagements_tests/product-hierarchy-overview/).
-* Learn how to extend a test with additional Findings and reports: **Reimport Data To Extend a Test**
+* Learn how to organize your Product Hierarchy to manage different contexts for your Findings and Tests: [Product Hierarchy Overview](/en/working_with_findings/organizing_engagements_tests/product_hierarchy/).
+* Learn how to extend a Test with additional Findings and reports: [Reimport Guide](../using_reimport/)
@@ -1,5 +1,5 @@
 ---
-title: "Smart Upload for infrastructure scans"
+title: "Smart Upload for infrastructure scans (Pro)"
 description: "Automatically route incoming Findings to the correct Product"
 weight: 3
 ---

@@ -17,12 +17,12 @@ DefectDojo can parse data from 180+ security reports and counting.
 
 | [Connectors](../connectors/about_connectors): supported tools | [Smart Upload](../import_scan_files/smart_upload/): supported tools |
 | --- | --- |
-| AWS Security Hub, BurpSuite, Checkmarx ONE, Dependency-Track, Probely, Semgrep, SonarQube, Snyk, Tenable | Nexpose, NMap, OpenVas, Qualys, Tenable | 
+| AWS Security Hub, BurpSuite, Checkmarx ONE, Dependency-Track, Probely, Semgrep, SonarQube, Snyk, Tenable | Nexpose, NMap, OpenVas, Qualys, Tenable, Wiz | 
 
 # All Supported Tools
 
 All of these listed reports can be ingested via [Import/Reimport](../import_intro) methods. This means that they can be imported to both Open-Source and Pro instances using the UI or API.
 
 If your tool is not in this list, there's a good chance that DefectDojo can still import a report from the tool.  Consider the [Generic Findings Import](./generic_findings_import/) method.
 
-<span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Pro</span> users can import any JSON or CSV report using the [Universal Parser](../universal_parser).
+<span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Pro</span> users can import any JSON or CSV report using the [Universal Parser](./universal_parser).
@@ -1,7 +1,7 @@
 ---
 title: "API Pull"
 description: "Report pulled to DefectDojo via API exposed by scanning service"
-weight: 3
+weight: 4
 chapter: true
 sidebar:
   collapsed: true

@@ -1,7 +1,7 @@
 ---
 title: "Files"
 description: "Report uploaded to DefectDojo as files"
-weight: 2
+weight: 3
 chapter: true
 sidebar:
   collapsed: true

@@ -1,7 +1,7 @@
 ---
 title: "Generic Findings Import"
 toc_hide: true
-weight: 1
+weight: 2
 ---
 
 You can use Generic Findings Import as a method to ingest JSON or CSV files into DefectDojo which are not already in the supported parsers list.

@@ -1,8 +1,8 @@
 ---
-title: "🌐 Universal Parser"
+title: "🌐 Universal Parser (Pro)"
 description: ""
 draft: "false"
-weight: 4
+weight: 1
 pro-feature: true
 ---