Release: Merge release into master from: release/2.45.2#12282
Merged
Release: Merge release into master from: release/2.45.2#12282
Conversation
….46.0-dev Release: Merge back 2.45.1 into bugfix from: master-into-bugfix/2.45.1-2.46.0-dev
* sla calc: add unit tests * sla calc: add unit tests * sla calc: add unit tests * linting * sla: simplify * sla config: cleanup * Update unittests/test_sla_calculations.py Co-authored-by: Blake Owens <76979297+blakeaowens@users.noreply.github.com> * Update unittests/test_sla_calculations.py Co-authored-by: Blake Owens <76979297+blakeaowens@users.noreply.github.com> * Update unittests/test_sla_calculations.py Co-authored-by: Blake Owens <76979297+blakeaowens@users.noreply.github.com> * Update unittests/test_sla_calculations.py Co-authored-by: Blake Owens <76979297+blakeaowens@users.noreply.github.com> --------- Co-authored-by: Blake Owens <76979297+blakeaowens@users.noreply.github.com>
* 🎉 Implement Fortify Webinspect new report format * update * fix * update * update * update * update * update * update according to comment * docs update * fix
* merge all jira articles into single article * reweight articles * Update docs/content/en/share_your_findings/jira_guide.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update docs/content/en/share_your_findings/jira_guide.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update docs/content/en/share_your_findings/jira_guide.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update docs/content/en/share_your_findings/jira_guide.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update docs/content/en/share_your_findings/jira_guide.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update docs/content/en/share_your_findings/jira_guide.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update docs/content/en/share_your_findings/jira_guide.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update docs/content/en/share_your_findings/jira_guide.md Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * add wiz documentation * Update docs/content/en/share_your_findings/jira_guide.md Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> * update Pro features docs * reorganize support docs * rework import documentation for OS context * update changelog 2.45.1 * fix broken links --------- Co-authored-by: Paul Osinski <paul.m.osinski@gmail.com> Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
….46.0-dev Release: Merge back 2.45.2 into bugfix from: master-into-bugfix/2.45.2-2.46.0-dev
* Reimport: Special statuses should be respected from reports * Fixing ruff * Update unittests/tools/test_checkmarx_one_parser.py Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Use the correct dict for statuses --------- Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
…ix/2.45.2-2.46.0-dev"
…gfix/2.45.2-2.46.0-dev Revert "Release: Merge back 2.45.2 into bugfix from: master-into-bugfix/2.45.2-2.46.0-dev"
Release activity: Merge cleaned master state into bugfix
github-actions
Bot
added
settings_changes
🔴 Risk threshold exceeded.This pull request involves sensitive edits to multiple files in the DefectDojo project, including models.py and display_tags.py, and includes potential security considerations around documentation, authentication methods, and file import mechanisms that may require careful review.
|
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
⚠️ Configured Codepaths Edit in dojo/templatetags/display_tags.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
⚠️ Configured Codepaths Edit in dojo/models.py
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
💭 Unconfirmed Findings (5)
| Vulnerability | Potential Information Disclosure |
|---|---|
| Description | Documentation reveals details about DefectDojo's product tiers (Pro vs Open Source), providing insights into application's import and organizational methods. |
| Vulnerability | External Link Considerations |
|---|---|
| Description | Multiple documentation pages contain internal links to DefectDojo resources and some pages reference external tool documentation like Wiz. |
| Vulnerability | Authentication Method Insights |
|---|---|
| Description | Documentation describes authentication methods for various tools, including examples of service account and token-based authentication mechanisms. |
| Vulnerability | Sensitive Information Handling |
|---|---|
| Description | Documentation includes placeholder credentials and example authentication scenarios, with no actual hardcoded secrets or tokens exposed. |
| Vulnerability | Potential Risks in Import Mechanisms |
|---|---|
| Description | Base64 file upload support in generic findings import could potentially be a vector for file upload abuse if not properly sanitized. |
We've notified @mtesauro.
All finding details can be found in the DryRun Security Dashboard.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release triggered by
Maffooch