-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Display reviewers on finding pages. #11165
Display reviewers on finding pages. #11165
Conversation
DryRun Security SummaryThis pull request covers a wide range of updates and improvements to the DefectDojo application, focusing on security, performance, and maintainability, including updating base images, improving documentation, enhancing the import and processing of security findings, refactoring core components, and updating configuration files. Expand for full summarySummary: The code changes in this pull request cover a wide range of updates and improvements to the DefectDojo application, focusing on various aspects such as security, performance, and maintainability. The changes include updating base images, improving documentation, enhancing the import and processing of security findings, refactoring core components, and updating configuration files. From an application security perspective, the changes demonstrate a strong emphasis on security best practices, including:
Overall, the changes in this pull request appear to be a positive step towards improving the security and overall quality of the DefectDojo application. Files Changed:
Code AnalysisWe ran
Riskiness🔴 Risk threshold exceeded. We've notified @mtesauro, @grendel513. |
I mistakenly first created this pr targeting the master branch. That might've triggered this failed check. I suggest re-running if possible (@mtesauro could you kindly do so, please?). |
Hi @pedrohdjs! Just wanted to pop in say thank you for the contribution and congrats on your first PR! I'm sure it will go smoothly. I have to leave the reviewing to the rest of the team because my python-foo isn't what it used to be, but just wanted to say hello and thank you. |
@pedrohdjs Your PR is OK even if this test is failing: That test is used to notify the core contributors that a PR is being done in an 'interesting' area of DefectDojo code from a non-core contributor. It's basically a flag to have us look a bit more closely at the PRs where that fails. You're good to go with the tests as they are right now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Congrats on your first PR!
Description
This PR adds a list of reviewers (assigned with the "request peer review" feature) to the UI in the finding pages.
I believe this would make for better finding visualization, and this is something that some users might miss, as noted in issue #10434's discussion.
Test results
I have tested (manually) all of the finding listing pages. Except when the findings are filtered by closed, all of the assigned reviewers should be displayed in the rightmost column.
Disclaimer
Please, note that this is my first open source contribution PR ever, so, explaining stuff assuming I know very little about open source might be a good call.
I'm open to any feedback and to implement any changes that might be necessary. Although I read the contribution guidelines, it's likely that I might have done some things wrong here, and I realize that this feature ideally should've gone through a pre-approval, but, since implementing it was fairly straightforward after I got (kind of 😅 ) used to the codebase and I wouldn't lose a lot of work if the PR is denied, I thought I'd give it a shot.