Skip to content
Permalink
Browse files

merge 1.5.4rc6

  • Loading branch information
ptrovatelli committed Jan 31, 2020
2 parents d8cd760 + b62307a commit d49a609ca62f2ad62be403f8ba8b0c2dc11eaa02
Showing with 64,287 additions and 1,522 deletions.
  1. +0 −1 .dependabot/config.yml
  2. +21 −1 .github/release-drafter.yml
  3. +19 −0 .github/workflows/release-drafter.yml
  4. +5 −0 .gitignore
  5. +1 −0 .travis.yml
  6. +100 −29 DOCKER.md
  7. +1 −1 Dockerfile.busybox
  8. +7 −8 Dockerfile.django
  9. +4 −3 Dockerfile.nginx
  10. +13 −4 PULL_REQUEST_TEMPLATE.md
  11. +4 −3 README.md
  12. +2 −1 components/package.json
  13. +7 −1 docker-compose.override.dev.yml
  14. +13 −0 docker-compose.override.https.yml
  15. +26 −0 docker-compose.override.ptvsd.yml
  16. +1 −1 docker-compose.override.unit_tests.yml
  17. +10 −2 docker-compose.yml
  18. +3 −0 docker/entrypoint-initializer.sh
  19. +1 −0 docker/entrypoint-unit-tests-devDocker.sh
  20. +3 −3 docker/entrypoint-uwsgi-dev.sh
  21. +20 −0 docker/entrypoint-uwsgi-ptvsd.sh
  22. +3 −0 docker/entrypoint-uwsgi.sh
  23. +1 −0 docker/entrypoint.sh
  24. +17 −4 docker/setEnv.sh
  25. +11 −5 dojo/api.py
  26. +55 −12 dojo/api_v2/serializers.py
  27. +76 −11 dojo/api_v2/views.py
  28. 0 dojo/banner/__init__.py
  29. +7 −0 dojo/banner/urls.py
  30. +43 −0 dojo/banner/views.py
  31. +2 −1 dojo/context_processors.py
  32. +24 −0 dojo/db_migrations/0015_findingimage_caption.py
  33. +16 −0 dojo/db_migrations/0016_increase_filepath_length.py
  34. +18 −0 dojo/db_migrations/0017_auto_20190827_1421.py
  35. +79 −0 dojo/db_migrations/0018_sonarqube_api_integration.py
  36. +35 −0 dojo/db_migrations/0019_notetype_additions.py
  37. +18 −0 dojo/db_migrations/0020_system_settings_allow_anonymous_survey_repsonse.py
  38. +23 −0 dojo/db_migrations/0021_cve_index.py
  39. +33 −0 dojo/db_migrations/0022_google_sheet_sync_additions.py
  40. +68 −0 dojo/db_migrations/0023_SAST_track_unique_vulnerabilities.py
  41. +24 −0 dojo/db_migrations/0024_cve_fix_1553.py
  42. +18 −0 dojo/db_migrations/0025_jira_security_issuetype.py
  43. +21 −0 dojo/db_migrations/0026_login_banner.py
  44. +18 −0 dojo/db_migrations/0027_jira_issue_type_settings.py
  45. +3 −3 dojo/endpoint/views.py
  46. +1 −0 dojo/engagement/urls.py
  47. +54 −8 dojo/engagement/views.py
  48. +45 −8 dojo/filters.py
  49. +12 −0 dojo/finding/urls.py
  50. +590 −38 dojo/finding/views.py
  51. +10 −0 dojo/fixtures/initial_banner_conf.json
  52. +806 −0 dojo/fixtures/initial_surveys.json
  53. +44 −1 dojo/fixtures/test_type.json
  54. +172 −18 dojo/forms.py
  55. 0 dojo/google_sheet/__init__.py
  56. +11 −0 dojo/google_sheet/urls.py
  57. +862 −0 dojo/google_sheet/views.py
  58. +6 −0 dojo/home/views.py
  59. +4 −1 dojo/jira_link/views.py
  60. +1 −5 dojo/management/commands/dedupe.py
  61. +44 −0 dojo/management/commands/import_surveys.py
