Skip to content

Release: Merge release into master from: release/2.39.4#11148

Merged
rossops merged 4 commits intomasterfrom
release/2.39.4
Oct 28, 2024
Merged

Release: Merge release into master from: release/2.39.4#11148
rossops merged 4 commits intomasterfrom
release/2.39.4

Conversation

@github-actions
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot commented Oct 28, 2024

Release triggered by rossops

DefectDojo release bot and others added 4 commits October 28, 2024 15:27
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Oct 28, 2024
edited
Loading

DryRun Security Summary

The provided code changes appear to be a set of routine updates and maintenance tasks for the DefectDojo application, a popular open-source application security management platform, including updates to the Helm chart, the package.json file, the application's main initialization file, and the API serializers.

Expand for full summary

Summary:

The provided code changes appear to be a set of routine updates and maintenance tasks for the DefectDojo application, a popular open-source application security management platform. The changes include updates to the Helm chart, the package.json file, the application's main initialization file, and the API serializers.

The Helm chart update involves a minor version bump, indicating bug fixes and improvements, which is generally positive for the overall security of the application. The package.json file updates show that the development team is actively monitoring and addressing potential security vulnerabilities in the used dependencies.

The changes to the dojo/__init__.py file and the dojo/api_v2/serializers.py file are mainly structural and organizational in nature, with no obvious security implications. However, it's important to review the release notes and changelogs to ensure that there are no security-related changes or fixes included in these updates.

As an application security engineer, I would recommend thoroughly reviewing the actual changes and release notes, as well as regularly monitoring the application and its dependencies for any potential security vulnerabilities. Maintaining a vigilant approach to application security is crucial, even for routine updates and maintenance tasks.

Files Changed:

  1. helm/defectdojo/Chart.yaml: The Helm chart for the DefectDojo application has been updated, with the appVersion bumped from 2.39.3 to 2.39.4 and the version of the Helm chart updated from 1.6.156 to 1.6.157.
  2. components/package.json: The package.json file has been updated, with the DefectDojo application version updated from 2.39.3 to 2.39.4 and various dependency versions updated as well.
  3. dojo/__init__.py: The main initialization file for the DefectDojo Django application has been updated, with the __version__ variable updated from "2.39.3" to "2.39.4".
  4. dojo/api_v2/serializers.py: The API serializers have been updated, with changes to the CommonImportScanSerializer, ImportScanSerializer, and ReImportScanSerializer classes.

Code Analysis

We ran 9 analyzers against 4 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@rossops rossops closed this Oct 28, 2024
@rossops rossops reopened this Oct 28, 2024
@rossops rossops merged commit fb442d2 into master Oct 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

apiv2 helm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rossops @Maffooch