DefectDojo/django-DefectDojo 1.14.0

1.14.0 🌈

on GitHub

Changes since 1.13.0

💣 Breaking changes

• Reimport feature: use the configurable deduplication for matching new findings to existing findings @ptrovatelli (#3753)
• add last_status_update field and make status updates consistent @valentijnscholten (#3947)

🚩 Requires settings change or database migration

• Add checkmarx OSA parser and cvss3 score. Make some fields optional @ptrovatelli (#4016)
• SonarQube api: allow retrieval of all issue types @dsever (#4068)
• Reimport feature: use the configurable deduplication for matching new findings to existing findings @ptrovatelli (#3753)
• Authorization V2: authorization for products @StefanFl (#3926)
• Make the Django session duration configurable @bgoareguer (#3998)
• Removal of automatic nmap scans @StefanFl (#3993)
• add last_status_update field and make status updates consistent @valentijnscholten (#3947)
• JIRA: allow different templates for jira description rendering @valentijnscholten (#3938)
• Add configurable disclaimer to notifications and reports @Maffooch (#3914)

🚀 New importers

• Add checkmarx OSA parser and cvss3 score. Make some fields optional @ptrovatelli (#4016)
• Add new parser - Wfuzz @SPoint42 (#4030)
• Nikto parser: add support for JSON format @damiencarol (#4097)
• Add PMD Parser @jis0324 (#4027)

🚀 General features and enhancements

• Authorization V2: Engagements and Tests @StefanFl (#4092)
• Publish the Helm chart tarball with each release @bgoareguer (#3849)
• Cookie cutter template parser for new scanners @aaronweaver (#4165)
• alert count: don't get them on every dropdown click @valentijnscholten (#4149)
• allow non-staff users to perform bulk edit @valentijnscholten (#4148)
• SARIF: support date of findings @damiencarol (#4111)
• allow jira reconciliation to run through celerybeat @valentijnscholten (#4110)
• Improve GitLab Dependency Scanning hash code configuration @macedogm (#3873)
• prefetch for engagements all page @valentijnscholten (#4033)
• Nexpose parser: Process all hosts + add Endpoint(and protocol) + add new reference links + test @kiblik (#4082)
• SonarQube api: allow retrieval of all issue types @dsever (#4068)
• Burp REST API: implement de-duplication and request/response @damiencarol (#4025)
• add missing ordering for api filters @valentijnscholten (#4054)
• Nexpose dedup settings @dsever (#4060)
• JIRA status reconciliation management command @valentijnscholten (#3957)
• Hash code deduplication for GitLab SAST and Checkov @StefanFl (#4055)
• Update Aqua-scanner import for CVSS3 finding field @SPoint42 (#4046)
• Reimport feature: use the configurable deduplication for matching new findings to existing findings @ptrovatelli (#3753)
• Authorization V2: authorization for products @StefanFl (#3926)
• Updates Bulk Edit status combination/validation for Findings @blakeaowens (#3994)
• Anchore Grype parser: add deduplication @damiencarol (#4013)
• Performance improvement for engagements_all view @danielnaab (#3966)
• Update spotbugs parser @SPoint42 (#3906)
• Make the Django session duration configurable @bgoareguer (#3998)
• add last_status_update field and make status updates consistent @valentijnscholten (#3947)
• JIRA: allow different templates for jira description rendering @valentijnscholten (#3938)
• Quick report based on current finding filters @Maffooch (#3927)
• TruffleHog3 parser support and refresh version 2 @damiencarol (#3935)
• [GHA] Lint helm charts @madchap (#3948)
• Let users not configure personal notifications to Microsoft Teams @StefanFl (#3930)
• Add configurable disclaimer to notifications and reports @Maffooch (#3914)
• Helm mount ca volume, ingress spec @dsever (#3912)
• Docker volume for media files @StefanFl (#3954)

🚀 API features and enhancements

• api docs: switch back to supported drf-yasg @valentijnscholten (#4095)

