Changes
🚀 New scanners
- Adding a parser for Gitleaks scanner @steeve85 (#2149)
- Adding a parser from Harbor vulnerability API @natebwangsut (#2134)
- Adding SimilarityID and PathID concatenation as unique_id_from_tool for Checkmarx Parser @dshraddha23 (#1941)
- Add a parser for policy checks created by Anchore enterprise @ccojocar (#2016)
- Add parser for Crashtest Security JSON file @Phylu (#1996)
- [BurpE] Add multiple request/response tabs @Maffooch (#1997)
🚀 Features and enhancements
- Improve Google Sheets Sync feature @piyarathnalakmali (#1831)
- Feature/jira overhaul (Push All Issues) @Apipia (#2140)
- travis: reorder tests to prioritize important tests @valentijnscholten (#2189)
- Dockerfile for integration tests @alles-klar (#2114)
- Add TLS for Nginx Helm Chart @alles-klar (#2115)
- Cicd improvements: reupload mitigation, overdue @valentijnscholten (#1929)
- Add github integration @mestrade (#2116)
- Brakeman parser improvement @steeve85 (#2175)
- integration tests fixes and improvements @valentijnscholten (#2160)
- [apiv2] Add capability to query by finding_id on the jira_finding_mapping endpoint @madchap (#2138)
- Move similar finding below actual finding main info @madchap (#2131)
- Integration test: Assert absence of javascript errors @valentijnscholten (#2047)
- Prefetch tags and more to remove 1+N queries problem @valentijnscholten (#2012)
- Add bulk risk acceptance API @jvz (#1904)
- Add component name and version for JFrog scans @jvz (#1979)
- apiv2: add test.id in result of importscan @valentijnscholten (#2094)
- performance: cache system_settings in views @valentijnscholten (#1953)
- add url and product name to jira alert message @valentijnscholten (#2061)
- add system setting to enable/disable audit logging @valentijnscholten (#2068)
- Implement Auth0 OAuth2 authentication @xens (#2079)
- add watson middleware for more efficient search index updates @valentijnscholten (#2066)
- performance gains by prefetching in more places @valentijnscholten (#1955)
- Add parser for Crashtest Security JSON file @Phylu (#1996)
- Keyboard shortcuts to navigate to previous and next finding @madchap (#1990)
🐛 Bug Fixes
- fix copy-paste to prevent GH config to show on product edit @madchap (#2203)
- Travis reorder: remove finish_fast that is breaking builds @valentijnscholten (#2200)
- Acunetix parser fix @steeve85 (#2185)
- Hadolint parser fix @steeve85 (#2186)
- integration tests fixes and improvements @valentijnscholten (#2160)
- Fix test notes not appearing in report + cosmetic improvement @Apipia (#2157)
- system settings test: fix copy-paste error @valentijnscholten (#2158)
- unittests: check for existence of system_settings db record @valentijnscholten (#2105)
- Allow staff users to delete notes @madchap (#2127)
- honor note_type property on POST /findings/{id}/notes/ @madchap (#2120)
- fix dashboard graph - show values @alles-klar (#2112)
- Social-auth: Fix call-back URLs @xens (#2124)
- Fix middlewares @Nilix007 (#1863)
- product list: add missing quotes around asc for table sorter @valentijnscholten (#2095)
- DSOP parser missing fields @madchap (#2104)
- kubernetes: fix node selectors; add limits @ptrovatelli (#1881)
- Fix kubernetes helm upgrade @ptrovatelli (#1924)
- fix migrations after #2009 @valentijnscholten (#2100)
- Fix duplication issue @MarianG (#2009)
- Fix for issue #1993 @piyarathnalakmali (#2097)
- docker initializer: do not give a new non-working passwd if admin present in DB @madchap (#2084)
- fix #2050 broken javascript datatable product list @valentijnscholten (#2051)
- quickfix #1995 bulk edit in view_test @valentijnscholten (#2034)
- Fix whitesource parser @MarianG (#2011)
- fix login buttons by adding explicit CLASSIC_AUTH_ENABLED option @valentijnscholten (#2090)
- fix various DSOP parser issues @madchap (#2054)
- add version to filter fields @madchap (#1879)
- Anchore parser fix to consider package_path @madchap (#2086)
- Adding SimilarityID and PathID concatenation as unique_id_from_tool for Checkmarx Parser @dshraddha23 (#1941)
- fix some queries so that open include active verified and not verified @madchap (#2026)
