Skip to content

Bulk Edit: Add note when pushing finding to jira#10545

Merged
mtesauro merged 3 commits intoDefectDojo:bugfixfrom
Maffooch:jira
Jul 12, 2024
Merged

Bulk Edit: Add note when pushing finding to jira#10545
mtesauro merged 3 commits intoDefectDojo:bugfixfrom
Maffooch:jira

Conversation

@Maffooch
Copy link
Copy Markdown
Contributor

@Maffooch Maffooch commented Jul 9, 2024

When attempting to use bulk edit to add notes while also pushing changes to jira, the notes are not pushed as well. This PR will add an additional step to the push_to_jira logic to also consider the new note added by bulk editt

[sc-6732]

@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Jul 9, 2024

DryRun Security Summary

The pull request changes the finding module of the DefectDojo application, providing a wide range of functionality for managing findings, including listing, viewing, editing, deleting, handling duplicates, integrating with external tools, managing notes, and enforcing permissions and authorization, with a focus on providing a secure and comprehensive platform for managing application vulnerabilities.

Expand for full summary

Summary:

The code changes in this pull request are related to the finding module of the DefectDojo application, which is an open-source application vulnerability management and security orchestration platform. The changes provide a wide range of functionality for managing findings, including listing, viewing, editing, and deleting findings, as well as performing bulk operations on findings. The code also includes features for handling duplicate findings, integrating with JIRA and GitHub, managing notes, and enforcing permissions and authorization.

From a security perspective, the code appears to be well-designed and implemented, with a focus on providing a secure and comprehensive platform for managing application vulnerabilities. The use of a custom authorization system to control user access to functionality is a particularly important security feature, as it helps to ensure that users can only perform actions they are authorized to perform. Additionally, the integration with external tools like JIRA and GitHub can help to streamline the vulnerability management process and improve overall security posture.

Files Changed:

  • dojo/finding/views.py: This file contains the code responsible for handling the functionality related to findings, including listing, viewing, editing, and deleting findings, as well as performing bulk operations on findings. The code also includes functionality for handling duplicate findings, integrating with JIRA and GitHub, managing notes, and enforcing permissions and authorization.

Code Analysis

We ran 7 analyzers against 1 file and 0 analyzers had findings. 7 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Jul 9, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 4f9e636 into DefectDojo:bugfix Jul 12, 2024
@Maffooch Maffooch deleted the jira branch July 16, 2024 22:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

+2 more reviewers

@grendel513 grendel513 grendel513 approved these changes

@cneill cneill cneill approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Maffooch @grendel513 @cneill @mtesauro @blakeaowens