Changes since 1.13.0
π£ Breaking changes
- Reimport feature: use the configurable deduplication for matching new findings to existing findings @ptrovatelli (#3753)
- add last_status_update field and make status updates consistent @valentijnscholten (#3947)
π© Requires settings change or database migration
- Add checkmarx OSA parser and cvss3 score. Make some fields optional @ptrovatelli (#4016)
- SonarQube api: allow retrieval of all issue types @dsever (#4068)
- Reimport feature: use the configurable deduplication for matching new findings to existing findings @ptrovatelli (#3753)
- Authorization V2: authorization for products @StefanFl (#3926)
- Make the Django session duration configurable @bgoareguer (#3998)
- Removal of automatic nmap scans @StefanFl (#3993)
- add last_status_update field and make status updates consistent @valentijnscholten (#3947)
- JIRA: allow different templates for jira description rendering @valentijnscholten (#3938)
- Add configurable disclaimer to notifications and reports @Maffooch (#3914)
π New importers
- Add checkmarx OSA parser and cvss3 score. Make some fields optional @ptrovatelli (#4016)
- Add new parser - Wfuzz @SPoint42 (#4030)
- Nikto parser: add support for JSON format @damiencarol (#4097)
- Add PMD Parser @jis0324 (#4027)
π General features and enhancements
- Authorization V2: Engagements and Tests @StefanFl (#4092)
- Publish the Helm chart tarball with each release @bgoareguer (#3849)
- Cookie cutter template parser for new scanners @aaronweaver (#4165)
- alert count: don't get them on every dropdown click @valentijnscholten (#4149)
- allow non-staff users to perform bulk edit @valentijnscholten (#4148)
- SARIF: support date of findings @damiencarol (#4111)
- allow jira reconciliation to run through celerybeat @valentijnscholten (#4110)
- Improve GitLab Dependency Scanning hash code configuration @macedogm (#3873)
- prefetch for engagements all page @valentijnscholten (#4033)
- Nexpose parser: Process all hosts + add Endpoint(and protocol) + add new reference links + test @kiblik (#4082)
- SonarQube api: allow retrieval of all issue types @dsever (#4068)
- Burp REST API: implement de-duplication and request/response @damiencarol (#4025)
- add missing ordering for api filters @valentijnscholten (#4054)
- Nexpose dedup settings @dsever (#4060)
- JIRA status reconciliation management command @valentijnscholten (#3957)
- Hash code deduplication for GitLab SAST and Checkov @StefanFl (#4055)
- Update Aqua-scanner import for CVSS3 finding field @SPoint42 (#4046)
- Reimport feature: use the configurable deduplication for matching new findings to existing findings @ptrovatelli (#3753)
- Authorization V2: authorization for products @StefanFl (#3926)
- Updates Bulk Edit status combination/validation for Findings @blakeaowens (#3994)
- Anchore Grype parser: add deduplication @damiencarol (#4013)
- Performance improvement for engagements_all view @danielnaab (#3966)
- Update spotbugs parser @SPoint42 (#3906)
- Make the Django session duration configurable @bgoareguer (#3998)
- add last_status_update field and make status updates consistent @valentijnscholten (#3947)
- JIRA: allow different templates for jira description rendering @valentijnscholten (#3938)
- Quick report based on current finding filters @Maffooch (#3927)
- TruffleHog3 parser support and refresh version 2 @damiencarol (#3935)
- [GHA] Lint helm charts @madchap (#3948)
- Let users not configure personal notifications to Microsoft Teams @StefanFl (#3930)
- Add configurable disclaimer to notifications and reports @Maffooch (#3914)
- Helm mount ca volume, ingress spec @dsever (#3912)
- Docker volume for media files @StefanFl (#3954)
π API features and enhancements
- api docs: switch back to supported drf-yasg @valentijnscholten (#4095)
π Bug Fixes
- Fix: Nexpose ref URL format @dsever (#4166)
