Task 1: Create a Product in DefectDojo

1. Log in to the DefectDojo dashboard.

2. Navigate to Products > Add Product.

3. Use the following details to create the product:

   • Name: Training AdiJava

   • Description: Training AdiJava Application

   • Product Manager: Admin User (admin)

   • Technical Contact: Admin User (admin)

   • Team Manager: Admin User (admin)

   • Product Type: Internal Application

   • SLA Configuration: Default

   • Regulations: Nothing selected

   • Business Criticality: Medium

   • Platform: Web

   • Lifecycle: Production

   • Origin: Internally Developed

4. Save the product and note the Product ID for later use. (Screenshot the Product ID)

Task 2: Set Up a SonarQube Project for Training AdiJava

On SonarQube Dashboard:

• Log in to the SonarQube dashboard.

• Select Import Project and choose the Training AdiJava repository from GitLab.

• Generate a project token and save it for later use.

On Tools Server:

• Clone the Training AdiJava repository from your group adinusa-pro-<your_username>

• Run sonar-scanner using the sonar-project.properties file (Screenshot the sonar-project.properties content)

On SonarQube Dashboard:

• Review the analysis results on the dashboard under the Training AdiJava project.(Screenshot the result in Sonarqube Dashboard)

Task 3: Run Dependency-Check and Send Results to DefectDojo

1. On the tools server, navigate to the training-adijavatransaksi repository directory.

2. Run the dependency-check.sh and generate XML report format

3. Send the results to DefectDojo

4. Confirm the report has been successfully uploaded and associated with the Training AdiJava product. (Screenshot the result in Defectdojo Dashboard)