You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Beyond just keeping DefectDojo updated, merging PRs and the normal day to day on this project, we've been experimenting with various ways to achieve the DefectDojo v3 goals. The results of our experimentation so far follow:
We've started doing some large PRs to update and modernize some of the older parts of DefectDojo (see #8728 & #8929 for examples).
Things we learned is from the above^ is:
We've got several more large PRs like those in our future
Several previous attempts became very difficult to merge due to upstream changes
While we announced the feature freeze, we've let more PRs through then we probably should have (because we love community contributions and just can't help ourselves).
What we're doing to make this better:
We're adding a Github Action that will fail any PR that touches parts of the code base that are actively being refactored. This is really just more strict enforcement of the feature freeze mentioned in the original discussion.
We'll be adjusting the list of files on a rolling basis so the files/paths today (2023-11-10) won't be forever.
These aren't a definitive "No" to PRs that have red tests for this new check - we're doing this to send a signal to contributors who may not have followed the v3 discussions that they may be breaking the 'feature freeze'.
We're trying our 2nd tool to do this. This is a new experiment and there's likely to be some sharp edges that we've not found yet. Thanks for your patience as we sort things out.
We're currently using Dryrun Security to flag 'protected' files/paths
We are doing the ground work to get DefectDojo from Django 4.1 to 4.2
We're moving to class-based views (a more modern Django-ism)
We're deprecating asciidoc report output - it's a very old, rarely used feature. There’s likely other things that will be deprecated during the modernization / cleanup.
As previously announced we are deprecating the DefectDojo API OpenAPI v2 docs since the OpenAPI v3 docs provide the same information in a more modern format. This will happen in the Jan 2024 release (2.30.0).
Like we said before, we love contributions so these are still greatly appreciated:
New or updated parsers
Bug / Security Fixes
Adding or improving unit tests
Thanks for all your patience as we head towards 3.0 and for all the community’s work at making DefectDojo the awesome thing it is today!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Background:
Please see the previous Github discussion here.
Update Details:
Beyond just keeping DefectDojo updated, merging PRs and the normal day to day on this project, we've been experimenting with various ways to achieve the DefectDojo v3 goals. The results of our experimentation so far follow:
We've started doing some large PRs to update and modernize some of the older parts of DefectDojo (see #8728 & #8929 for examples).
Things we learned is from the above^ is:
What we're doing to make this better:
Like we said before, we love contributions so these are still greatly appreciated:
Thanks for all your patience as we head towards 3.0 and for all the community’s work at making DefectDojo the awesome thing it is today!
-- Matt Tesauro
Beta Was this translation helpful? Give feedback.
All reactions