- jira: fix crash on invalid credentials @valentijnscholten (#4164)
- alert count: don't get them on every dropdown click @valentijnscholten (#4149)
- OpenSCAP parser: fix endpoint management @damiencarol (#4139)
- Fix MobSF parser @damiencarol (#4163)
- JIRA: Always check credentials when creating/saving a JIRA instance @valentijnscholten (#4132)
- allow non-staff users to perform bulk edit @valentijnscholten (#4148)
- WPScan: Add more tests and fixes missing finding @damiencarol (#4133)
- Clair parser: fixes TypeError: string indices must be integers @alles-klar (#4120)
- SARIF parser: fix error when titles are to long @damiencarol (#4088)
- Fix title max length and add more tests @damiencarol (#4090)
- stub/potential findings: fix push to JIRA @valentijnscholten (#4094)
- jira webhook update datetime parse fix @valentijnscholten (#4093)
- edit engagement: unhide error messages, fix testing lead error @valentijnscholten (#4078)
- Arachni parser: maintenace and fix 'Info' error @damiencarol (#4081)
- Updates Bulk Edit status combination/validation for Tests @blakeaowens (#4062)
- [docker-compose] Fix image version in use @madchap (#4066)
- Fix survey submission 500 error @37b (#4072)
- fix counts returned to non-staff users in apiv2 @valentijnscholten (#4074)
- Fix SSLyze scanner: Remove unnecessary read @StefanFl (#4056)
- dedupe: select oldest (lowest id) finding as original @valentijnscholten (#4048)
- JIRA: fix webhook mitigated by @valentijnscholten (#4051)
- Netsparker: Fix crashing parser at method get_findings() @AsierRF (#4045)
- OpenVAS parser: fix error and add unit tests @damiencarol (#3985)
- Fix NessusXMLParser' object has no attribute 'parse' @damiencarol (#3984)
- Backport: Safety parser: Fix unit tests and add component Backporting #3963 @valentijnscholten (#3988)
- Safety parser: Fix unit tests and add component (back-port to 1.13.x) @damiencarol (#3986)
- Safety parser: Fix unit tests and add component @damiencarol (#3963)
- set mitigation related fields correctly at close_old_findings @adiffpirate (#3929)
- TruffleHog3 parser support and refresh version 2 @damiencarol (#3935)
- fix dates and reimport history for similar / duplicate findings @valentijnscholten (#3956)
- fix typo in duplicate_reopen @valentijnscholten (#3949)
- jira helper: remove redundant .save() calls @valentijnscholten (#3953)
- remove left over risk acceptance jira comment code @valentijnscholten (#3950)
- GHA: Test multiple k8s versions @dsever (#3936)
- view_test: fix paging of findings (backport to 1.13.x) @valentijnscholten (#3941)
- view_test: fix paging of findings @valentijnscholten (#3940)
- Fix deduplication for Dependency Track scanner @SPoint42 (#4070)
- Fix Typo and duplicate code error @ankit2001 (#4053)
- Fix gitleaks import when no findings found @SPoint42 (#4026)
- Authorization V2: Rename of feature flag @StefanFl (#4034)
- Fix typo in models. Crital => Critical @SPoint42 (#4031)
π Documentation updates
- Add helm repo instructions @madchap (#4143)
- Cookie cutter template parser for new scanners @aaronweaver (#4165)
- Make mitigation, impact, url fields optional @ptrovatelli (#4122)
- Some typo fixes @SPoint42 (#4059)
- Remove generation of PDF reports in documentation @StefanFl (#4087)
- Fix for new parser infra @SPoint42 (#4044)
- docs: migrate to github pages @alles-klar (#3977)
- docs: Fix the new dirs for parser test and supress the need to modify facto⦠@SPoint42 (#4032)
π§° Maintenance
- Bump lxml from 4.6.2 to 4.6.3 @dependabot (#4173)
- Revert Helm chart PRs, suspected to cause GHA to hang @madchap (#4170)
- Bump google-auth-oauthlib from 0.4.3 to 0.4.4 @dependabot (#4168)
- Veracode parser: remove lxml dependency @damiencarol (#3967)
- Bump sqlalchemy from 1.4.2 to 1.4.3 @dependabot (#4126)
- Bump djangorestframework from 3.12.2 to 3.12.3 @dependabot (#4127)
