New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release/2.3.0 #5222
Release/2.3.0 #5222
Commits on Aug 31, 2021
-
Update versions in application files
DefectDojo release bot committedAug 31, 2021 -
Merge pull request #5015 from DefectDojo/master-into-dev/2.2.0-2.3.0-dev
Release: Merge back 2.2.0 into dev from: master-into-dev/2.2.0-2.3.0-dev
-
-
Update rabbitmq:3.9.5 Docker digest from 3.9.5 to 3.9.5 (docker-compo…
…se.yml) (#5005) Co-authored-by: Renovate Bot <bot@renovateapp.com>
-
Bump google-api-python-client from 2.18.0 to 2.19.0 (#5008)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.18.0 to 2.19.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.18.0...v2.19.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump django-environ from 0.4.5 to 0.5.0 (#5007)
Bumps [django-environ](https://github.com/joke2k/django-environ) from 0.4.5 to 0.5.0. - [Release notes](https://github.com/joke2k/django-environ/releases) - [Changelog](https://github.com/joke2k/django-environ/blob/main/CHANGELOG.rst) - [Commits](joke2k/django-environ@v0.4.5...v0.5.0) --- updated-dependencies: - dependency-name: django-environ dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump drf-spectacular from 0.17.3 to 0.18.1 (#5009)
Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.17.3 to 0.18.1. - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](tfranzel/drf-spectacular@0.17.3...0.18.1) --- updated-dependencies: - dependency-name: drf-spectacular dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump datatables.net-buttons-dt from 1.7.1 to 2.0.0 in /components (#4988
) Bumps [datatables.net-buttons-dt](https://github.com/DataTables/Dist-DataTables-Buttons-DataTables) from 1.7.1 to 2.0.0. - [Release notes](https://github.com/DataTables/Dist-DataTables-Buttons-DataTables/releases) - [Commits](DataTables/Dist-DataTables-Buttons-DataTables@1.7.1...2.0.0) --- updated-dependencies: - dependency-name: datatables.net-buttons-dt dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Sep 6, 2021
-
fix: javascript regex error detection (#5038)
On the report builder we're seeing javascript errors since tuesday august 31st. ``` bootstrap.min.js:6 Uncaught TypeError: Cannot read properties of null (reading 'trigger') at HTMLDivElement.u (bootstrap.min.js:6) at HTMLDivElement.fn (jquery.js:5175) at HTMLDivElement.handle (bootstrap.min.js:6) at HTMLDivElement.dispatch (jquery.js:5430) at HTMLDivElement.elemData.handle (jquery.js:5234) at Object.trigger (jquery.js:8719) at HTMLDivElement.<anonymous> (jquery.js:8797) at Function.each (jquery.js:385) at jQuery.fn.init.each (jquery.js:207) at jQuery.fn.init.trigger (jquery.js:8796) ``` These happen with 2.2.0, 2.1.0 etc. We have a regex in the test suite that ignores this error, but the error message has changed slightly. This PR updates the regex. Also this error happens during manual usage, so I removed the comment about it only happening during integration tests. Apart from the error appearing in the javascript console, the report builders seems to work fin. So it _looks like_ we can keep ignoring this error. I guess we have to because we don't know where it's coming from as the stacktrace only contains bootstrap + jquery code paths.
-
Bump google-auth from 2.0.1 to 2.0.2 (#5024)
Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.0.1 to 2.0.2. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python@v2.0.1...v2.0.2) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
-
Bump django-tagulous from 1.2.0 to 1.2.1 (#5022)
Bumps [django-tagulous](https://github.com/radiac/django-tagulous) from 1.2.0 to 1.2.1. - [Release notes](https://github.com/radiac/django-tagulous/releases) - [Commits](radiac/django-tagulous@v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: django-tagulous dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
-
Bump google-auth-oauthlib from 0.4.5 to 0.4.6 (#5023)
Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.4.5 to 0.4.6. - [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python-oauthlib@v0.4.5...v0.4.6) --- updated-dependencies: - dependency-name: google-auth-oauthlib dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
-
Bump pillow from 8.3.1 to 8.3.2 (#5034)
Bumps [pillow](https://github.com/python-pillow/Pillow) from 8.3.1 to 8.3.2. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst) - [Commits](python-pillow/Pillow@8.3.1...8.3.2) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
-
Bump python from 3.8.11-slim-buster to 3.8.12-slim-buster (#5043)
Bumps python from 3.8.11-slim-buster to 3.8.12-slim-buster. --- updated-dependencies: - dependency-name: python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump datatables.net-dt from 1.10.25 to 1.11.1 in /components (#5042)
Bumps [datatables.net-dt](https://github.com/DataTables/Dist-DataTables-DataTables) from 1.10.25 to 1.11.1. - [Release notes](https://github.com/DataTables/Dist-DataTables-DataTables/releases) - [Commits](DataTables/Dist-DataTables-DataTables@1.10.25...1.11.1) --- updated-dependencies: - dependency-name: datatables.net-dt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump django-environ from 0.5.0 to 0.6.0 (#5040)