  62. +2 −1 dojo/metrics/views.py
  63. +288 −42 dojo/models.py
  64. 0 dojo/note_type/__init__.py
  65. +16 −0 dojo/note_type/urls.py
  66. +127 −0 dojo/note_type/views.py
  67. +43 −9 dojo/notes/views.py
  68. +2 −2 dojo/object/views.py
  69. +49 −8 dojo/pipeline.py
  70. +85 −20 dojo/product/views.py
  71. +126 −6 dojo/settings/settings.dist.py
  72. +13 −10 dojo/settings/template-env
  73. +138 −0 dojo/static/dojo/css/datatables.min.css
  74. +679 −0 dojo/static/dojo/js/datatables.min.js
  75. +37 −0 dojo/static/dojo/js/index.js
  76. +13 −0 dojo/tasks.py
  77. +11 −2 dojo/templates/base.html
  78. +1 −0 dojo/templates/dojo/add_findings.html
  79. +12 −0 dojo/templates/dojo/add_note_type.html
  80. +33 −12 dojo/templates/dojo/add_template.html
  81. +94 −3 dojo/templates/dojo/asciidoc_report.html
  82. +11 −0 dojo/templates/dojo/banner.html
  83. +13 −2 dojo/templates/dojo/close_finding.html
  84. +8 −1 dojo/templates/dojo/custom_asciidoc_report_endpoints.html
  85. +7 −0 dojo/templates/dojo/custom_asciidoc_report_findings.html
  86. +13 −0 dojo/templates/dojo/custom_pdf_report_endpoint_list.html
  87. +13 −0 dojo/templates/dojo/custom_pdf_report_finding_list.html
  88. +76 −0 dojo/templates/dojo/dashboard.html
  89. +12 −0 dojo/templates/dojo/disable_note_type.html
  90. +46 −0 dojo/templates/dojo/edit_findings.html
  91. +12 −0 dojo/templates/dojo/edit_note_type.html
  92. +5 −0 dojo/templates/dojo/edit_product.html
  93. +12 −0 dojo/templates/dojo/enable_note_type.html
  94. +49 −44 dojo/templates/dojo/endpoint_pdf_report.html
  95. +50 −45 dojo/templates/dojo/engagement_pdf_report.html
  96. +210 −0 dojo/templates/dojo/engagements_all.html
  97. +48 −43 dojo/templates/dojo/finding_pdf_report.html
  98. +107 −2 dojo/templates/dojo/findings_list.html
  99. +14 −0 dojo/templates/dojo/google_sheet_configuration.html
  100. +24 −6 dojo/templates/dojo/import_scan_results.html
  101. +22 −7 dojo/templates/dojo/login.html
  102. +2 −1 dojo/templates/dojo/metrics.html
  103. +5 −0 dojo/templates/dojo/new_product.html
  104. +130 −0 dojo/templates/dojo/note_type.html
  105. +4 −0 dojo/templates/dojo/paging_snippet.html
  106. +102 −13 dojo/templates/dojo/product.html
  107. +49 −44 dojo/templates/dojo/product_endpoint_pdf_report.html
  108. +689 −74 dojo/templates/dojo/product_metrics.html
  109. +49 −44 dojo/templates/dojo/product_pdf_report.html
  110. +49 −44 dojo/templates/dojo/product_type_pdf_report.html
  111. +14 −6 dojo/templates/dojo/snippets/comments.html
  112. +29 −0 dojo/templates/dojo/snippets/sonarqube_history.html
  113. +47 −0 dojo/templates/dojo/syncing_errors.html
  114. +69 −61 dojo/templates/dojo/test_pdf_report.html
  115. +4 −4 dojo/templates/dojo/view_eng.html
  116. +155 −4 dojo/templates/dojo/view_finding.html
  117. +4 −1 dojo/templates/dojo/view_note_history.html