- only show donut if donut (language) data is available, fixes #2005 @valentijnscholten (#2039)
- fix superfluous sla column in datatable config (fixes #2041) @valentijnscholten (#2042)
- only show dupes dropdown if there are dupes, fixes #2006 @valentijnscholten (#2046)
- npm audit parser: limit vulnerable paths to max 25 @valentijnscholten (#2060)
- From string to boolean - fix login page buttons not showing #2075 @madchap (#2077)
- add required middleware to set actor_id in auditlog entries @valentijnscholten (#2067)
- fix removed system settings processor @valentijnscholten (#2080)
- fix #2048 handle None value for CWE in apply finding template @valentijnscholten (#2049)
- [BurpE] Add multiple request/response tabs @Maffooch (#1997)
🧰 Maintenance
- Minor DOCKER.md fix for ptvsd @madchap (#2177)
- Bump google-auth from 1.13.1 to 1.14.0 @dependabot-preview (#2199)
- travis: reorder tests to prioritize important tests @valentijnscholten (#2189)
- add doc about wrappers and branching model @ptrovatelli (#2003)
- Bump coverage from 5.0.4 to 5.1 @dependabot-preview (#2184)
- Bump cryptography from 2.8 to 2.9 @dependabot-preview (#2142)
- Bump pillow from 7.1.0 to 7.1.1 @dependabot-preview (#2141)
- Bump psycopg2-binary from 2.8.4 to 2.8.5 @dependabot-preview (#2154)
- Bump nginx from
3936fb3to7ac7819@dependabot-preview (#2155) - Bump humanize from 2.2.0 to 2.3.0 @dependabot-preview (#2156)
- Bump django-watson from 1.5.3 to 1.5.5 @dependabot-preview (#2126)
- Bump django from 2.2.11 to 2.2.12 @dependabot-preview (#2133)
- Bump pillow from 7.0.0 to 7.1.0 @dependabot-preview (#2136)
- Bump google-auth from 1.12.0 to 1.13.1 @dependabot-preview (#2139)
- Bump google-auth from 1.11.3 to 1.12.0 @dependabot-preview (#2111)
- Pinned yarn package manager to stable version @arkwrn (#1956)
- Find and correct duplicate loops @MarianG (#2010)
- remove unused view_product_details @valentijnscholten (#2063)
- Bump humanize from 2.1.0 to 2.2.0 @dependabot-preview (#2102)
- integration-tests: add wait/retry when checking for duplicates @valentijnscholten (#2101)
- Fix duplication issue @MarianG (#2009)
- Bump metismenu from 3.0.5 to 3.0.6 in /components @dependabot-preview (#2098)
- Bump humanize from 2.0.0 to 2.1.0 @dependabot-preview (#2091)
- simplify and speedup integration tests @valentijnscholten (#2015)
- remove unused docker/nginx.conf @valentijnscholten (#2055)
- Bump celery from 4.4.1 to 4.4.2 @dependabot-preview (#2076)
- Bump coverage from 5.0.2 to 5.0.4 @dependabot-preview (#2073)
- Bump google-auth from 1.11.2 to 1.11.3 @dependabot-preview (#2057)
- Bump google-api-python-client from 1.7.12 to 1.8.0 @dependabot-preview (#2058)
- Update CONTRIBUTING.md after migration to python3. @valentijnscholten (#2031)
- Bump google-api-python-client from 1.7.11 to 1.7.12 @dependabot-preview (#2043)
- Bump humanize from 0.5.1 to 2.0.0 @dependabot-preview (#1986)
- Bump bootswatch from 3.3.7 to 3.4.1 in /components @dependabot-preview (#2027)
- remove dependency pygments @alles-klar (#2017)
- Javascript dependency refactor @valentijnscholten (#2002)
- Bump nginx from 1.17.7 to 1.17.9 @dependabot-preview (#2008)
- Bump django-tagging from 0.4.6 to 0.5.0 @dependabot-preview (#1994)
- Bump urllib3 from 1.25.8 to 1.25.9 @dependabot-preview (#2206)
🚩 Requires settings change
- Fix middlewares @Nilix007 (#1863)
- Prefetch tags and more to remove 1+N queries problem @valentijnscholten (#2012)
- fix login buttons by adding explicit CLASSIC_AUTH_ENABLED option @valentijnscholten (#2090)
- From string to boolean - fix login page buttons not showing #2075 @madchap (#2077)
- add system setting to enable/disable audit logging @valentijnscholten (#2068)
- Implement Auth0 OAuth2 authentication @xens (#2079)
- add watson middleware for more efficient search index updates @valentijnscholten (#2066)
- add required middleware to set actor_id in auditlog entries @valentijnscholten (#2067)
- Javascript dependency refactor @valentijnscholten (#2002)
- performance gains by prefetching in more places @valentijnscholten (#1955)