helm/securecodebox/persistence-defectdojo 4.0.0 on Artifact Hub

v4.0.0

This release has been a long time in the making and brings some awesome improvements to the system as a whole and the auto-discovery in general. Some of these changes required some minor breaking changes, you can find a sumamry of the most important breaking changes in the "💣 Breaking Changes" section below and a complete and detailed list in the Upgrading from 3.x - 4.x notes.

🚀 Features

Allow multiple scanTypes to be used in the Service and Container AutoDiscovery @Ilyesbdlala (#1447)
Add Cluster Wide Custom Resources (ClusterScanType, ClusterParseDefinition & ClusterScanCompletionHook) @J12934 (#1662): See more in ADR-12
Enable Container AutoDiscovery to scan images from private repos @the-simmon (#1374, #1557): See more in ADR-17
Added new references attribute to the finding format with unified references to CVEs, CWEs and other external references @Ilyesbdlala (#1676)
Added optional identified at parameter to findings (for all scanners which include this info in their results) @Ilyesbdlala (#1434)
Added new DNS Scanner: Doggo @rseedorff (#1446)
Added option to specify a go template to configure where in the s3 bucket the result files (raw scanner results and findings.json) should be stored. @the-simmon & @J12934 (#1389, #1734)

💣 Breaking Changes

You can find detailed upgrade notes on these braking changes in the upgrading documentation: Upgrading from 3.x - 4.x

Note some breaking changes are missing here and are only referenced in the linked upgrading notes.

AutoDiscovery takes a list of scans in config file, allowing it to start more than one scan for a identified resource @the-simmon (#1447)
Container AutoDiscovery enabled by default and more consistent behavior compared to Service AutoDiscovery @the-simmon (#1112)
SSH-Scan (Mozilla ssh_scan) is now considered deprecated as the tool is no longer maintained by mozilla. As a replacement we've added integration for ssh-audit as a replacement. The ssh-scan integration is still in this release but will be removed in a upcoming release. @Reet00 & @sofi0071 (#1713)
Improve Nmap Parser to handle multiple / ipv6 addresses and verbose output @J12934 (#1679)
Findings Format: inconsistent ip address fields removed, replaced with standardized ip_addresses @J12934 (#1701, #1748)
Allow multiple scanTypes to be used in the Service and Container AutoDiscovery @Ilyesbdlala (#1447)
Added optional mitigation attribute to findings @Ilyesbdlala (#1639)
Remove AngularCSTI Integration @J12934 (#1649)
Renamed Amass attributes.name to attributes.hostname @Ilyesbdlala (#1605)

🚓 Security Scanner

Added new DNS Scanner: Doggo @rseedorff (#1446)
Added new SSH Scanner: ssh-audit @Reet00 & @sofi0071 (#1713)
Remove AngularCSTI Scanner Integration @J12934 (#1649)
Added optional identified at parameter to findings @Ilyesbdlala (#1434)
Added zap-advanced configuration option to change reportType @rseedorff (#1632)
Upgraded amass from v3.21.2 to v3.23.2 @secureCodeBoxBot (#1634, #1641, #1652, #1719)
Upgraded ffuf from v1.5.0 to v2.0.0 @secureCodeBoxBot (#1579)
Upgraded gitleaks from v8.15.2 to v8.16.3 @secureCodeBoxBot (#1559, #1614, #1615, #1643, #1665, #1697)
Upgraded kubeaudit from 0.21.0 to 0.22.0 @secureCodeBoxBot (#1654)
Upgraded nuclei from v2.8.3 to v2.9.6 @secureCodeBoxBot (#1527, #1544, #1561, #1590, #1648, #1671, #1698, #1712, #1721, #1735, #1743)
Upgraded semgrep from 1.1.0 to 1.24.1 @secureCodeBoxBot (#1517, #1518, #1545, #1558, #1565, #1569, #1578, #1583, #1591, #1596, #1602, #1612, #1616, #1646, #1667, #1675, #1677, #1702, #1709, #1714, #1725, #1733, #1744)
Upgraded sslyze from 5.0.6 to 5.1.3 @secureCodeBoxBot (#1555, #1637, #1670)
Upgraded trivy from 0.35.0 to 0.42.0 @secureCodeBoxBot (#1546, #1572, #1587, #1599, #1617, #1622, #1636, #1644, #1668, #1681, #1695, #1706, #1745)
Upgraded typo3scan from v1.1.1 to v1.1.2 @secureCodeBoxBot (#1653)

⚓️ Hooks

Add Apikey in generic webhook @srburton (#1526)
Make userid optional for defectdojo @the-simmon (#1412)

🐛 Bug Fixes

Renames the hook.image.repository of update-field hook @Ilyesbdlala (#1685)
Improve Nmap Parser to handle multiple / ipv6 addresses and verbose output @J12934 (#1679)
Fixed Generic WebHook API Key not working correctly @Ilyesbdlala (#1673)
Updated snapshot of typo3scan after upgrade @Ilyesbdlala (#1655)
Added a check for empty Trivy .Results @Ilyesbdlala (#1640)
Fix the link in ADR-0017 in order to fix the Netlify build @Ilyesbdlala (#1631)
Includes minio authentication in operator makefile @Ilyesbdlala (#1577)
Adds error handling to remote version fetching for the scb-bot @Ilyesbdlala (#1509)

📚 Documentation

Add Upgrading Notes for Nuclei Findings @J12934 (#1502)
Added/fixed missing scantypes @rseedorff (#1628)
Change ADR-0007 State to DRAFT @Weltraumschaf (#1548)
Enforced the use of the node version in .nvmrc @Ilyesbdlala (#1645)
Fix that ADR 17 Breaks Documentation @Weltraumschaf (#1580)
One failing matrix job no longer stops other version compare jobs @Ilyesbdlala (#1570)
Remove codeclimate from contributing docs @Weltraumschaf (#1464)
Removed unnecessary dependencies @Ilyesbdlala (#1690)
Removed unnecessary intializing of scannerVersions in scanner Dockerfiles @Ilyesbdlala (#1625)
The DRAFT status does not have a link, only the SUPERSEDES does @Weltraumschaf (#1638)
Multiple minor fixes @rseedorff (#1627)

Add missing supported platforms (CPU Architectures, e.g. amd64 or arm64) for Scanners to their helm charts and their documentation pages. @snoopy-cat(#1739)