DefectDojo/django-DefectDojo 2.0.0

2.0.0 🌈

on GitHub

Breaking changes

We did some cleanups and removals of deprecated features hence the 2.0.0 major version bump.

Please read the upgrade notes!

Changes since 1.15.0

• Release: Merge release into master from: release/2.0.0 @github-actions (#4735)
• merge master into dev before 2.0.0 @valentijnscholten (#4734)
• Add csharp api client library to docs @JorisVanEijden (#4626)
• APIv2: Endpoint methods - fix @kiblik (#4721)
• Clean-up static-dir @kiblik (#4717)
• APIv2: Add missing methods + tests @kiblik (#4637)
• fix group member rename in tests @valentijnscholten (#4704)
• Rebase conflicting migrations @valentijnscholten (#4686)
• Fix copy&paste error @JorisVanEijden (#4627)
• Release: Merge back 1.15.1 into dev from: master-into-dev/1.15.1-2.0.0-dev @github-actions (#4617)
• Release: Merge release into master from: release/1.15.1 @github-actions (#4611)
• Revert "Bump urllib3 from 1.26.4 to 1.26.5" @valentijnscholten (#4595)
• parser guide: show most recent merged PRs first @valentijnscholten (#4550)
• Fix warning in Outpost24 parser @damiencarol (#4509)
• Endpoint: fix migration steps @kiblik (#4574)
• Endpoints - add .clean() to unit tests + doc @kiblik (#4569)
• Authorization V2: Improved error code and message @StefanFl (#4572)
• Authorization V2: API and queries for groups @StefanFl (#4530)
• NessusXMLParser: Remove endpoint duplicity + fix protocol parser and url in fqdn field @kiblik (#4568)
• Authorization V2: Performance optimization @StefanFl (#4563)
• Fixes for 2 bugs for users @StefanFl (#4549)
• parser guide: add info about dedupe algorithm @valentijnscholten (#4537)
• Fix typo in tooltip @sparticvs (#4518)
• upgrade django 3.1.8 -> 3.1.11 @ansidorov (#4542)
• Fix small UI typo in inherited Jira config @macedogm (#4522)
• Authorization V2: Groups of users @StefanFl (#4503)
• Fix docs example to run unittests @ansidorov (#4495)
• master to dev: Remove actuall ct install (#4476) @valentijnscholten (#4478)
• Authorization V2: Fixes for role name in API and permissions for role API_Importer @StefanFl (#4472)
• merge master into dev with dependabot and chart linting @valentijnscholten (#4461)
• Remove engagement type part4 @valentijnscholten (#4433)
• Remove engagement type part 3 @valentijnscholten (#4430)
• Remove engagement type part 2 @valentijnscholten (#4429)
• v2.0.0: Add initial docs @valentijnscholten (#4416)
• merge master into dev May 2nd 2021 @valentijnscholten (#4425)
• Documentation: Put django-DefectDojo back in the URL @StefanFl (#4411)
• GitHub pages action changed after local tests @StefanFl (#4407)
• Make hashcode recomputation visible in release notes @madchap (#4396)
• Use hugo template for github actions @StefanFl (#4400)
• Revert "Recognize .nessus file names" @madchap (#4401)
• backport to dev: k8s gha: Fix logging check application step (#4381) @valentijnscholten (#4382)
• Release: Merge back 1.15.0 into dev from: master-into-dev/1.15.0-2.0.0-dev @github-actions (#4375)

💣 Breaking changes

• feat: replace django-saml2-auth with djangosaml2 @alles-klar (#4117)
• Add full support for using ports and userinfo in endpoints v2 @kiblik (#4473)
• REMOVED: setup.bash install method @valentijnscholten (#4417)
• REMOVED: API v1 @valentijnscholten (#4413)
• RENAMED: Finding.is_Mitigated to is_mitigated @valentijnscholten (#3854)

