Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jira Push All Issues: Improve help text #10996

Merged
merged 1 commit into from
Oct 7, 2024
Merged

Jira Push All Issues: Improve help text #10996

merged 1 commit into from
Oct 7, 2024

Conversation

Maffooch
Copy link
Contributor

@Maffooch Maffooch commented Oct 3, 2024

Clarify how the push_all_issues checkbox performs, and what it requires

[sc-7725]

@github-actions github-actions bot added the New Migration Adding a new migration file. Take care when merging. label Oct 3, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Oct 3, 2024

DryRun Security Summary

The pull request updates the JIRA integration functionality in the DefectDojo application, including modifying the database migration to update the push_all_issues field of the jira_project model and updating the help text and verbose names of various fields in the JIRA_Project model, which improves the integration between the two security-related tools and ensures that all verified findings are properly tracked and addressed.

Expand for full summary

Summary:

The code changes in this pull request are focused on updating the JIRA integration functionality
within the DefectDojo application. The changes include modifying the database migration to
update the push_all_issues field of the jira_project model, as well as updating the help
text and verbose names of various fields in the JIRA_Project model.

From an application security perspective, the changes are generally positive, as they improve
the integration between the two security-related tools (DefectDojo and JIRA) and help ensure
that all verified findings are properly tracked and addressed. However, it's important to
consider potential security implications, such as ensuring the secure handling of sensitive
data, appropriate access controls and permissions for the JIRA integration, and reliable
synchronization between the two systems.

Files Changed:

  1. dojo/db_migrations/0216_alter_jira_project_push_all_issues.py:

    • The changes modify the push_all_issues field of the jira_project model, which
      determines whether all verified findings in DefectDojo should automatically create
      JIRA tickets.
    • The help text for the push_all_issues field indicates that once a JIRA ticket is
      created, it will continue to sync with DefectDojo, regardless of the status in
      DefectDojo.
    • The changes improve the integration between DefectDojo and JIRA, ensuring that all
      verified findings are properly tracked and addressed.

  2. dojo/models.py:

    • The changes update the help_text and verbose_name fields of various model fields in
      the JIRA_Project model.
    • The updates to the push_all_issues field help text and the add_vulnerability_id_to_jira_label
      field verbose_name are intended to improve the usability and clarity of the JIRA
      integration functionality within DefectDojo.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Oct 4, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit e6bb04e into DefectDojo:dev Oct 7, 2024
72 checks passed
@Maffooch Maffooch deleted the jira-help branch October 7, 2024 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blakeaowens blakeaowens blakeaowens approved these changes

@hblankenship hblankenship hblankenship approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

Assignees
No one assigned
Labels
New Migration Adding a new migration file. Take care when merging.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Maffooch @cneill @mtesauro @hblankenship @blakeaowens