DefectDojo/django-DefectDojo 1.7.0

1.7.0 🌈

on GitHub

🚀 New scanners

• github vulnerability parser added @tahir59 (#2386)
• Twistlock CSV Parser Feature @bvcelari (#2626)
• Feature/add tool huskyci @edersonbrilhante (#2612)
• Feature/add tool ccvs @edersonbrilhante (#2611)
• Eslint plugin (against dev) @omerlh (#2558)

🚀 Features and enhancements

• Partial endpoint remediation @cody-m-tibco (#2632)
• Switch Nginx image to Alpine @alles-klar (#2645)
• JIRA/GitHub: Use templates to allow customizing issue description / body @valentijnscholten (#2643)
• JIRA/github improvements and fixes July 2020 @valentijnscholten (#2630)
• Add Technology (App Analysis) management via UI and APIv2 @Maffooch (#2639)
• authorized users: optionally allow edit/delete of findings @valentijnscholten (#2615)
• Search by CVE and index extra fields @valentijnscholten (#2616)
• Add risk acceptance flag and simple bulk risk acceptance @valentijnscholten (#2390)
• Add SAML2 support @cody-m-tibco (#2603)
• API V2: add the possibility to filter by "is_Mitigated" status @ptrovatelli (#2602)
• Slack enhancements @madchap (#2486)
• Notes improvements (UI and Jira integration) @steeve85 (#2581)
• Update to Gitleak deduplication algorithm @steeve85 (#2699)

🐛 Bug Fixes

• Default jira severity to Low instead of None @madchap (#2667)
• jira: only set duedate when field is available in jira @valentijnscholten (#2650)
• jira hotfix when no usercontactinfo for reporter @valentijnscholten (#2648)
• JIRA/github improvements and fixes July 2020 @valentijnscholten (#2630)
• jira issue and endpoints prefetching fixes @valentijnscholten (#2625)
• Exception preventing in (re)import-scan @cody-m-tibco (#2606)
• Add description to test add and edit @madchap (#2560)
• Added pwgen for all platforms. @NotBryan (#2578)
• Bugfix for burp test upload @JamesCullum (#2576)
• Jira fixes for #2521 #2577 @Apipia (#2579)
• kubernetes: add missing affinity @ptrovatelli (#2310)
• Fix 500 rendering error for duplicate without original_finding @Apipia (#2509)
• Fix push close and re-open from DDJ to JIRA @kareem-DA (#2605)
• Fix swagger finding @edersonbrilhante (#2656)

🧰 Maintenance

• Bump google-auth from 1.19.1 to 1.19.2 @dependabot-preview (#2691)
• Bump easymde from 2.10.1 to 2.11.0 in /components @dependabot-preview (#2688)
• Bump google-auth from 1.19.0 to 1.19.1 @dependabot-preview (#2685)
• Bump google-api-python-client from 1.9.3 to 1.10.0 @dependabot-preview (#2684)
• Add obvious way to delete metadata in UI @Maffooch (#2674)
• Bump django-extensions from 3.0.2 to 3.0.3 @dependabot-preview (#2678)
• Bump google-auth from 1.18.0 to 1.19.0 @dependabot-preview (#2675)
• Bump mysql-connector-python from 8.0.20 to 8.0.21 @dependabot-preview (#2672)
• Bump lxml from 4.5.1 to 4.5.2 @dependabot-preview (#2666)
• Bump nginx from 1.19.0-alpine to 1.19.1-alpine @dependabot-preview (#2673)
• Bump django-crispy-forms from 1.9.1 to 1.9.2 @dependabot-preview (#2670)
• bug report template: better git cmd @valentijnscholten (#2659)
• Bump mysqlclient from 2.0.0 to 2.0.1 @dependabot-preview (#2640)
• Bump python from 3.6.10-slim-buster to 3.6.11-slim-buster @dependabot-preview (#2646)
• Bump coverage from 5.1 to 5.2 @dependabot-preview (#2653)
• added steps for changing the password @krbalag (#2652)
• JIRA/github improvements and fixes July 2020 @valentijnscholten (#2630)
• Bump humanize from 2.4.1 to 2.5.0 @dependabot-preview (#2644)
• Bump mysqlclient from 1.4.6 to 2.0.0 @dependabot-preview (#2637)
• Bump django-extensions from 3.0.1 to 3.0.2 @dependabot-preview (#2634)
• Bump django-extensions from 2.2.9 to 3.0.1 @dependabot-preview (#2621)
• Bump django from 2.2.13 to 2.2.14 @dependabot-preview (#2627)
• Bump pillow from 7.1.2 to 7.2.0 @dependabot-preview (#2624)
• Bump humanize from 2.4.0 to 2.4.1 @dependabot-preview (#2614)
• remove BREAK in html @madchap (#2613)
• Bump celery from 4.4.5 to 4.4.6 @dependabot-preview (#2608)
• Bump social-auth-app-django from 3.4.0 to 4.0.0 @dependabot-preview (#2593)
• integration tests: grep celery work logs for ERRORs @valentijnscholten (#2574)
• Bump moment from 2.26.0 to 2.27.0 in /components @dependabot-preview (#2585)
• Bump google-auth from 1.17.2 to 1.18.0 @dependabot-preview (#2582)
• travis: merge docker step with integration tests step @valentijnscholten (#2580)
• run some Integration tests with block execution = true @valentijnscholten (#2377)
• merge release/1.6.5 into dev @valentijnscholten (#2568)
• Bump uwsgi from 2.0.19 to 2.0.19.1 @dependabot-preview (#2571)
• fix: rename HuskyCi to HuskyCI Report in test_type @edersonbrilhante (#2633)

🚩 Requires settings change

• authorized users: optionally allow edit/delete of findings @valentijnscholten (#2615)
• Add SAML2 support @cody-m-tibco (#2603)

🚩 Security

• kubernetes security fixes: @ptrovatelli (#2214)

🚩 Documentation

• doc: add docker-compose build @wurstbrot (#2595)
• In-page doc for twistlock now accepting CSV as input @madchap (#2676)