Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: Merge release into master from: release/2.40.3 #11322

Merged
merged 12 commits into from
Nov 25, 2024
Merged

Release: Merge release into master from: release/2.40.3 #11322

merged 12 commits into from
Nov 25, 2024

Conversation

github-actions[bot]
Copy link
Contributor

Release triggered by rossops

DefectDojo release bot and others added 12 commits November 18, 2024 16:52
Update versions in application files
dee310e
@rossops
Merge pull request #11286 from DefectDojo/master-into-bugfix/2.40.2-2…
cdf56be 
….41.0-dev

Release: Merge back 2.40.2 into bugfix from: master-into-bugfix/2.40.2-2.41.0-dev
@hblankenship
save reviewers (#11289)
7fbd92d
@manuel-sommer
🎉 Add Trivy Operator clustercompliance report (#11279)
3f12592
@manuel-sommer @cneill
Ruff: Fix Ruff FURB189 on bugfix (#11290)
1111ff6 
* Ruff: Fix FURB189 on bugfix

* Update dojo/api_v2/serializers.py

Co-authored-by: Charles Neill <[email protected]>

* fix

* Update dojo/api_v2/serializers.py

Co-authored-by: Charles Neill <[email protected]>

* Update dojo/api_v2/serializers.py

Co-authored-by: Charles Neill <[email protected]>

* Update dojo/api_v2/serializers.py

Co-authored-by: Charles Neill <[email protected]>

* ruff

---------

Co-authored-by: Charles Neill <[email protected]>
@hblankenship
AnchoreCTL Policies: Additional checks for severity in description (#…
7dfc46c 
…11269)

* change severity and active

* Include UNKNOWN option

* status, not gate

* And add unittest

* newline
@manuel-sommer
🐛 fix trivyoperator tags (#11276)
43833fa 
* 🐛 fix trivyoperator tags

* ruff

* fix unittest

* review

* ruff
@hblankenship
Update CheckMarx One parser for imports where description is None (#1…
b26751e 
…1308)

* fix case where description is none

* switch to using queryName instead of id

* add unittest
@dmarushkin
Mobsfscan report files parsing fix (#11278)
bead48c 
* Fix multi files parsing

* Fix multi files parsing

* Fix multi files parsing

---------

Co-authored-by: Dmitry Maryushkin <[email protected]>
@manuel-sommer @Maffooch
add RLBA to vulnid (#11271)
f52f49d 
* add RLBA to vulnid

* sha sum

---------

Co-authored-by: Cody Maffucci <[email protected]>
@kiblik
cleanup(helm): Drop support for TCP/3000 (#11274)
553a630
Update versions in application files
273c318
@rossops rossops closed this Nov 25, 2024
@rossops rossops reopened this Nov 25, 2024
@github-actions github-actions bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR apiv2 unittests ui parser helm labels Nov 25, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 25, 2024
edited
Loading

DryRun Security Summary

The pull request covers a wide range of updates and improvements to the DefectDojo application, focusing on enhancing the security analysis and reporting capabilities, including improvements to parsing and handling of security findings, deduplication and configuration of findings, addition of new test cases, and updates to the Helm chart and deployment configurations to improve the security and reliability of the application's infrastructure.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of updates and improvements to the DefectDojo application, with a focus on enhancing the security analysis and reporting capabilities. The changes include:

  1. Improvements to the parsing and handling of security findings from various scanning tools, such as Checkmarx One, Trivy Operator, and MobSF. These changes aim to ensure that the findings are accurately identified, classified, and presented to the security teams.

  2. Enhancements to the deduplication and configuration of the security findings, allowing for more fine-grained control and customization of the deduplication process.

  3. Additions of new test cases to improve the overall reliability and robustness of the security scanning and analysis components, ensuring that the application can handle a variety of input formats and edge cases.

  4. Updates to the Helm chart and deployment configurations to improve the security and reliability of the DefectDojo application's infrastructure, including secure session and CSRF cookie handling, liveness and readiness probes, and secure environment variable management.

Overall, these changes demonstrate a strong focus on improving the application's security posture and the ability to effectively identify, manage, and report on security vulnerabilities and compliance issues. The attention to detail and the comprehensive test coverage suggest a thoughtful and proactive approach to application security.

Files Changed:

  1. dojo/__init__.py: Minor version update from 2.40.2 to 2.40.3.
  2. components/package.json: Dependency updates for various libraries.
  3. dojo/api_v2/serializers.py: Changes to the RequestResponseDict and TagListSerializerField classes.
  4. dojo/settings/.settings.dist.py.sha256sum: Update to the SHA256 checksum for the settings.dist.py file.
  5. dojo/templatetags/display_tags.py: Improvements to the action_log_entry filter.
  6. dojo/models.py: Registration of various Django models with the admin interface.
  7. dojo/tools/anchorectl_policies/parser.py: Improvements to the severity determination process.
  8. dojo/tools/checkmarx_one/parser.py: Handling of missing descriptions and parsing of additional vulnerability details.
  9. dojo/tools/mobsfscan/parser.py: Support for multiple files per finding and deduplication of findings.
  10. dojo/settings/settings.dist.py: Configuration updates for deduplication, vulnerability URLs, file uploads, logging, and notifications.
  11. dojo/tools/trivy_operator/checks_handler.py: Handling of the resource_namespace for the tags attribute of the Finding object.
  12. dojo/tools/trivy_operator/parser.py: Addition of cluster compliance handling.
  13. dojo/tools/trivy_operator/vulnerability_handler.py: Handling of empty tags in the Finding object.
  14. dojo/tools/trivy_operator/secrets_handler.py: Handling of the resource_namespace for the Finding object.
  15. helm/defectdojo/Chart.yaml: Version update for the DefectDojo Helm chart.
  16. helm/defectdojo/templates/django-deployment.yaml: Security-related updates to the Django deployment configuration.
  17. Various test files: Addition of new test cases and improvements to existing tests.

Code Analysis

We ran 9 analyzers against 25 files and 2 analyzers had findings. 7 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 1 finding
Sensitive Files Analyzer 1 finding

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

@rossops rossops merged commit 6d847ab into master Nov 25, 2024
70 of 71 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
apiv2 helm parser settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR ui unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rossops @hblankenship @manuel-sommer @dmarushkin @kiblik