  118. +3 −3 dojo/templates/dojo/view_product_details.html
  119. +28 −8 dojo/templates/dojo/view_test.html
  120. +8 −0 dojo/templates/google_sheet_error.html
  121. +47 −20 dojo/templatetags/display_tags.py
  122. +17 −0 dojo/templatetags/get_banner.py
  123. +2 −1 dojo/templatetags/get_note_status.py
  124. +11 −0 dojo/templatetags/get_notetype_availability.py
  125. +91 −4 dojo/test/views.py
  126. +15 −0 dojo/tools/__init__.py
  127. 0 dojo/tools/aqua/__init__.py
  128. +125 −0 dojo/tools/aqua/parser.py
  129. +140 −0 dojo/tools/blackduck/importer.py
  130. +24 −0 dojo/tools/blackduck/model.py
  131. +52 −60 dojo/tools/blackduck/parser.py
  132. +181 −76 dojo/tools/checkmarx/parser.py
  133. +1 −0 dojo/tools/clair/parser.py
  134. +6 −2 dojo/tools/dependency_check/parser.py
  135. 0 dojo/tools/dependency_track/__init__.py
  136. +237 −0 dojo/tools/dependency_track/parser.py
  137. +29 −0 dojo/tools/factory.py
  138. +184 −0 dojo/tools/fortify/DefaultReportDefinitionAllIssues.xml
  139. +17 −0 dojo/tools/fortify/README.md
  140. +119 −92 dojo/tools/fortify/parser.py
  141. +83 −0 dojo/tools/h1/parser.py
  142. +4 −3 dojo/tools/netsparker/parser.py
  143. +3 −1 dojo/tools/npm_audit/parser.py
  144. +4 −3 dojo/tools/openvas_csv/parser.py
  145. 0 dojo/tools/outpost24/__init__.py
  146. +56 −0 dojo/tools/outpost24/parser.py
  147. +3 −1 dojo/tools/php_security_audit_v2/parser.py
  148. +3 −1 dojo/tools/php_symfony_security_check/parser.py
  149. +1 −1 dojo/tools/qualys/parser.py
  150. +2 −1 dojo/tools/safety/parser.py
  151. +90 −24 dojo/tools/sonarqube/parser.py
  152. 0 dojo/tools/sonarqube_api/__init__.py
  153. +251 −0 dojo/tools/sonarqube_api/api_client.py
  154. +163 −0 dojo/tools/sonarqube_api/importer.py
  155. +138 −0 dojo/tools/sonarqube_api/updater.py
  156. +108 −0 dojo/tools/sonarqube_api/updater_from_source.py
  157. +1 −1 dojo/tools/spotbugs/parser.py
  158. +1 −1 dojo/tools/ssl_labs/parser.py
  159. +15 −12 dojo/tools/sslyze/parser.py
  160. +19 −0 dojo/tools/tool_issue_updater.py
  161. 0 dojo/tools/trivy/__init__.py
  162. +83 −0 dojo/tools/trivy/parser.py
  163. +9 −6 dojo/tools/twistlock/parser.py
  164. +112 −43 dojo/tools/whitesource/parser.py
  165. +1 −0 dojo/tools/xanitizer/__init__.py
  166. +185 −0 dojo/tools/xanitizer/parser.py
  167. +4 −4 dojo/tools/zap/parser.py
  168. +859 −0 dojo/unittests/scans/aqua/many_vulns.json
  169. +1 −0 dojo/unittests/scans/aqua/no_vuln.json
  170. +156 −0 dojo/unittests/scans/aqua/one_vuln.json
  171. BIN dojo/unittests/scans/blackduck/blackduck_enhanced_py3_unittest.zip
  172. BIN dojo/unittests/scans/blackduck/blackduck_enhanced_py3_unittest_v2.zip
  173. +10 −0 dojo/unittests/scans/blackduck/many_vulns_new_format.csv
  174. +1 −1 dojo/unittests/scans/checkmarx/multiple_findings.xml
  175. +283 −0 dojo/unittests/scans/checkmarx/multiple_findings_different_sourceFilename_same_sinkFilename.xml
  176. +272 −0 dojo/unittests/scans/checkmarx/multiple_findings_line_changed.xml
  177. +512 −0 dojo/unittests/scans/checkmarx/multiple_findings_same_file_different_line_number.xml
  178. +328 −0 dojo/unittests/scans/checkmarx/multiple_findings_same_sourceFilename_different_sinkFilename.xml
  179. +159 −0 dojo/unittests/scans/checkmarx/single_finding_false_positive.xml
  180. +4 −4 dojo/unittests/scans/checkmarx/utf8_replacement_char.xml
  181. +4 −4 dojo/unittests/scans/checkmarx/utf8_various_non_ascii_char.xml
  182. +110 −0 dojo/unittests/scans/dependency_track_samples/many_findings.json
  183. +16 −0 dojo/unittests/scans/dependency_track_samples/no_findings_because_findings_key_is_empty_list.json
  184. +15 −0 dojo/unittests/scans/dependency_track_samples/no_findings_because_findings_key_is_missing.json
  185. +16 −0 dojo/unittests/scans/dependency_track_samples/no_findings_because_findings_key_is_null.json
  186. +42 −0 dojo/unittests/scans/dependency_track_samples/one_finding.json
  187. +1,011 −0 dojo/unittests/scans/fortify/fortify_few_findings.xml
  188. +11,711 −0 dojo/unittests/scans/fortify/fortify_many_findings.xml
  189. +9 −0 dojo/unittests/scans/h1/data_empty.json
  190. +274 −0 dojo/unittests/scans/h1/data_many.json
  191. +143 −0 dojo/unittests/scans/h1/data_one.json
  192. +48 −0 dojo/unittests/scans/outpost24/none.xml
  193. +107 −0 dojo/unittests/scans/outpost24/one.xml
  194. +1,212 −0 dojo/unittests/scans/outpost24/sample.xml
  195. +6,716 −0 dojo/unittests/scans/sonarqube/sonar-4-findings-3-to-aggregate.html
  196. +15 −6 dojo/unittests/scans/sonarqube/sonar-6-findings.html
  197. +3 −1 dojo/unittests/scans/sonarqube/sonar-rule-undefined.html
  198. +4 −1 dojo/unittests/scans/sonarqube/sonar-single-finding.html
  199. +3 −1 dojo/unittests/scans/sonarqube/sonar-table-in-table.html
  200. +96 −0 dojo/unittests/scans/sonarqube_api/issues.json
  201. +9 −0 dojo/unittests/scans/sonarqube_api/product.json
  202. +35 −0 dojo/unittests/scans/sonarqube_api/rule.json
  203. +105 −0 dojo/unittests/scans/trivy/trivy_mix.json
  204. +28 −0 dojo/unittests/scans/twistlock/no_vuln.json
  205. +27,208 −0 dojo/unittests/scans/whitesource_sample/cli_generated_many_vulns.json
  206. +254 −0 dojo/unittests/scans/xanitizer/multiple-findings-no-details.xml
  207. +476 −0 dojo/unittests/scans/xanitizer/multiple-findings.xml
  208. +3 −0 dojo/unittests/scans/xanitizer/no-findings.xml
  209. +119 −0 dojo/unittests/scans/xanitizer/one-findings.xml
  210. +22 −0 dojo/unittests/test_aqua_parser.py
  211. +20 −6 dojo/unittests/test_blackduck_csv_parser.py
  212. +278 −75 dojo/unittests/test_checkmarx_parser.py
  213. +39 −0 dojo/unittests/test_dependency_track_parser.py
  214. +16 −0 dojo/unittests/test_fortify_parser.py
  215. +25 −0 dojo/unittests/test_h1_parser.py
  216. +24 −0 dojo/unittests/test_outpost24_parser.py
  217. +41 −0 dojo/unittests/test_sonarqube_importer.py
  218. +189 −54 dojo/unittests/test_sonarqube_parser.py
  219. +96 −0 dojo/unittests/test_sonarqube_updater.py
  220. +20 −0 dojo/unittests/test_trivy_parser.py
  221. +6 −0 dojo/unittests/test_twistlock_parser.py
  222. +5 −1 dojo/unittests/test_whitesource_parser.py
  223. +30 −0 dojo/unittests/test_xanitizer_parser.py
  224. +27 −7 dojo/urls.py
  225. +184 −70 dojo/utils.py
  226. +23 −0 dojo/wsgi.py
  227. +1 −1 entrypoint_scripts/common/common-os.sh
  228. +10 −9 entrypoint_scripts/common/config-vars.sh
  229. +2 −1 entrypoint_scripts/common/dojo-shared-resources.sh
  230. +3 −0 entrypoint_scripts/common/install-env
  231. +3 −0 entrypoint_scripts/os/linux.sh
  232. +1 −0 entrypoint_scripts/test/travis-integration-test.sh
  233. +1 −1 entrypoint_scripts/test/travis-unit-test.sh
  234. +1 −1 helm/defectdojo/templates/NOTES.txt
  235. +23 −0 helm/defectdojo/templates/_helpers.tpl
  236. +7 −2 helm/defectdojo/templates/celery-beat-deployment.yaml
  237. +7 −2 helm/defectdojo/templates/celery-deployment.yaml
  238. +7 −2 helm/defectdojo/templates/celery-worker-deployment.yaml
  239. +2 −2 helm/defectdojo/templates/configmap.yaml
  240. +7 −2 helm/defectdojo/templates/django-deployment.yaml
  241. +8 −3 helm/defectdojo/templates/initializer-job.yaml
  242. +20 −0 helm/defectdojo/values.yaml
  243. +1 −0 legacy-setup.bash
  244. +1 −0 manage.py
  245. +72 −0 nginx/nginx_TLS.conf
  246. +1 −1 package.json
  247. +31 −26 requirements.txt
  248. +9 −8 setup/scripts/common/config-vars.sh
  249. +2 −1 setup/scripts/common/dojo-shared-resources.sh
  250. +4 −1 setup/scripts/common/install-env
  251. +4 −1 setup/scripts/os/linux.sh
  252. +1 −0 setup/scripts/test/travis-integration-test.sh
  253. +1 −1 setup/scripts/test/travis-unit-test.sh
  254. +0 −1 setup/setup.bash
  255. +5 −2 tests/Endpoint_unit_test.py
  256. +5 −19 tests/Engagement_unit_test.py
  257. +5 −2 tests/Environment_unit_test.py
  258. +15 −5 tests/Finding_unit_test.py
  259. +5 −2 tests/Import_scanner_unit_test.py
  260. +84 −0 tests/Note_type_unit_test.py
  261. +12 −6 tests/Product_type_unit_test.py
  262. +33 −6 tests/Product_unit_test.py
  263. +5 −2 tests/Test_unit_test.py
  264. +5 −2 tests/User_unit_test.py
  265. +10 −7 tests/check_status.py
  266. +5 −2 tests/check_status_ui.py
  267. +1 −1 tests/dedupe_scans/dedupe_path_1.json
  268. +1 −1 tests/dedupe_scans/dedupe_path_2.json
  269. +140 −60 tests/dedupe_unit_test.py
  270. +6 −3 tests/ibm_appscan_test.py
  271. +5 −2 tests/smoke_test.py
  272. +1 −1 tests/zap.py
  273. +3 −0 travis/before-install.sh
  274. +143 −0 travis/integration_test-script.sh
  275. +12 −0 travis/script.sh
@@ -14,4 +14,3 @@ update_configs:
directory: "/"
target_branch: "dev"
update_schedule: "weekly"

