Results Output Options
Support for exporting Scrummage is results is provided for tier 3 and 4 monthly sponsors, and ad-hoc support is provided based on the relevant time-limit. For more details, you can contact us via the sponsors page.
By default, Scrummage plugins individually store their output data in 1 of 4 main output formats:
.html.json.csv.docx
When Scrummage creates a result it creates references to the result link, domain, and output file; furthermore, functionality is provided to create a screenshot for a result, through the link. So essentially you will most of the time end up with an output file and a screenshot that acts as evidence.
WARNING : Deleting a result will delete the output and screenshot files too.
On top of this Scrummage provides an additional 5 ways of alerting the user when a result is created. Please note each alert you enable will create an alert for each result. For example, if you have slack channel notifications and email enabled. An email will be sent alongside a Slack channel notification for every result found by a plugin.
Scumblr Database Output
The Scrummage team is well aware another open-source tool called Scumblr, developed by Netflix, performs some of the same functionality as Scrummage; furthermore, those who follow Scumblr know it currently is deprecated and has been looking for a new developer for the last 6 months. The GitHub repo can be found at https://github.com/Netflix-Skunkworks/Scumblr. Scrummage provides this functionality to current users of Scumblr by providing results to the Scumblr database so they don't have to view results in two different web applications, but can still benefit from both. To enable this, enter Scumblr’s backend postgresql database details to the config.json file, under "scumblr":
"scumblr": {
"host": "",
"port": 5432,
"database": "",
"user": "",
"password": ""
}CSV Output
This option is provided as a lightweight data store, for all results. To enable this output mode, change the "use_csv" switch to true, under "csv" in the config.json file:
"csv": {
"use_csv": true
}DOCX Output
This option is provided as an easy way to export results into a document that can be used as part of a report. To enable this output mode, change the "use_docx" switch to true, under "docx_report" in the config.json file:
"docx_report": {
"use_docx": true
}DefectDojo Finding Output
Scrummage supports integration with the DefectDojo API to create findings. To enable this you will need to create a project, engagement, and test and retrieve the id for each. After obtaining these, please enter them in the appropriate fields in the config.json file, under "defectdojo", as well as the rest of the needed information:
"defectdojo": {
"ssl": false,
"api_key": "",
"host": "",
"user": "admin",
"engagement_id": 1,
"product_id": 1,
"test_id": 1,
"user_id": 1
}Request Tracker for Incident Response (RTIR) Ticket Alert
In the world of Incident Response, RTIR is a bit of a veteran program; therefore, functionality has been provided for RTIR. Currently, this method only supports Cookie-Based authentication, while there is a python library for RTIR, the library is old and doesn’t support python3. Rather than attempting to rewrite it, the Scrummage developers decided to go with the cookie-based authentication option as it is very common and uses the requests library to handle it. To enable this mode, enter the RTIR details into the config.json file, under "rtir":
"rtir": {
"ssl": false,
"host": "",
"port": 80,
"user": "",
"password": "",
"authenticator": ""
}Some teams that use RTIR use it’s SMTP functionality and for those teams, they could leverage the email output functionality below to achieve the same result.
Atlassian JIRA Ticket Alert
While JIRA is typically used for software development projects, for tracking bugs and tasks, in the event a user wishes to use it for tracking incidents, it is available. To enable this mode, enter the JIRA details into the config.json file, under "jira":
"jira": {
"project_key": "",
"address": "",
"username": "",
"password": "",
"ticket_type": ""
}Elasticsearch Output
Currently, Elasticsearch is rapidly growing in popularity and therefore is included as an output option. To enable this mode, please enter the details in config.json under "elasticsearch":
"elasticsearch": {
"ssl": false,
"host": "",
"port": 9200,
"index": "Scrummage",
"use_timestamp": true
}Email Alerts
Email alerts have been included, where the user specifies both the from address and the to address. The from address will also the user to specify the username and password of the from email address. To enable this mode, please enter the details in config.json under "email":
"email": {
"smtp_server": "",
"smtp_port": 25,
"from_address": "",
"from_password": "",
"to_address": ""
}Note: You may be required to change settings in your email settings to allow this, such as allowing "less secure apps" in Gmail.
Slack Channel Notifications
Slack channel notifications work by having a message sent to a Slack channel. To enable this mode, enter the Slack Channel details into the config.json file, under "slack":
"slack": {
"token": "",
"channel": ""
}All output functions can be verified by using the "Verify Output" button at the bottom of the tasks page, which will perform a series of checks for all output options available:
