Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: Merge release into master from: release/2.38.1 #10885

Merged
merged 12 commits into from
Sep 9, 2024
Merged

Release: Merge release into master from: release/2.38.1 #10885

merged 12 commits into from
Sep 9, 2024

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Sep 9, 2024

Release triggered by Maffooch

DefectDojo release bot and others added 12 commits September 3, 2024 16:54
Update versions in application files
2e8fc75
@Maffooch
Merge pull request #10854 from DefectDojo/master-into-bugfix/2.38.0-2…
fb228e7 
….39.0-dev

Release: Merge back 2.38.0 into bugfix from: master-into-bugfix/2.38.0-2.39.0-dev
@dependabot
Bump cryptography from 43.0.0 to 43.0.1 (#10858)
4ccb3c9 
Bumps [cryptography](https://github.com/pyca/cryptography) from 43.0.0 to 43.0.1.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@43.0.0...43.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@damianpr
Add new parser - Legitify (#10797)
0746093 
* feat: added Legitify parser

* style: quality fix

* feat: updated .settings.dist.py

* feat: updated .settings.dist.py

---------

Co-authored-by: Damián Pardiñas Rodríguez <damian@MacBook-Pro-de-Damian.local>
@kiblik
feat(ui): Make ProdType clickable (in Prod detail) (#10840)
5c0e784
@kiblik
fix(edit-prod): Add assigned PT to queryset (#10843)
8f54596
@manuel-sommer
✨ add epss for aqua parser #10849 (#10855)
77f11ce 
* ✨ add epss for aqua parser #10849

* add unittest

* fix unittest
@arivra
Add new parser - Threat Composer (#10795)
bbc68db 
* Add parser, datasets, unittests, doc and dedup alg

* quality changes

* ruff linting

* Add new checksum

* status in parser

* settings hash updated
@Maffooch
Reimport: Set Vulnerability ID from incoming finding (#10870)
20513ba
@kiblik @Maffooch
fix: dojo.JIRA_Instance.default_issue_type: (fields.E005) 'choices' (#…
4ea5804 
…10864)

Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
@Maffooch
Dynamic Parsing: Add flag to indicate new test types (#10871)
f13afa8 
* Dynamic Parsing: Add flag to indicate new test types

* Add some tests
Update versions in application files
ed08101
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Sep 9, 2024
edited
Loading

DryRun Security Summary

This GitHub pull request contains a variety of changes across multiple files, primarily focused on improving the security and functionality of the DefectDojo application, including adding documentation for new parsers, updating dependencies, implementing new features, improving the handling and processing of security scan data, and enhancing the application's security posture.

Expand for full summary

Summary:

This GitHub pull request contains a variety of changes across multiple files, primarily focused on improving the security and functionality of the DefectDojo application. The changes include:

  1. Adding documentation for new parsers, such as Legitify and Threat Composer, which allow the application to import and process security scan data from various sources.
  2. Updating dependencies, including the cryptography library, to address known security vulnerabilities.
  3. Implementing new features, such as tracking "dynamically generated" test types, which can provide better visibility into the evolving security landscape of the application.
  4. Improving the handling and processing of security scan data from various tools, including Aqua and Threat Composer.
  5. Enhancing the application's security posture by implementing secure coding practices, such as input validation and sanitization, and improving the management of sensitive information.

Overall, these changes demonstrate a strong focus on application security and a commitment to continuously improving the DefectDojo platform's ability to manage and mitigate security risks.

Files Changed:

  • docs/content/en/integrations/parsers/file/legitify.md: Added documentation for the Legitify parser.
  • docs/content/en/integrations/parsers/file/threat_composer.md: Added documentation for the Threat Composer parser.
  • dojo/__init__.py: Updated the application version from 2.38.0 to 2.38.1.
  • components/package.json: Updated the application version and dependencies.
  • dojo/db_migrations/0214_test_type_dynamically_generated.py: Added a new field to track "dynamically generated" test types.
  • dojo/forms.py: Made changes to various Django forms, including handling of the "dynamically generated" test type field.
  • dojo/api_v2/serializers.py: Excluded the "dynamically generated" field from the TestTypeSerializer.
  • dojo/settings/.settings.dist.py.sha256sum: Updated the SHA-256 hash for the .settings.dist.py file.
  • dojo/importers/default_reimporter.py: Improved the handling of deduplication and associated objects during the import process.
  • dojo/models.py: Added a new "dynamically_generated" field to the Test_Type model.
  • dojo/templates/dojo/view_product_details.html: Updated the product details page to include a link to the product type.
  • dojo/settings/settings.dist.py: Added new parsers and configured the deduplication algorithm per parser.
  • dojo/tools/aqua/parser.py: Added support for parsing EPSS (Exploit Prediction Score Service) data.
  • helm/defectdojo/Chart.yaml: Updated the Helm chart version and the application version.
  • dojo/tools/legitify/parser.py: Implemented a parser for the Legitify tool's JSON output.
  • dojo/tools/threat_composer/parser.py: Implemented a parser for the Threat Composer tool's JSON output.
  • requirements.txt: Updated the cryptography package to address a known security vulnerability.

Code Analysis

We ran 9 analyzers against 30 files and 2 analyzers had findings. 7 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 2 findings
Authn/Authz Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@Maffooch Maffooch closed this Sep 9, 2024
@Maffooch Maffooch reopened this Sep 9, 2024
@github-actions github-actions bot added New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR apiv2 docs unittests ui parser helm labels Sep 9, 2024
@Maffooch Maffooch merged commit 7533448 into master Sep 9, 2024
71 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
apiv2 docs helm New Migration Adding a new migration file. Take care when merging. parser settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR ui unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Maffooch @damianpr @kiblik @manuel-sommer @arivra