@@ -1,4 +1,24 @@
name-template: 'v$NEXT_PATCH_VERSION 🌈'
tag-template: 'v$NEXT_PATCH_VERSION'
categories:
- title: '🚀 New scanners'
labels:
- 'Import Scans'
- title: '🚀 Features and enhancements'
labels:
- 'feature'
- 'enhancement'
- title: '🐛 Bug Fixes'
labels:
- 'fix'
- 'bugfix'
- 'bug'
- title: '🧰 Maintenance'
labels:
- 'dependencies'
- 'maintenance'
change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
template: |
## What's Changed
## Changes
$CHANGES
@@ -0,0 +1,19 @@
name: Release Drafter

on:
push:
# branches to consider in the event; optional, defaults to all
branches:
- master

jobs:
update_release_draft:
runs-on: ubuntu-latest
steps:
# Drafts your next Release notes as Pull Requests are merged into "master"
- uses: release-drafter/release-drafter@v5.6.1
# with:
# (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml
# config-name: my-config.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -107,3 +107,8 @@ quick.bash

#visual studio code
*.code-workspace

# pipenv
Pipfile
Pipfile*

@@ -16,6 +16,7 @@ env:
- TEST=flake8
- TEST=snyk
- TEST=docker
- TEST=integration_tests
matrix:
allow_failures:
- env: TEST=snyk
129 DOCKER.md
@@ -1,17 +1,17 @@
# Run with Docker Compose
# Running with Docker Compose

Docker compose is not intended for production use.
If you want to deploy a containerized DefectDojo to a production environment,
use the [Default installation](setup/README.md) approach.

## Prerequisites
# Prerequisites
* Docker version
* Installing with docker-compose requires at least docker 18.09.4 and docker-compose 1.24.0. See "Checking Docker versions" below for version errors during running docker-compose.
* Proxies
* If you're behind a corporate proxy check https://docs.docker.com/network/proxy/ .


## Setup via Docker Compose - introduction
# Setup via Docker Compose - introduction

DefectDojo needs several docker images to run. Two of them depend on DefectDojo code:

@@ -28,8 +28,8 @@ When running the application without building images, the application will run b
* https://hub.docker.com/r/defectdojo/defectdojo-nginx


## Setup via Docker Compose - building and running the application
### Building images
# Setup via Docker Compose - building and running the application
## Building images

To build images and put them in your local docker cache, run:

@@ -40,7 +40,7 @@ docker-compose build
To build a single image, run:

```zsh
docker-compose build django
docker-compose build uwsgi
```
or

@@ -49,7 +49,7 @@ docker-compose build nginx
```


### Run with Docker compose in release mode
## Run with Docker compose in release mode
To run the application based on previously built image (or based on dockerhub images if none was locally built), run:

```zsh
@@ -62,7 +62,7 @@ This will run the application based on docker-compose.yml only.
In this setup, you need to rebuild django and/or nginx images after each code change and restart the containers.


### Run with Docker compose in development mode with hot-reloading
## Run with Docker compose in development mode with hot-reloading

For development, use:

@@ -82,7 +82,7 @@ This will run the application based on merged configurations from docker-compose
* Hot-reloading for the **celeryworker** container is not yet implemented. When working on deduplication for example, restart the celeryworker container with:

```
docker restart django-defectdojo_celeryworker_1
docker-compose restart celeryworker
```

* The mysql port is forwarded to the host so that you can access your database from outside the container.
@@ -100,32 +100,66 @@ To update changes in static resources, served by nginx, just refresh the browser
id -u
```

### Access the application
Navigate to <http://localhost:8080> where you can log in with username admin.
To find out the admin password, check the very beginning of the console
output of the initializer container, typically name 'django-defectdojo_initializer_1', or run the following:
## Run with Docker compose in development mode with ptvsd (remote debug)

If you want to be able to step in your code, you can activate ptvsd.Server.

You can launch your local dev instance of DefectDojo as

```zsh
container_id=(`docker ps -a \
--filter "name=django-defectdojo_initializer_1" \
| awk 'FNR == 2 {print $1}'`) && \
docker logs $container_id 2>&1 | grep "Admin password:"
cp dojo/settings/settings.dist.py dojo/settings/settings.py
docker/setEnv.sh ptvsd
docker-compose up
```

or:
This will run the application based on merged configurations from docker-compose.yml and docker-compose.override.ptvsd.yml.

The default configuration assumes port 3000 by default for ptvsd, and you should access the DefectDojo UI on port 8000 instead of port 8080, as the uwsgi container will serve directly.

### VS code
Add the following python debug configuration (You would have to install the `ms-python.python`. Other setup may work.)