Bumps [django-environ](https://github.com/joke2k/django-environ) from 0.5.0 to 0.6.0. - [Release notes](https://github.com/joke2k/django-environ/releases) - [Changelog](https://github.com/joke2k/django-environ/blob/main/CHANGELOG.rst) - [Commits](joke2k/django-environ@v0.5.0...v0.6.0) --- updated-dependencies: - dependency-name: django-environ dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump drf-spectacular from 0.18.1 to 0.18.2 (#5039)
Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.18.1 to 0.18.2. - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](tfranzel/drf-spectacular@0.18.1...0.18.2) --- updated-dependencies: - dependency-name: drf-spectacular dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump google-api-python-client from 2.19.0 to 2.19.1 (#5029)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.19.0 to 2.19.1. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.19.0...v2.19.1) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
-
Bump datatables.net from 1.10.25 to 1.11.1 in /components (#5041)
Bumps [datatables.net](https://github.com/DataTables/Dist-DataTables) from 1.10.25 to 1.11.1. - [Release notes](https://github.com/DataTables/Dist-DataTables/releases) - [Commits](DataTables/Dist-DataTables@1.10.25...1.11.1) --- updated-dependencies: - dependency-name: datatables.net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Sep 7, 2021
-
fix(rest-api): fix some warings from drf (#5031)
On behalf of DB Systel GmbH Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
Commits on Sep 8, 2021
-
Support Docker Compose V2 (#5047)
* quote variables * try docker compose v2 in github action * revert docker compose v2 test Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
-
Better support SARIF ruleId attribute (#5025)
* Better support SARIF ruleId attribute * Add flawfinder data * Fix flake8 errors * fix flake8 errors * Implement mitigation
-
Bump datatables.net-buttons-bs from 1.7.1 to 2.0.0 in /components (#4987
) Bumps [datatables.net-buttons-bs](https://github.com/DataTables/Dist-DataTables-Buttons-Bootstrap) from 1.7.1 to 2.0.0. - [Release notes](https://github.com/DataTables/Dist-DataTables-Buttons-Bootstrap/releases) - [Commits](DataTables/Dist-DataTables-Buttons-Bootstrap@1.7.1...2.0.0) --- updated-dependencies: - dependency-name: datatables.net-buttons-bs dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
feat(safety-parser): configurable offline mode (#5030)
When using the safety parser in environments without internet connection it take a while until the parser using the fallback offline mode. Now you can configure to use offline mode only. On behalf of DB Systel GmbH Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
-
Add support for dynamic test import for Veracode (#5032)
* Implemented dynamic scan import for Veracode * Implemented unit tests for Veracode dynamic finding import. * Corrected reimport unit test errors. * Corrected issues with finding counts in unit tests after adding new dynamic analysis data. Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
-
-
Update versions in application files
DefectDojo release bot committedSep 8, 2021 -
Bump datatables.net-dt from 1.11.1 to 1.11.2 in /components (#5056)
Bumps [datatables.net-dt](https://github.com/DataTables/Dist-DataTables-DataTables) from 1.11.1 to 1.11.2. - [Release notes](https://github.com/DataTables/Dist-DataTables-DataTables/releases) - [Commits](DataTables/Dist-DataTables-DataTables@1.11.1...1.11.2) --- updated-dependencies: - dependency-name: datatables.net-dt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Update dependency autoprefixer from 10.3.3 to v10.3.4 (docs/package.j…
…son) (#5062) Co-authored-by: Renovate Bot <bot@renovateapp.com>
-
Update mysql:5.7.35 Docker digest from 5.7.35 to v5.7.35 (docker-comp…
…ose.yml) (#5061) Co-authored-by: Renovate Bot <bot@renovateapp.com>
-
Bump datatables.net from 1.11.1 to 1.11.2 in /components (#5057)
Bumps [datatables.net](https://github.com/DataTables/Dist-DataTables) from 1.11.1 to 1.11.2. - [Release notes](https://github.com/DataTables/Dist-DataTables/releases) - [Commits](DataTables/Dist-DataTables@1.11.1...1.11.2) --- updated-dependencies: - dependency-name: datatables.net dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Merge pull request #5063 from DefectDojo/master-into-dev/2.2.1-2.3.0-dev
Release: Merge back 2.2.1 into dev from: master-into-dev/2.2.1-2.3.0-dev
Commits on Sep 9, 2021
-
fix error on merging findings due to django3 changes (#5064)
* added fix for django3 change from keyOrder to field_order * removed erronously added file Co-authored-by: Chris Fort <Chris.Fort@lexisnexis.com>
-
Merge pull request #5035 from axelpavageau/cloudsploit
Add a deduplication configuration for Aquasecurity's Cloudsploit
-
fix: in Aquasecurity's cloudsploit scan result "region" can be either…
… a string of a list of strings (#5055) Co-authored-by: Axel Pavageau <axel.pavageau@ekino.com>
-
