DefectDojo/django-DefectDojo 1.15.0

1.15.0 🌈

on GitHub

Changes since 1.14.0

💣 Breaking changes

• Allow grouping of Findings (and push to JIRA) (disabled by default) @valentijnscholten (#4017)

🚩 Requires settings change or database migration

• deletion: dupe-cascade refactor and fixes @valentijnscholten (#4283)
• don't delete all duplicates when deleting an original, fix product grade on deletion. @valentijnscholten (#4142)
• import history improvements @valentijnscholten (#4209)
• jira: improve UI around inheritance for engagement JIRA config @valentijnscholten (#4207)
• Allow grouping of Findings (and push to JIRA) @valentijnscholten (#4017)

🚀 New importers

• Add Microsoft CredScan parser @Maffooch (#4299)
• Add parser for CycloneDX @damiencarol (#4029)

🚀 General features and enhancements

• dependency check improvements @valentijnscholten (#4312)
• [Nikto parser] Fix severity and add more unit tests @damiencarol (#4357)
• [Generic parser] Add more unit tests @damiencarol (#4354)
• [Acunetix parser] Remove lxml, implements endpoints/date/CVSS vectors and requests @damiencarol (#4308)
• Authorization V2: Integrationtests for management of product members and product type members @StefanFl (#4333)
• SpotBugs: Use hash_code for deduplication and minor enhancements @StefanFl (#4323)
• view_finding: show hash_code in title of ID field @valentijnscholten (#4305)
• filters: file_path partial matching instead of exact match @valentijnscholten (#4311)
• OpenVAS parser: add port and protocol implementation @damiencarol (#4137)
• [Semgrep parser] fix internal de-duplication @damiencarol (#4258)
• Contrast parser: switch endpoint to unsaved_endpoints @damiencarol (#4183)
• [Nexpose parser] Fix error with Python 3.9 @damiencarol (#4296)
• Authorization V2: Feature-complete, ready for testing @StefanFl (#4290)
• Harmonize managing of users with the rest of the UI @StefanFl (#4247)
• Bandit parser: implement scanner confidence @damiencarol (#4239)
• Refactor numerical_severity in importer/reimporter @damiencarol (#4270)
• import-scan not preserving active and verified statuses from findings @michaelgibson (#4014)
• Integrate interactive and ci/cd engagements in one list @StefanFl (#4243)
• login banner: allow clickable urls @valentijnscholten (#4240)
• Engagement page performance @danielnaab (#4049)
• Product engagements page performance @danielnaab (#4124)
• Authorization V2: Findings and Endpoints @StefanFl (#4196)
• Show benchmark results in Product view only when benchmarks are enabled @StefanFl (#4218)
• import history improvements @valentijnscholten (#4209)
• Update Wapiti parser to support more recent versions @damiencarol (#4150)
• [anchore parser] add cvssv3_score when available @madchap (#4182)
• jira: improve UI around inheritance for engagement JIRA config @valentijnscholten (#4207)
• optimize dedupe command, fix product grade @valentijnscholten (#4199)
• Trustwave parser: switch endpoints to unsaved_endpoints @damiencarol (#4151)
• finding.save and dedupe streamlining @valentijnscholten (#4134)
• prod overview: fix perf regression @valentijnscholten (#4177)
• Publish the Helm chart tarball with each release (try 2) by @bgoareguer @valentijnscholten (#4171)
• Generic parser: fix endpoint management @damiencarol (#4169)
• finding groups: remove superfluous dropdown @valentijnscholten (#4208)
• Optimize (pdf) report in main menu and small fix for product type list @StefanFl (#4145)

🐛 Bug Fixes

• [ZAP parser] fixes missing attribute 'param' error @damiencarol (#4361)
• AuthV2: Change wording (admin set user perms) @kiblik (#4346)
• Bulk risk acceptance filter remove need for Verified status @madchap (#4355)
• [RetireJS parser] fix JSON parsing error @damiencarol (#4364)
• [Gitlab SAST parser] Fixes missing severity error @damiencarol (#4345)
• Duplicate scanner name fix #4275 @37b (#4365)
• Unaccept risk on finding edit only if already accepted @madchap (#4339)
• Rename role for API Importer @StefanFl (#4351)
• Re-import fix "Finding has not test" exception @Maffooch (#4349)
• Import History: fix Endpoint JSON Serialization issue @alles-klar (#4331)
• JIRA webhooks to properly handle JIRA resolution when set as 2nd step @madchap (#4332)
• deletion: dupe-cascade refactor and fixes @valentijnscholten (#4283)
• [Burp Entreprise parser] fixes HTML read issue #4287 @damiencarol (#4303)
• Fix datetime/date mismatch between CICD engagement and test @valentijnscholten (#4294)
• Set rabbitMQ memory high watermark @madchap (#4281)
• fix str for GitHub_Issue model @valentijnscholten (#4282)
• delete jira issues when product/engagement is deleted @valentijnscholten (#4291)
• [Snyk parser] Fix missing attribute errors @damiencarol (#4284)
• fix Nonetype when adding from template @valentijnscholten (#4273)
• Add line number to repository link @StefanFl (#4279)
• [PHPCS parser] fix invalid classname error @damiencarol (#4217)
• Nexpose parser - fix edge-case - port is defined but service is "" @kiblik (#4253)
• Qualys parser: fixes TypeError: init() got an unexpected keyword argument 'resolve_entities' @alles-klar (#4121)
• bulk edit: fix auth v2 regression @valentijnscholten (#4241)
• don't show fields on delete forms @valentijnscholten (#4219)
• jira: remove validate parameter on config change @valentijnscholten (#4229)
• Fixes safety parser unit test#4191 (#4192) @valentijnscholten (#4231)
• don't delete all duplicates when deleting an original, fix product grade on deletion. @valentijnscholten (#4142)
• optimize dedupe command, fix product grade @valentijnscholten (#4199)
• fix ORT parser error when importing oss-review-toolkit file @devsecopsale (#4189)
• fix api prefetch for test imports @valentijnscholten (#4204)
• Fixes safety parser unit test #4191 @damiencarol (#4192)
• Testssl parser: fix filtering and use unsaved_endpoints @damiencarol (#4156)
• Microfocus WebInspect parser: fix a bug in endpoint management @damiencarol (#4159)
• finding.save and dedupe streamlining @valentijnscholten (#4134)
• prod overview: fix perf regression @valentijnscholten (#4177)

