DefectDojo/django-DefectDojo 1.9.0

1.9.0 🌈

on GitHub

Note: Please see our upgrade notes for additional details

🚀 New scanners

• Import JSON reports of SSLyze scanner @StefanFl (#3015)

🚀 Features and enhancements

• Add DD_LOGGING_FORMAT variable, celery logger section @madchap (#3072)
• Add annotations for pods @madchap (#3012)
• Add json logging to Django @madchap (#3062)
• Modify uwsgi entrypoint to allow for overriding settings.py @mtesauro (#3045)
• Add configurable SAML2 logout endpoint @Maffooch (#3046)
• Add filter to product metrics @Maffooch (#2974)
• Add SSL verification variable to JIRA integration @Maffooch (#3016)
• swagger ui: use sessions, more compact UI @valentijnscholten (#3025)
• dedupe / false positive history: make queries more performant @valentijnscholten (#3028)
• Add authorized users at the product type level @Maffooch (#3007)
• Allow specifying the key for the database secrets @uncycler (#2906)
• Add delete methods for products and environments in api v2 @RomainJufer (#3014)
• Add Component overview @ricardomeulendijks (#2977)
• ZAP parser: do not resolve hostname to IP address during endpoint creation (#2284) @AlexanderTyutin (#2286)
• Remove HipChat integration, add support for Microsoft Teams instead @StefanFl (#2975)
• Fixes and add missing index for simple search @valentijnscholten (#2955)
• Add related fields on findings @xens (#2949)

🐛 Bug Fixes

• Add 'options' to JIRA connections @Maffooch (#3106)
• Test header bar - findings count fix @madchap (#3074)
• apiv2: add doc for finding's related_fields + stick to OAv3 @xens (#3066)
• Add DD_LOGGING_FORMAT variable, celery logger section @madchap (#3072)
• Add verbose importing flow to Fortify scans @Maffooch (#3055)
• Fix nginx port in docker-compose.override.https.yml @rookies (#3059)
• Fix burp request/response encoding errors in API @Maffooch (#3044)
• Set finding is_Mitigated on finding update @madchap (#3032)
• view_test: fix javascript for bulk edit enablement @valentijnscholten (#3035)
• sonatype parser: truncate filepath @valentijnscholten (#3036)
• Fix nginx port definition in docker-compose.yml @rookies (#3041)
• fix jira column on similar findings rows @valentijnscholten (#3030)
• Fix APIv1 Endpoint_Status bug @rookies (#3020)
• Make Product Type reports more descriptive @cody-m-tibco (#2783)
• add engagement: fix permission checks @valentijnscholten (#3005)
• apiv2: add misssing fields for filtering and remove UI related stuff @xens (#3000)
• Bugfix: Authorized User only gets findings through API of which he is the reporter of #2992 @Yuuichi89 (#2998)
• Bugfix typo in docker integration tests @alles-klar (#2995)
• Fix APIv2 Endpoint Status bug @Maffooch (#2983)
• Don't copy inexistent certs folder in Dockerfile.django @uncycler (#2946)
• Fixes and add missing index for simple search @valentijnscholten (#2955)
• jira: fix looping when pushing from api @valentijnscholten (#2951)
• HackerOne: Added unique_id_from_tool to fix deduplication @reinier-vegter (#2935)
• fix: prevent saving empty cve @edersonbrilhante (#2669)