🚩 Requires settings changes, database migration, hash code recomputation

• feat: replace django-saml2-auth with djangosaml2 @alles-klar (#4117)
• [Endpoints] Change size of protocol + [Nexpose] consolidation of protocols @kiblik (#4696)
• Authorization V2: Management command to migrate users and set Auth V2 as the default @StefanFl (#4502)
• Authorization V2: Add roles to the users of a group @StefanFl (#4672)
• Allow null-able CharFields to be blank @kiblik (#4656)
• Add full support for using ports and userinfo in endpoints v2 @kiblik (#4473)
• Remove report_created notification @StefanFl (#4544)
• Checkboxes to disable checklists, questionnaires and credentials @StefanFl (#4475)
• Authorization V2: Switch to Dojo_User @StefanFl (#4501)
• REMOVED: PDF reports @StefanFl (#4418)
• Anchore parser, use vuln_id_from_tool instead of unique_id_from_tool @madchap (#4395)
• REMOVE: Engagement_Type model @valentijnscholten (#4421)
• Grype - Align name and change default dedupe algo @madchap (#4264)
• REMOVED: Old Unused Product contact fields @valentijnscholten (#4414)
• REMOVED: S0/1/2/3/4/5 severity display option @valentijnscholten (#4415)
• remove old django-tagging references @valentijnscholten (#4419)
• RENAMED: Finding.is_Mitigated to is_mitigated @valentijnscholten (#3854)
• npm audit scan: make dedupe work with hashes in paths @valentijnscholten (#4307)

🚩 Security

• Don't show Dojo_User in admin site @valentijnscholten (#4536)

🚀 New importers

• feat: added GitLab container scanning report parser @natebwangsut (#4594)
• Trustwave Fusion API Parser @SupaJuke (#4690)
• Adding importer for Jfrog Xray Unified @LithiumBloom (#4551)
• GitLab DAST Parser @SupaJuke (#4691)
• add new parser - Nuclei @ansidorov (#4534)
• feat: AuditJS parser added @SoaAlex (#4681)
• [WhiteHat Sentinel DAST parser] new parser @37b (#4367)
• Added Meterian Scanner @n-insaidoo (#4634)
• add new parser - TFSec @ansidorov (#4525)
• Added Nessus WAS Scanner @blakeaowens (#4548)
• add new parser - terrascan @ansidorov (#4528)
• add new parser - cargo audit @ansidorov (#4531)
• [Generic parser] add JSON format @damiencarol (#4484)
• add new parser - Detect-secrets @ansidorov (#4527)
• Add new parser - KICS @ansidorov (#4493)
• Add new parser - Dockle @ansidorov (#4490)
• Add Intsights Parser @37b (#4298)
• new parser for Coverity API @damiencarol (#4393)