```
{
"name": "Remote DefectDojo",
"type": "python",
"request": "attach",
"pathMappings": [
{
"localRoot": "${workspaceFolder}",
"remoteRoot": "/app"
}
],
"port": 3000,
"host": "localhost"
}
```

You can now launch the remote debug from VS Code, place your breakpoints and step through the code.

> At present, 2 caveats:
> - Static will not be present. You would have to `docker cp` them over from the nginx container
> - For some reason, the page loading may hang. You can stop the loading and reload, the page will ultimately appear.

## Access the application
Navigate to <http://localhost:8080> where you can log in with username admin.
To find out the admin password, check the very beginning of the console
output of the initializer container by running:

```zsh
docker logs django-defectdojo_initializer_1
docker-compose logs initializer | grep "Admin password:"
```

Make sure you write down the first password generated as you'll need it when re-starting the application.

### Disable the database initialization
# Exploitation, versioning
## Disable the database initialization
The initializer container can be disabled by exporting: `export DD_INITIALIZE=false`.

This will ensure that the database remains unchanged when re-running the application, keeping your previous settings and admin password.

### Versioning
## Versioning
In order to use a specific version when building the images and running the containers, set the environment with
* For the nginx image: `NGINX_VERSION=x.y.z`
* For the django image: `DJANGO_VERSION=x.y.z`
@@ -149,9 +183,7 @@ aedc404d6dee defectdojo/defectdojo-nginx:1.0.0 "/entrypoint-nginx.sh"
```




### Clean up Docker Compose
## Clean up Docker Compose

Removes all containers

@@ -165,13 +197,52 @@ Removes all containers, networks and the database volume
docker-compose down --volumes
```

### Run the unit-tests with docker
#### Introduction
# Run with docker using https
To secure the application by https, follow those steps
* Generate a private key without password
* Generate a CSR (Certificate Signing Request)
* Have the CSR signed by a certificate authority
* Place the private key and the certificate under the nginx folder
* Replace nginx/nginx.conf by nginx/nginx_TLS.conf
* In nginx.conf, update that part:
```
server_name your.servername.com;
ssl_certificate /yourCertificate.cer;
ssl_certificate_key /yourPrivateKey.key;
```
* Protect your private key from other users:
```
chmod 400 nginx/*.key
```
* Rebuild the nginx image in order to place the private key and the certificate where nginx will find them (under / in the nginx container):

```docker build -t defectdojo/defectdojo-nginx -f Dockerfile.nginx .```
* Run defectDojo with:
```
rm -f docker-compose.override.yml
ln -s docker-compose.override.https.yml docker-compose.override.yml
docker-compose up
```
The default https port is 8083.
To change the port:
- update `nginx.conf`
- update `docker-compose.override.https.yml` or set DD_PORT in the environment)
- restart the application
NB: some third party software may require to change the exposed port in Dockerfile.nginx as they use docker-compose declarations to discover which ports to map when publishing the application.
# Run the unit-tests with docker
## Introduction
The unit-tests are under `dojo/unittests`
#### Running the unit-tests
## Running the unit-tests
This will run all the tests and leave the uwsgi container up:
```
@@ -182,7 +253,7 @@ docker-compose up
Enter the container to run more tests:
```
docker exec -it django-defectdojo_uwsgi_1 bash
docker-compose exec uwsgi bash
```
Rerun all the tests:
@@ -202,7 +273,7 @@ Run a single test. Example:
python manage.py test dojo.unittests.test_dependency_check_parser.TestDependencyCheckParser.test_parse_without_file_has_no_findings --keepdb
```
## Checking Docker versions
# Checking Docker versions
Run the following to determine the versions for docker and docker-compose:
@@ -1,2 +1,2 @@
FROM busybox:1.31.0-musl
FROM busybox:1.31.1-musl
ENTRYPOINT ["/bin/echo", "hello world"]
@@ -4,10 +4,10 @@
# The code for the build image should be idendical with the code in
# Dockerfile.nginx to use the caching mechanism of Docker.