- Bump cryptography from 3.4.6 to 3.4.7 @dependabot (#4128)
- Bump sqlalchemy from 1.4.1 to 1.4.2 @dependabot (#4099)
- Bump django-crispy-forms from 1.11.1 to 1.11.2 @dependabot (#4101)
- Bump humanize from 3.2.0 to 3.3.0 @dependabot (#4102)
- Bump lxml from 4.6.2 to 4.6.3 @dependabot (#4108)
- dependabot: update django from 2.2.17 to 2.2.18 @valentijnscholten (#4098)
- SKF parser: add unit tests @damiencarol (#4091)
- api docs: switch back to supported drf-yasg @valentijnscholten (#4095)
- Qualys Infrastructure Scan parser: maintenance and fix date of finding @damiencarol (#3907)
- Bump django from 2.2.17 to 2.2.18 @dependabot (#4086)
- Add an extra javascript block to base.html @Maffooch (#4075)
- Hide reports list behind a feature flag @StefanFl (#4065)
- Bump sqlalchemy from 1.4.0 to 1.4.1 @dependabot (#4080)
- Bump google-auth from 1.27.1 to 1.28.0 @dependabot (#4076)
- Update manusa/actions-setup-minikube action from v2.3.0 to v2.3.1 (.github/workflows/k8s-testing.yml) @renovate (#4061)
- celery: allow forced synchronous execution @valentijnscholten (#4018)
- Update release-drafter/release-drafter action from v5.14.0 to v5.15.0 (.github/workflows/release-drafter.yml) @renovate (#4067)
- Bump sqlalchemy from 1.3.23 to 1.4.0 @dependabot (#4064)
- Bump urllib3 from 1.26.3 to 1.26.4 @dependabot (#4063)
- Bump nginx from 1.19.7-alpine to 1.19.8-alpine @dependabot (#4057)
- Bump clipboard from 2.0.7 to 2.0.8 in /components @dependabot (#4042)
- Bump datatables.net-buttons-dt from 1.6.5 to 1.7.0 in /components @dependabot (#4040)
- Bump datatables.net-bs from 1.10.23 to 1.10.24 in /components @dependabot (#4037)
- Bump datatables.net-dt from 1.10.23 to 1.10.24 in /components @dependabot (#4038)
- Bump datatables.net-buttons-bs from 1.6.5 to 1.7.0 in /components @dependabot (#4036)
- Bump openpyxl from 3.0.6 to 3.0.7 @dependabot (#4035)
- Bump defusedxml from 0.7.0 to 0.7.1 @dependabot (#4028)
- Bump social-auth-core from 4.0.3 to 4.1.0 @dependabot (#4019)
- Bump pillow from 8.1.1 to 8.1.2 @dependabot (#4020)
- Bump clipboard from 2.0.6 to 2.0.7 in /components @dependabot (#4021)
- Bump google-auth from 1.27.0 to 1.27.1 @dependabot (#4004)
- Bump defusedxml from 0.6.0 to 0.7.0 @dependabot (#4006)
- Bump google-auth-oauthlib from 0.4.2 to 0.4.3 @dependabot (#4005)
- Removal of automatic nmap scans @StefanFl (#3993)
- Update stefanzweifel/git-auto-commit-action action from v4.9.1 to v4.9.2 (.github/workflows/plantuml.yml) @renovate (#3999)
- Bump gitpython from 3.0.7 to 3.1.14 @dependabot (#3995)
- Update rabbitmq:3.8.14 Docker digest from to 3.8.14 (docker-compose.yml) @renovate (#3996)
- Fix gitpython version and remove jsonlines @damiencarol (#3964)
- Update rabbitmq Docker tag from 3.8.13 to v3.8.14 (docker-compose.yml) @renovate (#3979)
- Bump jquery from 3.5.1 to 3.6.0 in /components @dependabot (#3980)
- Add LinkedIn to Readme @Maffooch (#3973)
- Change Finding Image deprecation to 2021 rather than 2020 @Maffooch (#3972)
- [GHA] Remove useless docker login @madchap (#3952)
- Update rabbitmq Docker tag from 3.8.12 to v3.8.13 (docker-compose.yml) @renovate (#3968)
- Bump pillow from 8.1.0 to 8.1.1 @dependabot (#3969)
- Bump coverage from 5.4 to 5.5 @dependabot (#3960)
- Bump asteval from 0.9.22 to 0.9.23 @dependabot (#3961)
- Bump supervisor from 4.2.1 to 4.2.2 @dependabot (#3962)
- Update helm/kind-action action from v1.0.0 to v1.1.0 (.github/workflows/test-helm-chart.yml) @renovate (#3951)
- Update mysql:5.7.33 Docker digest from to 5.7.33 (docker-compose.yml) @renovate (#3942)
- Update rabbitmq:3.8.12 Docker digest from to 3.8.12 (docker-compose.yml) @renovate (#3943)
- Bump markdown from 3.3.3 to 3.3.4 @dependabot (#3925)
- chore(deps): update stefanzweifel/git-auto-commit-action action from v4.9.0 to v4.9.1 (.github/workflows/plantuml.yml) @renovate (#3920)