🧰 Maintenance

• v0.1 of GHA release automation @madchap (#3094)
• apiv1 deprecation: show warning on docs and api key pages @valentijnscholten (#3089)
• build(deps): bump markdown from 3.3.2 to 3.3.3 @dependabot-preview (#3095)
• build(deps): bump cryptography from 3.1.1 to 3.2 @dependabot-preview (#3096)
• Update stefanzweifel/git-auto-commit-action action from v4.7.1 to v4.7.2 (.github/workflows/plantuml.yml) @renovate (#3086)
• build(deps): bump pillow from 8.0.0 to 8.0.1 @dependabot-preview (#3076)
• build(deps): bump drf-yasg2 from 1.19.2 to 1.19.3 @dependabot-preview (#3077)
• build(deps): bump google-api-python-client from 1.12.3 to 1.12.5 @dependabot-preview (#3075)
• master->dev: github action workflow config sync @valentijnscholten (#3078)
• integration tests: fix mark finding for review errors @valentijnscholten (#3073)
• Add endpoint_status creation script @Maffooch (#3068)
• build(deps): bump humanize from 3.0.1 to 3.1.0 @dependabot-preview (#3049)
• upgrade to drf_yasg2 which is needed for django rest framework 3.12 and higher @valentijnscholten (#3052)
• Update mysql Docker tag from 5.7.31 to v5.7.32 (docker-compose.yml) @renovate (#3070)
• Update stefanzweifel/git-auto-commit-action action from v4.6.0 to v4.7.1 (.github/workflows/plantuml.yml) @renovate (#3071)
• master->dev sync: modifications to workflow files @valentijnscholten (#3067)
• GitHub Actions: Add unit tests workflow @valentijnscholten (#3063)
• chore(deps): update stefanzweifel/git-auto-commit-action action from v4.1.2 to v4.6.0 (.github/workflows/plantuml.yml) @renovate (#3050)
• chore(deps): update actions/checkout action from v1 to v2 (.github/workflows/plantuml.yml) @renovate (#3051)
• Remove that comment to make my sed life easier @madchap (#3048)
• build(deps): bump markdown from 3.3.1 to 3.3.2 @dependabot-preview (#3047)
• build(deps): bump urllib3 from 1.25.10 to 1.25.11 @dependabot-preview (#3040)
• build(deps): bump mysql-connector-python from 8.0.21 to 8.0.22 @dependabot-preview (#3039)
• build(deps): bump lxml from 4.5.2 to 4.6.1 @dependabot-preview (#3037)
• title: suppress superfluous log lines @valentijnscholten (#3031)
• Revert "Move helm deps to Chart.yaml (#3013)" @madchap (#3022)
• build(deps): bump pillow from 7.2.0 to 8.0.0 @dependabot-preview (#3010)
• linting @valentijnscholten (#3024)
• chore(deps): update mysql:5.7.31 docker digest to 3830eda (docker-compose.yml) @renovate (#3006)
• Add required fields in package.json @alles-klar (#3008)
• Move helm deps to Chart.yaml @madchap (#3013)
• build(deps): bump markdown from 3.3 to 3.3.1 @dependabot-preview (#2996)
• more tests for import and deduplication @valentijnscholten (#2959)
• Removing deprecated keys @dsever (#2994)
• build(deps): bump nginx from 1.19.2-alpine to 1.19.3-alpine @dependabot-preview (#2988)
• build(deps): bump datatables.net-buttons-bs from 1.6.4 to 1.6.5 in /components @dependabot-preview (#2981)
• build(deps): bump datatables.net-buttons-dt from 1.6.4 to 1.6.5 in /components @dependabot-preview (#2982)
• build(deps): bump django-slack from 5.15.2 to 5.15.3 @dependabot-preview (#2986)
• chore(deps): update helm chart rabbitmq from 6.16.0 to v6.18.2 (helm/defectdojo/requirements.yaml) @renovate (#2967)
• build(deps): bump packageurl-python from 0.9.2 to 0.9.3 @dependabot-preview (#2971)
• build(deps): bump markdown from 3.2.2 to 3.3 @dependabot-preview (#2970)
• build(deps): bump easymde from 2.12.0 to 2.12.1 in /components @dependabot-preview (#2972)
• build(deps): bump moment from 2.29.0 to 2.29.1 in /components @dependabot-preview (#2973)
• chore(deps): update helm chart redis from 10.3.1 to v10.5.7 (helm/defectdojo/requirements.yaml) @renovate (#2968)
• chore(deps): update helm chart postgresql from 8.1.2 to v8.6.4 (helm/defectdojo/requirements.yaml) @renovate (#2966)
• chore(deps): update helm chart mysql from 1.6.2 to v1.6.7 (helm/defectdojo/requirements.yaml) @renovate (#2965)
• Veracode: use unique_id_from_tool (fixed deduplication issues) @reinier-vegter (#2909)
• build(deps): bump google-auth from 1.22.0 to 1.22.1 @dependabot-preview (#2964)
• Move onetime command code to respective files @valentijnscholten (#2960)
• Remove heroku demo from README @madchap (#2963)
• build(deps): bump humanize from 2.6.0 to 3.0.1 @dependabot-preview (#2957)
• build(deps): bump google-api-python-client from 1.12.2 to 1.12.3 @dependabot-preview (#2933)
• chore(deps): update rabbitmq docker tag from 3.7.26 to v3.8.9 (docker-compose.yml) @renovate (#2941)
• Start celery without uid @uncycler (#2923)
• chore(deps): update mysql docker tag from 5.7.29 to v5.7.31 (docker-compose.yml) @renovate (#2940)
• sync renovate config from master @valentijnscholten (#2956)
• build(deps): bump easymde from 2.11.0 to 2.12.0 in /components @dependabot-preview (#2934)
• Merge renovate config from master into dev @valentijnscholten (#2942)
• Configure Renovate dev @renovate (#2936)
• Merge back 1.8.0 from master into dev @valentijnscholten (#2932)
• Release PR - release/1.9.0 @github-actions (#3107)
• sync dev from master after renovate config update @valentijnscholten (#2953)
• Configure Renovate @renovate (#2941

🚩 Requires settings change

• Add DD_LOGGING_FORMAT variable, celery logger section @madchap (#3072)
• Add json logging to Django @madchap (#3062)
• Add configurable SAML2 logout endpoint @Maffooch (#3046)
• Add SSL verification variable to JIRA integration @Maffooch (#3016)
• swagger ui: use sessions, more compact UI @valentijnscholten (#3025)
• Fixes and add missing index for simple search @valentijnscholten (#2955)

📖 Documentation

• finding: document all the fields in the model @xens (#2961)
• search: restore missing index fields @valentijnscholten (#2980)
• doc: add credentials tips into quick-start @xens (#2969)
• Adding short API block in README @madchap (#2962)