🚀 General features and enhancements

• [Checkov parser] support multiples check_type in reports @adiffpirate (#4705)
• Updated Netsparker Parser @kiliczsh (#4711)
• Authorization V2: One bugfix and some optimizations @StefanFl (#4714)
• api: prefetch more for findings @valentijnscholten (#4703)
• Add Management Command To Easily Display Settings @Maffooch (#4706)
• [Endpoints] Change size of protocol + [Nexpose] consolidation of protocols @kiblik (#4696)
• Add de-duplication configuration for ScoutSuite @damiencarol (#4668)
• Authorization V2: Frontend for Groups @Hijerboa (#4689)
• SARIF parser: Process CWE field for njsscan @kokhanevych-macpaw (#4678)
• AWS Security Hub parser add unique_id_from_tool and deduplication @nlandais (#4376)
• Fix generic parser import endpoint without protocol @EndPositive (#4643)
• SARIF parser: implement 'level' (severity) attribute @damiencarol (#4664)
• Allow null-able CharFields to be blank @kiblik (#4656)
• Ignore upper/lower-case for sorting Scan-types @kiblik (#4675)
• Added ability to set user password when adding a new user @blakeaowens (#4599)
• Minor improvements to SpotBugs and Dependency Check parsers @adiffpirate (#4249)
• OpenSCAP: Add endpoint with FQDN @kiblik (#4660)
• Fix API Swagger specs, add OpenAPI v3 @valentijnscholten (#4541)
• Authorization V2: Add multiple members at once @StefanFl (#4625)
• Authorization V2: Global roles @StefanFl (#4520)
• APIv2: Add Product Type filter to Engagement @Maffooch (#4624)
• Authorization V2: Model and database table for Roles @StefanFl (#4603)
• Add endpoints to generic parser for JSON format @damiencarol (#4571)
• APIv2: Add DELETE of Product_Type @kiblik (#4609)
• Endpoint: update host validation @kiblik (#4604)
• Set a configurable min_access_level for Gitlab projects import. Fix #4486 @christophe226 (#4559)
• Tags: allow filtering on NOT having tags, add API filters for transitive tags @valentijnscholten (#4423)
• OpenVAS: process Hostname (+fix empty protocol) @kiblik (#4570)
• Nexpose parser: Add "Host Up" + "Open port" and handling non-standard names of services @kiblik (#4564)
• Fix aqua deduplication algorithm @ansidorov (#4557)
• Add full support for using ports and userinfo in endpoints v2 @kiblik (#4473)
• Allow alternate service types without enabling gke #4388 @joesteffee (#4410)
• [Coverity API parser] add verified data and de-duplication algorythm (unique ID) @damiencarol (#4467)
• Fix gitleaks parser report with redacted feature enabled @ansidorov (#4494)
• Auto-redirect when only one Social Auth is defined @kiblik (#4516)
• Make SAML2 autocreation of users optional via DD_SAML2_CREATE_USER @kiblik (#4514)
• Checkboxes to disable checklists, questionnaires and credentials @StefanFl (#4475)
• Change of the compute severity for Aqua JSON parser @SPoint42 (#4465)
• Swap ptvsd for debugpy, ptvsd deprecated #4115 @yilmi (#4322)
• Finding groups: (Auto) Group By and more enhancements @valentijnscholten (#4353)
• [Mozilla parser] support Python CLI @damiencarol (#4451)
• [Risk Recon parser] Add unique_id and date @damiencarol (#4444)
• Authorization V2: Make unit_tests run without errors @StefanFl (#4447)
• Recognize .nessus file names by @pburkholder @madchap (#4402)
• Recognize .nessus file names @pburkholder (#4397)
• Anchore parser: add optional custom vulnerability description @ccojocar (#4383)
• Bump python to 3.8 @valentijnscholten (#4379)
• [Nexpose parser] add identification of L4 protocol tcp/udp for DNS service @kiblik (#4315)

🚀 API features and enhancements

• Fix API Swagger specs, add OpenAPI v3 @valentijnscholten (#4541)

🐛 Bug Fixes

• Engagement name @StefanFl (#4722)
• Authorization V2: One bugfix and some optimizations @StefanFl (#4714)
• Fix Burp Import Issues @adracea (#4716)
• fix create finding with existing jira ticket @valentijnscholten (#4702)
• show severity of similar finding correctly @valentijnscholten (#4698)
• fix missing one-to-one relationships from prefetch API specs @valentijnscholten (#4649)
• Bugfix for global roles @StefanFl (#4650)
• Stop deduplication across products @Maffooch (#4591)
• Deduplicate and simplify code for finding filters @valentijnscholten (#4496)
• Ingress pathtype fix @dsever (#4565)
• search: don't fail on endpoints without product @valentijnscholten (#4422)
• Fix edit finding view to unset duplicate status of a finding @madchap (#4446)
• Fix erroneous comparison causing dev env to also be single process @madchap (#4487)
• mark as duplicate/original: fix deduplication inside engagement check @valentijnscholten (#4469)
• re-enable generic/watson search results @valentijnscholten (#4424)
• [AWS Prowler parser] handle missing columns bug @damiencarol (#4452)
• Fix duplicate cluster original verbiage @madchap (#4445)
• Bugfix: Handle Exception in Endpoint metrics when no Endpoints visible @StefanFl (#4438)
• Fix exception when running dedupe management command @madchap (#4427)
• [Nmap parser] Fixes multiple identifiers bug @damiencarol (#4408)
• Anchore parser, use vuln_id_from_tool instead of unique_id_from_tool @madchap (#4395)
• Grype - Align name and change default dedupe algo @madchap (#4264)
• [Burp parser] Fixes binary payload bug and severity anomaly @damiencarol (#4405)
• [Qualys parser] fix parsing issues when cvss field contains a vector @alles-klar (#4373)