# Using 3.5.7 to avoid compatibility issues that may be introduced by python 3.5.6 and 3.5.7.
# Using 3.5.7 to avoid compatibility issues that may be introduced by python 3.6 and 3.7.
# Please upgrade before end-of-life in september 2020!
# Ref: https://devguide.python.org/#branchstatus
FROM python:3.5.7-buster@sha256:4598d4365bb7a8628ba840f87406323e699c4da01ae6f926ff33787c63230779 as build
FROM python:3.5.9-buster@sha256:1baef6be00b82fbd77f1b60ab227a1dbede6f23825ce1b7f1e9c6f7d1469a45c as build
WORKDIR /app
RUN \
apt-get -y update && \
@@ -24,7 +24,7 @@ RUN \
COPY requirements.txt ./
RUN pip3 wheel --wheel-dir=/tmp/wheels -r ./requirements.txt

FROM python:3.5.7-slim-buster@sha256:127fee645393d311c7fbc5e8c2e5034f10a4e66b47c9273d4dbe5da2926fc3f2
FROM python:3.5.9-slim-buster@sha256:dfb042910e4ef352b5c6aa223031ce768f53f4f1aacf95936152e5508162bcb0
WORKDIR /app
RUN \
apt-get -y update && \
@@ -60,6 +60,7 @@ COPY \
docker/entrypoint-initializer.sh \
docker/entrypoint-uwsgi.sh \
docker/entrypoint-uwsgi-dev.sh \
docker/entrypoint-uwsgi-ptvsd.sh \
docker/entrypoint-unit-tests.sh \
docker/entrypoint-unit-tests-devDocker.sh \
docker/wait-for-it.sh \
@@ -76,7 +77,7 @@ RUN \
chmod g=u /var/run && \
true
USER root
RUN chmod 0777 /app
RUN chmod -R 0777 /app
USER 1001
ENV \
DD_ADMIN_USER=admin \
@@ -99,11 +100,9 @@ ENV \
DD_DATABASE_PASSWORD="defectdojo" \
DD_DATABASE_PORT="3306" \
DD_DATABASE_USER="defectdojo" \
DD_SECRET_KEY="hhZCp@D28z!n@NED*yB!ROMt+WzsY*iq" \
DD_CREDENTIAL_AES_256_KEY="&91a*agLqesc*0DJ+2*bAbsUZfR*4nLw" \
DD_INITIALIZE=true \
DD_UWSGI_MODE="socket" \
DD_UWSGI_ENDPOINT="0.0.0.0:3031" \
DD_DJANGO_ADMIN_ENABLED="on" \
DD_TRACK_MIGRATIONS="on"
DD_DJANGO_ADMIN_ENABLED="True" \
DD_TRACK_MIGRATIONS="True"
ENTRYPOINT ["/entrypoint-uwsgi.sh"]
@@ -3,7 +3,7 @@
# The code for the build image should be idendical with the code in
# Dockerfile.django to use the caching mechanism of Docker.

FROM python:3.5.7-buster@sha256:4598d4365bb7a8628ba840f87406323e699c4da01ae6f926ff33787c63230779 as build
FROM python:3.5.9-buster@sha256:1baef6be00b82fbd77f1b60ab227a1dbede6f23825ce1b7f1e9c6f7d1469a45c as build
WORKDIR /app
RUN \
apt-get -y update && \
@@ -55,13 +55,14 @@ RUN \
python3 manage.py collectstatic --noinput && \
true

FROM nginx:1.17.2@sha256:eb3320e2f9ca409b7c0aa71aea3cf7ce7d018f03a372564dbdb023646958770b
FROM nginx:1.17.7@sha256:89a42c3ba15f09a3fbe39856bddacdf9e94cd03df7403cad4fc105088e268fc9
COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/
COPY wsgi_params nginx/nginx.conf /etc/nginx/
COPY docker/entrypoint-nginx.sh /
COPY docker/entrypoint-nginx.sh nginx/*.cer nginx/*.key /
RUN \
chmod -R g=u /var/cache/nginx && \
chmod -R g=u /var/run && \
if [ -f /*.key -o -f /*.cer ]; then chown 1001 /*.key /*.cer; fi && \
true
ENV \
DD_UWSGI_PASS="uwsgi_server" \

0 comments on commit d49a609

Please sign in to comment.
You can’t perform that action at this time.