Changes
This release contains the following changes ๐.
Help spread the word or leave a GitHub star if you like it ๐
๐ Features
- Add nodeSelector Support to Operator, Parsers, and Scanners @kamirendawkins (#2254)
- Added GitHub Actions workflow for releasing Helm charts to GHCR @Ilyesbdlala (#2108)
- Replace twitter account with mastadon @Weltraumschaf (#2249, #2250, #2274)
๐ Security Scanner
- Upgraded gitleaks from v8.18.0 to v8.18.2 @secureCodeBoxBot (#2245, #2103)
- Upgraded kubeaudit from 0.22.0 to 0.22.1 @secureCodeBoxBot (#2111)
- Upgraded nikto to actual 2.5.0 version @J12934 (#2262)
- Upgraded nuclei from v3.0.3 to v3.1.10 @secureCodeBoxBot (#2253, #2240, #2217, #2202, #2173, #2165, #2150, #2129, #2114, #2104)
- Upgraded semgrep from 1.48.0 to 1.60.1 @secureCodeBoxBot (#2270, #2252, #2241, #2218, #2203, #2174, #2158, #2154, #2132, #2126, #2112, #2101)
- Upgraded trivy from 0.46.1 to 0.49.1 @secureCodeBoxBot (#2267, #2246, #2176, #2156, #2127)
- Upgraded typo3scan from v1.1.3 to v1.1.4 @secureCodeBoxBot (#2269)
๐ Bug Fixes
- Fix Crash in DefectDojo Hook for Scans without Parameters @Weltraumschaf (#2275)
- Fixed Scans being marked as Failed after the First Jobs has failed @Ilyesbdlala (#2205)
- Add zap automation scan defectdojo mapping @moxli (#2134)
- Implements awaiting before refetching imported DefectDojo finding @Weltraumschaf (#2208)
๐งช Test
- Added Unit tests for CI helpers @Ilyesbdlala (#2177)
๐ Documentation
- Add Page with List of Mentions @Weltraumschaf (#2247)
- Minor issues in documentation @BorisShek (#2239)
- Update contributing guidelines to include guideline about ticket numbers in commit messages @Weltraumschaf (#2238)
- Add Page with List of Mentions @Weltraumschaf (#2247)
- Clean Up Docs for Hooks esp. DD Hook @Weltraumschaf (#2206)
- Change relative links to absolute in docs @BorisShek (#2256)
๐ง Maintenance
- Upgraded Docusaurus to v3.1.1 @Ilyesbdlala & @dependabot (#2102, #2131, #2227)
- Minor Java Code Style Cleanups in DefectDojo Hooks Cleaning @Weltraumschaf (#2207)
- Extract side effects introduced by System#getenv() @Weltraumschaf (#2184)
- Add gradle, docker, workflows to dependabot config @Weltraumschaf (#2186)
๐ Dependencies
Minor dependency updates (38 pull requests). Click to expand.
- Applied NPM audit fixes @Ilyesbdlala (#2097)
- Bump @docusaurus/types from 3.1.0 to 3.1.1 in /documentation @dependabot (#2226)
- Bump @types/node from 20.11.1 to 20.11.5 in /documentation @dependabot (#2196)
- Bump @types/node from 20.11.16 to 20.11.17 in /documentation @dependabot (#2282)
- Bump @types/node from 20.11.5 to 20.11.16 in /documentation @dependabot (#2260)
- Bump @types/react from 18.2.48 to 18.2.53 in /documentation @dependabot (#2261)
- Bump actions/cache from 3 to 4 in /.github/workflows @dependabot (#2280)
- Bump actions/checkout from 3 to 4 in /.github/workflows @dependabot (#2232)
- Bump actions/setup-go from 4 to 5 in /.github/workflows @dependabot (#2215)
- Bump actions/setup-java from 3 to 4 in /.github/workflows @dependabot (#2213)
- Bump actions/setup-python from 4 to 5 in /.github/workflows @dependabot (#2233)
- Bump actions/upload-artifact from 3 to 4 in /.github/workflows @dependabot (#2194)
- Bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.15.2 to 2.16.1 in /hooks/persistence-defectdojo/hook @dependabot (#2211)
- Bump com.github.ben-manes.versions from 0.50.0 to 0.51.0 in /hooks/persistence-defectdojo/hook @dependabot (#2222)
- Bump crazy-max/ghaction-import-gpg from 5 to 6 in /.github/workflows @dependabot (#2212)
- Bump docker/build-push-action from 2 to 5 in /.github/workflows @dependabot (#2195)
- Bump docker/login-action from 1 to 3 in /.github/workflows @dependabot (#2214)
- Bump docker/metadata-action from 3 to 5 in /.github/workflows @dependabot (#2189)
- Bump docker/setup-buildx-action from 1 to 3 in /.github/workflows @dependabot (#2230)
- Bump docker/setup-qemu-action from 2 to 3 in /.github/workflows @dependabot (#2198)
- Bump eslint-plugin-prettier from 5.0.1 to 5.1.3 in /documentation @dependabot (#2199)
- Bump io.freefair.lombok from 8.1.0 to 8.4 in /hooks/persistence-defectdojo/hook @dependabot (#2192)
- Bump mikefarah/yq from 4.4.1 to 4.40.5 in /.github/workflows @dependabot (#2231)
- Bump mikefarah/yq from 4.40.5 to 4.40.7 in /.github/workflows @dependabot (#2281)
- Bump nodemailer from 6.6.3 to 6.9.9 in /hooks/notification/hook @dependabot (#2248)
- Bump org.junit:junit-bom from 5.10.1 to 5.10.2 in /hooks/persistence-defectdojo/hook @dependabot (#2258)
- Bump org.mockito:mockito-core from 5.4.0 to 5.9.0 in /hooks/persistence-defectdojo/hook @dependabot (#2197)
- Bump org.mockito:mockito-core from 5.9.0 to 5.10.0 in /hooks/persistence-defectdojo/hook @dependabot (#2224)
- Bump org.mockito:mockito-junit-jupiter from 5.4.0 to 5.9.0 in /hooks/persistence-defectdojo/hook @dependabot (#2188)
- Bump org.mockito:mockito-junit-jupiter from 5.9.0 to 5.10.0 in /hooks/persistence-defectdojo/hook @dependabot (#2223)
- Bump org.slf4j:slf4j-api from 2.0.7 to 2.0.11 in /hooks/persistence-defectdojo/hook @dependabot (#2193)
- Bump org.slf4j:slf4j-log4j12 from 2.0.7 to 2.0.11 in /hooks/persistence-defectdojo/hook @dependabot (#2187)
- Bump peter-evans/create-pull-request from 3 to 5 in /.github/workflows @dependabot (#2216)
- Bump peter-evans/create-pull-request from 5 to 6 in /.github/workflows @dependabot (#2257)
- Bump peter-evans/dockerhub-description from 2 to 3 in /.github/workflows @dependabot (#2191)
- Bump peter-evans/dockerhub-description from 3 to 4 in /.github/workflows @dependabot (#2234)
- Bump sass-loader from 13.3.2 to 14.1.0 in /documentation @dependabot (#2259)
- Bump uk.org.webcompere:system-stubs-jupiter from 2.1.3 to 2.1.6 in /hooks/persistence-defectdojo/hook @dependabot (#2209)
- Use latest releases DD Client Lib @Weltraumschaf (#2204)
Distribution
Contributors
Thanks to all our contributors supporting this project ๐ค
@BorisShek, @Ilyesbdlala, @kamirendawkins, @moxli, @J12934 and @Weltraumschaf