📝 Documentation updates

• Add Stefan as moderator in README.md @StefanFl (#4723)
• Update how-to-write-a-parser.md to include advice for CVSS data @damiencarol (#4685)
• fix: missing Yarn Audit support in documentation @SoaAlex (#4669)
• Update import.md to add Semgrep parser @damiencarol (#4573)
• Add more documentation for parser contributions @damiencarol (#4608)
• Add arrival as sponsors @ansidorov (#4558)
• Documentation Update @StefanFl (#4468)
• Change documentation theme to Docsy @StefanFl (#4392)

🧰 Maintenance

• chore(deps): update rabbitmq docker tag from 3.8.17 to v3.8.18 (docker-compose.yml) @renovate (#4728)
• Bump djangosaml2 from 1.2.2 to 1.3.2 @dependabot (#4725)
• Bump urllib3 from 1.26.5 to 1.26.6 @dependabot (#4724)
• Bump python-gitlab from 2.8.0 to 2.9.0 @dependabot (#4726)
• Bump nginx from 6d76a25 to cc8c413 @dependabot (#4727)
• Docker volume for /var/lib/rabbitmq @StefanFl (#4718)
• Authorization V2: One bugfix and some optimizations @StefanFl (#4714)
• Bump asteval from 0.9.24 to 0.9.25 @dependabot (#4708)
• Bump sqlalchemy from 1.4.18 to 1.4.19 @dependabot (#4709)
• Leverage template inheritance more effectively @Maffooch (#4638)
• Authorization V2 - API unit tests @StefanFl (#4687)
• Bump google-auth from 1.31.0 to 1.32.0 @dependabot (#4699)
• Bump asteval from 0.9.23 to 0.9.24 @dependabot (#4700)
• Bump nginx from 0f8595a to 6d76a25 @dependabot (#4695)
• Bump gitpython from 3.1.17 to 3.1.18 @dependabot (#4683)
• Bump psycopg2-binary from 2.8.6 to 2.9.1 @dependabot (#4674)
• Bump titlecase from 2.0.0 to 2.2.0 @dependabot (#4673)
• chore(deps): update rabbitmq:3.8.17 docker digest from 3.8.17 to 3.8.17 (docker-compose.yml) @renovate (#4679)
• chore(deps): update manusa/actions-setup-minikube action from v2.4.1 to v2.4.2 (.github/workflows/k8s-testing.yml) @renovate (#4662)
• Bump humanize from 3.8.0 to 3.9.0 @dependabot (#4665)
• Bump drf-spectacular from 0.17.1 to 0.17.2 @dependabot (#4666)
• chore(deps): update dependency postcss from 8.3.4 to v8.3.5 (docs/package.json) @renovate (#4670)
• Bump drf-spectacular from 0.16.0 to 0.17.1 @dependabot (#4651)
• Bump django-crispy-forms from 1.11.2 to 1.12.0 @dependabot (#4652)
• Bump humanize from 3.7.1 to 3.8.0 @dependabot (#4653)
• Bump justgage from 1.4.2 to 1.5.0 in /components @dependabot (#4654)
• chore(deps): update dependency postcss from 8.3.2 to v8.3.4 (docs/package.json) @renovate (#4655)
• Bump django from 2.2.22 to 2.2.24 @dependabot (#4642)
• chore(deps): update dependency postcss from 8.3.0 to v8.3.2 (docs/package.json) @renovate (#4639)
• Bump python-gitlab from 2.7.1 to 2.8.0 @dependabot (#4647)
• Bump sqlalchemy from 1.4.17 to 1.4.18 @dependabot (#4644)
• Bump google-auth from 1.30.2 to 1.31.0 @dependabot (#4645)
• Bump django from 2.2.21 to 2.2.22 @dependabot (#4636)
