artifacthub helm/securecodebox/persistence-defectdojo 4.0.0

latest releases: 4.5.0, 4.4.1, 4.4.0...
12 months ago


This release has been a long time in the making and brings some awesome improvements to the system as a whole and the auto-discovery in general. Some of these changes required some minor breaking changes, you can find a sumamry of the most important breaking changes in the "💣 Breaking Changes" section below and a complete and detailed list in the Upgrading from 3.x - 4.x notes.

GitHub commits since tagged version GitHub Repo stars Twitter URL

🚀 Features

  • Allow multiple scanTypes to be used in the Service and Container AutoDiscovery @Ilyesbdlala (#1447)
  • Add Cluster Wide Custom Resources (ClusterScanType, ClusterParseDefinition & ClusterScanCompletionHook) @J12934 (#1662): See more in ADR-12
  • Enable Container AutoDiscovery to scan images from private repos @the-simmon (#1374, #1557): See more in ADR-17
  • Added new references attribute to the finding format with unified references to CVEs, CWEs and other external references @Ilyesbdlala (#1676)
  • Added optional identified at parameter to findings (for all scanners which include this info in their results) @Ilyesbdlala (#1434)
  • Added new DNS Scanner: Doggo @rseedorff (#1446)
  • Added option to specify a go template to configure where in the s3 bucket the result files (raw scanner results and findings.json) should be stored. @the-simmon & @J12934 (#1389, #1734)

💣 Breaking Changes

You can find detailed upgrade notes on these braking changes in the upgrading documentation: Upgrading from 3.x - 4.x

Note some breaking changes are missing here and are only referenced in the linked upgrading notes.

  • AutoDiscovery takes a list of scans in config file, allowing it to start more than one scan for a identified resource @the-simmon (#1447)
  • Container AutoDiscovery enabled by default and more consistent behavior compared to Service AutoDiscovery @the-simmon (#1112)
  • SSH-Scan (Mozilla ssh_scan) is now considered deprecated as the tool is no longer maintained by mozilla. As a replacement we've added integration for ssh-audit as a replacement. The ssh-scan integration is still in this release but will be removed in a upcoming release. @Reet00 & @sofi0071 (#1713)
  • Improve Nmap Parser to handle multiple / ipv6 addresses and verbose output @J12934 (#1679)
  • Findings Format: inconsistent ip address fields removed, replaced with standardized ip_addresses @J12934 (#1701, #1748)
  • Allow multiple scanTypes to be used in the Service and Container AutoDiscovery @Ilyesbdlala (#1447)
  • Added optional mitigation attribute to findings @Ilyesbdlala (#1639)
  • Remove AngularCSTI Integration @J12934 (#1649)
  • Renamed Amass to attributes.hostname @Ilyesbdlala (#1605)

🚓 Security Scanner

⚓️ Hooks

🐛 Bug Fixes

📚 Documentation

  • Add missing supported platforms (CPU Architectures, e.g. amd64 or arm64) for Scanners to their helm charts and their documentation pages. @snoopy-cat(#1739)

📌 Dependencies


Artifact HUB
Docker Hub


Thanks to all our contributors supporting this project 🤗
@Ilyesbdlala, @the-simmon, @Reet00, @sofi0071, @ManuelNeuer, @Weltraumschaf, @fphoer, @malexmave, @srburton, @snoopy-cat, @rseedorff and @J12934

Don't miss a new persistence-defectdojo release

NewReleases is sending notifications on new releases.