-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Finding groups: (Auto) Group By and more enhancements #4353
Finding groups: (Auto) Group By and more enhancements #4353
Conversation
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
I could make it crash. I select like some 180 findings, some active, others inactive, yet other dups.. selected them all, and tried to create group by "component version". Files I used I uploaded at DefectDojo/sample-scan-files@23cf6e6
|
He who break its, shall fix it I'll take a look, thanks for the sample files. |
Thanks @madchap, could reproduce. Problem was with findings of |
The main usecase, I think, is to report findings per component to JIRA. So even if there's only one now, it makes sense to report as a group. On a next reimport there might be 2 vulns inside a component and then we could just update the existing jira issues for the group. |
Merging this as we need to deploy from dev and dogfood it. It's behind a feature flag, so should be good! |
* bulk edit: allow group by * finding groups enhancements * make auto_group_by optional, add help_text * add auto_group_by to api * finding groups: push groups only once on import/reimport * jira: fix silent epic error during unit tests * finding groups: push groups only once on import/reimport * fix tests * add unit tests for jira finding groups * remove token * rerecord JIRA * add unit tests for jira finding groups * add unit tests for jira finding groups * add unit tests for jira finding groups * add unit tests for jira finding groups * add unit tests for jira finding groups * rename auto_group_by to group_by * rename auto_group_by to group_by * fix SLA for Info findings bug, prefetch * fix SLA for Info findings bug, prefetch
* bulk edit: allow group by * finding groups enhancements * make auto_group_by optional, add help_text * add auto_group_by to api * finding groups: push groups only once on import/reimport * jira: fix silent epic error during unit tests * finding groups: push groups only once on import/reimport * fix tests * add unit tests for jira finding groups * remove token * rerecord JIRA * add unit tests for jira finding groups * add unit tests for jira finding groups * add unit tests for jira finding groups * add unit tests for jira finding groups * add unit tests for jira finding groups * rename auto_group_by to group_by * rename auto_group_by to group_by * fix SLA for Info findings bug, prefetch * fix SLA for Info findings bug, prefetch
Finding Group enhancements:
Main feature is automatic grouping, so in the UI or API a
group_by
field has been added. Settinggroup_by
tocomponent_name
on import or reimport will add all new findings automatically to a group based on thecomponent_name
field.If
push_to_jira
orpush_all
is enabled, the groups will be pushed to JIRA.There's also the possibility on the edit finding page now to modify the group for a finding.
While doing this PR I thought of some more things we could/should do for the finding groups, but ideally we get some more feedback first :-)