• chore(deps): update rabbitmq docker tag from 3.8.16 to v3.8.17 (docker-compose.yml) @renovate (#4630)
• Bump google-auth from 1.30.1 to 1.30.2 @dependabot (#4632)
• Bump python-jose from 3.2.0 to 3.3.0 @dependabot (#4620)
• Bump django-rest-swagger from 2.1.2 to 2.2.0 @dependabot (#4621)
• Bump humanize from 3.7.0 to 3.7.1 @dependabot (#4622)
• Bump datatables.net-buttons-dt from 1.7.0 to 1.7.1 in /components @dependabot (#4612)
• Bump datatables.net-dt from 1.10.24 to 1.10.25 in /components @dependabot (#4615)
• Bump datatables.net-buttons-bs from 1.7.0 to 1.7.1 in /components @dependabot (#4614)
• Bump datatables.net from 1.10.24 to 1.10.25 in /components @dependabot (#4613)
• Bump datatables.net-colreorder from 1.5.3 to 1.5.4 in /components @dependabot (#4616)
• Bump django from 2.2.20 to 2.2.21 @dependabot (#4610)
• Bump urllib3 from 1.26.4 to 1.26.5 @dependabot (#4596)
• Bump humanize from 3.6.0 to 3.7.0 @dependabot (#4600)
• Bump django from 3.1.11 to 3.1.12 @dependabot (#4601)
• Bump urllib3 from 1.26.4 to 1.26.5 @dependabot (#4590)
• Bump cvss from 2.2 to 2.3 @dependabot (#4593)
• Bump nginx from 1.19.10-alpine to 1.21.0-alpine @dependabot (#4581)
• Bump humanize from 3.5.0 to 3.6.0 @dependabot (#4579)
• Bump sqlalchemy from 1.4.15 to 1.4.17 @dependabot (#4580)
• Upgrade celery to 5.1.0 @Homopatrol (#4566)
• Fix celery to be used in integration tests @valentijnscholten (#4576)
• Bump python from 3.8.9-slim-buster to 3.8.10-slim-buster @dependabot (#4464)
• Deduplicate and simplify code for finding filters @valentijnscholten (#4496)
• Bump urllib3 from 1.26.4 to 1.26.5 @dependabot (#4561)
• chore(deps): update rabbitmq:3.8.16 docker digest from 3.8.16 to 3.8.16 (docker-compose.yml) @renovate (#4567)
• chore(deps): update helm/chart-testing-action action from v2.0.1 to v2.1.0 (.github/workflows/test-helm-chart.yml) @renovate (#4556)
• chore(deps): update dependency autoprefixer from 10.2.5 to v10.2.6 (docs/package.json) @renovate (#4560)
• Bump google-auth from 1.30.0 to 1.30.1 @dependabot (#4554)
• Bump django from 3.1.8 to 3.1.11 @dependabot (#4546)
• Remove report_created notification @StefanFl (#4544)
• remove obsolete django-rest-swagger dependency @valentijnscholten (#4515)
• chore(deps): update dependency postcss from 8.2.15 to v8.3.0 (docs/package.json) @renovate (#4538)
• chore(deps): update rabbitmq:3.8.16 docker digest from 3.8.16 to 3.8.16 (docker-compose.yml)... @renovate (#4533)
• Bump metismenu from 3.0.6 to 3.0.7 in /components @dependabot (#4519)
• chore(deps): update manusa/actions-setup-minikube action from v2.4.0 to v2.4.1 (.github/workflows/k8s-testing.yml) @renovate (#4512)
• Bump gitpython from 3.1.16 to 3.1.17 @dependabot (#4507)
• remove or comment out print statements @valentijnscholten (#4506)