📝 Documentation updates

• Documentation for authorization V2 @StefanFl (#4352)
• SecureCodeBox - update java wrapper doc @wurstbrot (#4268)
• Push godojo in the supported install in README @madchap (#4252)

🧰 Maintenance

• jira: fix silent epic error during unit tests @valentijnscholten (#4366)
• Bump google-auth from 1.29.0 to 1.30.0 @dependabot (#4368)
• Added media path @n0t4u (#4371)
• Bump pygithub from 1.54.1 to 1.55 @dependabot (#4356)
• Update rabbitmq:3.8.14 Docker digest from 3.8.14 to 3.8.14 (docker-compose.yml) @renovate (#4350)
• Add beta/unsupported warning for rules framework @madchap (#4337)
• Update manusa/actions-setup-minikube action from v2.3.1 to v2.4.0 (.github/workflows/k8s-testing.yml) @renovate (#4348)
• Bump easymde from 2.14.0 to 2.15.0 in /components @dependabot (#4343)
• Update actions/github-script action from v3 to v4 (.github/workflows/new-release-pr.yml) @renovate (#4334)
• Bump sqlalchemy from 1.4.10 to 1.4.11 @dependabot (#4335)
• Include suggested CredScan fixes from #4299 @Maffooch (#4325)
• Bump sqlalchemy from 1.4.9 to 1.4.10 @dependabot (#4326)
• Bump mysql-connector-python from 8.0.23 to 8.0.24 @dependabot (#4327)
• Delete unused entrypoint-celery.sh @valentijnscholten (#4324)
• Update mysql Docker tag from 5.7.33 to v5.7.34 (docker-compose.yml) @renovate (#4318)
• Bump django-extensions from 3.1.2 to 3.1.3 @dependabot (#4320)
• Bump sqlalchemy from 1.4.8 to 1.4.9 @dependabot (#4313)
• Bump nginx from 1.19.9-alpine to 1.19.10-alpine @dependabot (#4314)
• Helm chart linting - pick target branch @madchap (#4302)
• reimporter: make close_old_findings True by default everywhere @valentijnscholten (#4295)
• update npm audit parser description @valentijnscholten (#4286)
• Bump django-debug-toolbar from 3.2 to 3.2.1 @dependabot (#4300)
• Bump google-auth from 1.28.1 to 1.29.0 @dependabot (#4288)
• Bump sqlalchemy from 1.4.7 to 1.4.8 @dependabot (#4289)
• Bump django-debug-toolbar from 3.2 to 3.2.1 @dependabot (#4280)
• Update .gitignore @fabelx (#4278)
• Update stefanzweifel/git-auto-commit-action action from v4.9.2 to v4.10.0 (.github/workflows/plantuml.yml) @renovate (#4261)
• Bump humanize from 3.4.0 to 3.4.1 @dependabot (#4265)
• Bump json-log-formatter from 0.3.0 to 0.3.1 @dependabot (#4266)
• Bump humanize from 3.3.0 to 3.4.0 @dependabot (#4254)
• Bump sqlalchemy from 1.4.6 to 1.4.7 @dependabot (#4255)
• Harmonize import and reimport logic @valentijnscholten (#4246)
• Update styfle/cancel-workflow-action action from 0.8.0 to v0.9.0 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#4251)
• Update mysql:5.7.33 Docker digest from to 5.7.33 (docker-compose.yml) @renovate (#4250)
• reimport utils: move into its own folder @valentijnscholten (#4245)
• finding groups: clarify it's only available per test @valentijnscholten (#4244)
• move parser unit test to correct folder @valentijnscholten (#4230)
• Bump google-auth from 1.28.0 to 1.28.1 @dependabot (#4238)
• Bump django from 2.2.18 to 2.2.20 @dependabot (#4236)
• Update rabbitmq:3.8.14 Docker digest from to 3.8.14 (docker-compose.yml) @renovate (#4224)
• Bump sqlalchemy from 1.4.5 to 1.4.6 @dependabot (#4215)
• Bump pdfmake from 0.1.70 to 0.1.71 in /components @dependabot (#4214)
• Bump django-extensions from 3.1.1 to 3.1.2 @dependabot (#4213)
• Update mysql:5.7.33 Docker digest from to 5.7.33 (docker-compose.yml) @renovate (#4210)
• Update rabbitmq:3.8.14 Docker digest from to 3.8.14 (docker-compose.yml) @renovate (#4211)
• Bump sqlalchemy from 1.4.4 to 1.4.5 @dependabot (#4205)
• Bump nginx from 1.19.8-alpine to 1.19.9-alpine @dependabot (#4206)
• Bump pillow from 8.1.2 to 8.2.0 @dependabot (#4194)
• Bump sqlalchemy from 1.4.3 to 1.4.4 @dependabot (#4178)
• Bump djangorestframework from 3.12.3 to 3.12.4 @dependabot (#4152)
• Bump gunicorn from 20.0.4 to 20.1.0 @dependabot (#4153)
• Bump nginx from e20c21e to ef3c79a @dependabot (#4154)