🐛 Bug Fixes

• Fix: Nexpose ref URL format @dsever (#4166)
• jira: fix crash on invalid credentials @valentijnscholten (#4164)
• alert count: don't get them on every dropdown click @valentijnscholten (#4149)
• OpenSCAP parser: fix endpoint management @damiencarol (#4139)
• Fix MobSF parser @damiencarol (#4163)
• JIRA: Always check credentials when creating/saving a JIRA instance @valentijnscholten (#4132)
• allow non-staff users to perform bulk edit @valentijnscholten (#4148)
• WPScan: Add more tests and fixes missing finding @damiencarol (#4133)
• Clair parser: fixes TypeError: string indices must be integers @alles-klar (#4120)
• SARIF parser: fix error when titles are to long @damiencarol (#4088)
• Fix title max length and add more tests @damiencarol (#4090)
• stub/potential findings: fix push to JIRA @valentijnscholten (#4094)
• jira webhook update datetime parse fix @valentijnscholten (#4093)
• edit engagement: unhide error messages, fix testing lead error @valentijnscholten (#4078)
• Arachni parser: maintenace and fix 'Info' error @damiencarol (#4081)
• Updates Bulk Edit status combination/validation for Tests @blakeaowens (#4062)
• [docker-compose] Fix image version in use @madchap (#4066)
• Fix survey submission 500 error @37b (#4072)
• fix counts returned to non-staff users in apiv2 @valentijnscholten (#4074)
• Fix SSLyze scanner: Remove unnecessary read @StefanFl (#4056)
• dedupe: select oldest (lowest id) finding as original @valentijnscholten (#4048)
• JIRA: fix webhook mitigated by @valentijnscholten (#4051)
• Netsparker: Fix crashing parser at method get_findings() @AsierRF (#4045)
• OpenVAS parser: fix error and add unit tests @damiencarol (#3985)
• Fix NessusXMLParser' object has no attribute 'parse' @damiencarol (#3984)
• Backport: Safety parser: Fix unit tests and add component Backporting #3963 @valentijnscholten (#3988)
• Safety parser: Fix unit tests and add component (back-port to 1.13.x) @damiencarol (#3986)
• Safety parser: Fix unit tests and add component @damiencarol (#3963)
• set mitigation related fields correctly at close_old_findings @adiffpirate (#3929)
• TruffleHog3 parser support and refresh version 2 @damiencarol (#3935)
• fix dates and reimport history for similar / duplicate findings @valentijnscholten (#3956)
• fix typo in duplicate_reopen @valentijnscholten (#3949)
• jira helper: remove redundant .save() calls @valentijnscholten (#3953)
• remove left over risk acceptance jira comment code @valentijnscholten (#3950)
• GHA: Test multiple k8s versions @dsever (#3936)
• view_test: fix paging of findings (backport to 1.13.x) @valentijnscholten (#3941)
• view_test: fix paging of findings @valentijnscholten (#3940)
• Fix deduplication for Dependency Track scanner @SPoint42 (#4070)
• Fix Typo and duplicate code error @ankit2001 (#4053)
• Fix gitleaks import when no findings found @SPoint42 (#4026)
• Authorization V2: Rename of feature flag @StefanFl (#4034)
• Fix typo in models. Crital => Critical @SPoint42 (#4031)

📝 Documentation updates

• Add helm repo instructions @madchap (#4143)
• Cookie cutter template parser for new scanners @aaronweaver (#4165)
• Make mitigation, impact, url fields optional @ptrovatelli (#4122)
• Some typo fixes @SPoint42 (#4059)
• Remove generation of PDF reports in documentation @StefanFl (#4087)
• Fix for new parser infra @SPoint42 (#4044)
• docs: migrate to github pages @alles-klar (#3977)
• docs: Fix the new dirs for parser test and supress the need to modify facto… @SPoint42 (#4032)