• Bump jira from 2.0.0 to 3.0.1 @dependabot (#4497)
• Bump gitpython from 3.1.14 to 3.1.16 @dependabot (#4498)
• chore(deps): update mysql:5.7.34 docker digest from 5.7.34 to v5.7.34 (docker-compose.yml) @renovate (#4491)
• Bump debugpy from 1.2.1 to 1.3.0 @dependabot (#4483)
• Bump sqlalchemy from 1.4.14 to 1.4.15 @dependabot (#4482)
• chore(deps): update rabbitmq:3.8.16 docker digest from 3.8.16 to 3.8.16 (docker-compose.yml)ttttt @renovate (#4481)
• chore(deps): update dependency postcss from 8.2.14 to v8.2.15 (docs/package.json) @renovate (#4480)
• Swap ptvsd for debugpy, ptvsd deprecated #4115 @yilmi (#4322)
• Remove ct install step @madchap (#4476)
• Bump django from 3.1.7 to 3.1.8 @dependabot (#4463)
• chore(deps): update rabbitmq:3.8.16 docker digest from 3.8.16 to 3.8.16 (docker-compose.yml) @renovate (#4456)
• Bump sqlalchemy from 1.4.13 to 1.4.14 @dependabot (#4457)
• chore(deps): update dependency postcss from 8.2.13 to v8.2.14 (docs/package.json) @renovate (#4454)
• chore(deps): update rabbitmq docker tag from 3.8.15 to v3.8.16 (docker-compose.yml) @renovate (#4449)
• Bump sqlalchemy from 1.4.12 to 1.4.13 @dependabot (#4442)
• chore(deps): update rabbitmq docker tag from 3.8.14 to v3.8.15 (docker-compose.yml) @renovate (#4440)
• chore(deps): update busybox docker tag from 1.33.0 to v1.33.1 (docker-compose.override.unit_tests_cicd.yml) @renovate (#4441)
• chore(deps): update stefanzweifel/git-auto-commit-action action from v4.10.0 to v4.11.0 (.github/workflows/plantuml.yml) @renovate (#4439)
• Upgrade to Django 3.1 @valentijnscholten (#3632)
• REMOVE: Engagement_Type model @valentijnscholten (#4421)
• Bump humanize from 3.4.1 to 3.5.0 @dependabot (#4428)
• REMOVED: Old Unused Product contact fields @valentijnscholten (#4414)
• REMOVED: S0/1/2/3/4/5 severity display option @valentijnscholten (#4415)
• Helm chart linting: specify target branch for all ct @madchap (#4412)
• remove old django-tagging references @valentijnscholten (#4419)
• Bump python-gitlab from 2.6.0 to 2.7.1 @dependabot (#4369)
• RENAMED: Finding.is_Mitigated to is_mitigated @valentijnscholten (#3854)
• Remove unused setup.py @madchap (#3698)
• Update actions/cache action from v1 to v2 (.github/workflows/gh-pages.yml) @renovate (#4404)
• Bump sqlalchemy from 1.4.11 to 1.4.12 @dependabot (#4398)
• Pin dependencies (docs/package.json) @renovate (#4403)
• Bump pyjwt from 2.0.1 to 2.1.0 @dependabot (#4390)
• Bump django-slack from 5.16.0 to 5.16.2 @dependabot (#4391)
• chore(deps): update rabbitmq:3.8.14 docker digest from 3.8.14 to 3.8.14 (docker-compose.yml) @renovate (#4387)
• Fix helm chart push @madchap (#4386)
• k8s: increase initializer memory @valentijnscholten (#4380)
• k8s gha: Fix logging check application step @valentijnscholten (#4381)