🧰 Maintenance

• Bump lxml from 4.6.2 to 4.6.3 @dependabot (#4173)
• Revert Helm chart PRs, suspected to cause GHA to hang @madchap (#4170)
• Bump google-auth-oauthlib from 0.4.3 to 0.4.4 @dependabot (#4168)
• Veracode parser: remove lxml dependency @damiencarol (#3967)
• Bump sqlalchemy from 1.4.2 to 1.4.3 @dependabot (#4126)
• Bump djangorestframework from 3.12.2 to 3.12.3 @dependabot (#4127)
• Bump cryptography from 3.4.6 to 3.4.7 @dependabot (#4128)
• Bump sqlalchemy from 1.4.1 to 1.4.2 @dependabot (#4099)
• Bump django-crispy-forms from 1.11.1 to 1.11.2 @dependabot (#4101)
• Bump humanize from 3.2.0 to 3.3.0 @dependabot (#4102)
• Bump lxml from 4.6.2 to 4.6.3 @dependabot (#4108)
• dependabot: update django from 2.2.17 to 2.2.18 @valentijnscholten (#4098)
• SKF parser: add unit tests @damiencarol (#4091)
• api docs: switch back to supported drf-yasg @valentijnscholten (#4095)
• Qualys Infrastructure Scan parser: maintenance and fix date of finding @damiencarol (#3907)
• Bump django from 2.2.17 to 2.2.18 @dependabot (#4086)
• Add an extra javascript block to base.html @Maffooch (#4075)
• Hide reports list behind a feature flag @StefanFl (#4065)
• Bump sqlalchemy from 1.4.0 to 1.4.1 @dependabot (#4080)
• Bump google-auth from 1.27.1 to 1.28.0 @dependabot (#4076)
• Update manusa/actions-setup-minikube action from v2.3.0 to v2.3.1 (.github/workflows/k8s-testing.yml) @renovate (#4061)
• celery: allow forced synchronous execution @valentijnscholten (#4018)
• Update release-drafter/release-drafter action from v5.14.0 to v5.15.0 (.github/workflows/release-drafter.yml) @renovate (#4067)
• Bump sqlalchemy from 1.3.23 to 1.4.0 @dependabot (#4064)
• Bump urllib3 from 1.26.3 to 1.26.4 @dependabot (#4063)
• Bump nginx from 1.19.7-alpine to 1.19.8-alpine @dependabot (#4057)
• Bump clipboard from 2.0.7 to 2.0.8 in /components @dependabot (#4042)
• Bump datatables.net-buttons-dt from 1.6.5 to 1.7.0 in /components @dependabot (#4040)
• Bump datatables.net-bs from 1.10.23 to 1.10.24 in /components @dependabot (#4037)
• Bump datatables.net-dt from 1.10.23 to 1.10.24 in /components @dependabot (#4038)
• Bump datatables.net-buttons-bs from 1.6.5 to 1.7.0 in /components @dependabot (#4036)
• Bump openpyxl from 3.0.6 to 3.0.7 @dependabot (#4035)
• Bump defusedxml from 0.7.0 to 0.7.1 @dependabot (#4028)
• Bump social-auth-core from 4.0.3 to 4.1.0 @dependabot (#4019)
• Bump pillow from 8.1.1 to 8.1.2 @dependabot (#4020)
• Bump clipboard from 2.0.6 to 2.0.7 in /components @dependabot (#4021)
• Bump google-auth from 1.27.0 to 1.27.1 @dependabot (#4004)
• Bump defusedxml from 0.6.0 to 0.7.0 @dependabot (#4006)
• Bump google-auth-oauthlib from 0.4.2 to 0.4.3 @dependabot (#4005)
• Removal of automatic nmap scans @StefanFl (#3993)
• Update stefanzweifel/git-auto-commit-action action from v4.9.1 to v4.9.2 (.github/workflows/plantuml.yml) @renovate (#3999)
• Bump gitpython from 3.0.7 to 3.1.14 @dependabot (#3995)
• Update rabbitmq:3.8.14 Docker digest from to 3.8.14 (docker-compose.yml) @renovate (#3996)
• Fix gitpython version and remove jsonlines @damiencarol (#3964)
• Update rabbitmq Docker tag from 3.8.13 to v3.8.14 (docker-compose.yml) @renovate (#3979)
• Bump jquery from 3.5.1 to 3.6.0 in /components @dependabot (#3980)
• Add LinkedIn to Readme @Maffooch (#3973)
• Change Finding Image deprecation to 2021 rather than 2020 @Maffooch (#3972)
• [GHA] Remove useless docker login @madchap (#3952)
• Update rabbitmq Docker tag from 3.8.12 to v3.8.13 (docker-compose.yml) @renovate (#3968)
• Bump pillow from 8.1.0 to 8.1.1 @dependabot (#3969)
• Bump coverage from 5.4 to 5.5 @dependabot (#3960)
• Bump asteval from 0.9.22 to 0.9.23 @dependabot (#3961)
• Bump supervisor from 4.2.1 to 4.2.2 @dependabot (#3962)
• Update helm/kind-action action from v1.0.0 to v1.1.0 (.github/workflows/test-helm-chart.yml) @renovate (#3951)
• Update mysql:5.7.33 Docker digest from to 5.7.33 (docker-compose.yml) @renovate (#3942)
• Update rabbitmq:3.8.12 Docker digest from to 3.8.12 (docker-compose.yml) @renovate (#3943)
• Bump markdown from 3.3.3 to 3.3.4 @dependabot (#3925)
• chore(deps): update stefanzweifel/git-auto-commit-action action from v4.9.0 to v4.9.1 (.github/workflows/plantuml.yml) @renovate (#3920)