Bump google-api-python-client from 2.19.1 to 2.20.0 (#5067)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.19.1 to 2.20.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.19.1...v2.20.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Sep 10, 2021
-
SonarQube: use severity from issue instead of rule (#4934)
* changed the severity to display the vulnerability severity rather than the rule severity * changed the severity to display the vulnerability severity rather than the rule severity * changed the severity to display the vulnerability severity rather than the rule severity * changed the severity to display the vulnerability severity rather than the rule severity * changed the severity to display the vulnerability severity rather than the rule severity Co-authored-by: Zeeshan Syed <zsyed@ezesoft.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
-
-
Add Cobalt.io API parser/importer (#4962)
* Add Cobalt.io API parser Add a second parser for Cobalt.io that is intended for importing findings from the the Cobalt API's /findings endpoint [1]. As is, the user is expected to fetch the findings - scoped as they see fit - from the API themselves and upload the JSON as is to DefectDojo. -- 1. https://docs.cobalt.io/#get-specific-findings * Covert Cobalt.io API parser into an "importer" Convert the Cobalt.io API parser into a parser that imports findings from the API given (1) a _Tool Configuration_ with the Cobalt API token and a Cobalt "Org" token, and (2) a product-level Cobalt.io configuraton for the "Asset" from which to import findings. * Fix whitespace & f-string mistakes * Resolve a11y issue on Cobalt.io Configurations page * Update Cobalt.io API parser - Remove author metadata - Set `dynamic_finding` of findings to True. * Update Cobalt.io API parser unit tests * Refactor: use textwrap for Cobalt finding title * Remove explicit numerical_severity from Cobalt API parser Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
-
Check deduplication config on startup (#4963)
* Create validatededupeconfig.py This script will solve issue #3666 by checking for deduplication configuration at startup. * Update validatededupeconfig.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Co-authored-by: Maffooch <maffouch@hotmail.com>
-
Checkmarx: Do not hardcode Active and Verified finding attributes (#4812
) * Add release cadence to README (#4796) * Add release cadence to README * Update README.md * Update README.md Co-authored-by: Damien Carol <damien.carol@gmail.com> Co-authored-by: Damien Carol <damien.carol@gmail.com> * Fix: Active and review parameters are commented due the issue #4598 * Update parser.py * Update parser.py * Remove checks for active/verified in unit tests * Remove README change from rebase * Fix unit tests Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> Co-authored-by: Damien Carol <damien.carol@gmail.com> Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Co-authored-by: Maffooch <maffouch@hotmail.com>
-
Fix errors with Spotbugs 4.4.x (#5068)
* Fix errors with Spotbugs 4.4.x * Fix flake8 * Fix title problem
-
Bump debugpy from 1.4.1 to 1.4.3 (#5078)
Bumps [debugpy](https://github.com/microsoft/debugpy) from 1.4.1 to 1.4.3. - [Release notes](https://github.com/microsoft/debugpy/releases) - [Commits](microsoft/debugpy@v1.4.1...v1.4.3) --- updated-dependencies: - dependency-name: debugpy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Update stefanzweifel/git-auto-commit-action action from v4.11.0 to v4…
….12.0 (.github/workflows/plantuml.yml) (#5081) Co-authored-by: Renovate Bot <bot@renovateapp.com>
-
Bump gitpython from 3.1.18 to 3.1.23 (#5077)
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.18 to 3.1.23. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.18...3.1.23) --- updated-dependencies: - dependency-name: gitpython dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Sep 11, 2021
-
Bump django-tagulous from 1.2.1 to 1.3.0 (#5050)
Bumps [django-tagulous](https://github.com/radiac/django-tagulous) from 1.2.1 to 1.3.0. - [Release notes](https://github.com/radiac/django-tagulous/releases) - [Changelog](https://github.com/radiac/django-tagulous/blob/develop/docs/changelog.rst) - [Commits](radiac/django-tagulous@v1.2.1...v1.3.0) --- updated-dependencies: - dependency-name: django-tagulous dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Sep 12, 2021
Commits on Sep 13, 2021
-
SARIF parser - add more information to findings (#5071)
* Add more information to findings
-
Bump nginx from 1.21.1-alpine to 1.21.3-alpine (#5088)
Bumps nginx from 1.21.1-alpine to 1.21.3-alpine. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump django-environ from 0.6.0 to 0.7.0 (#5087)
Bumps [django-environ](https://github.com/joke2k/django-environ) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/joke2k/django-environ/releases) - [Changelog](https://github.com/joke2k/django-environ/blob/main/CHANGELOG.rst) - [Commits](joke2k/django-environ@v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: django-environ dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
-
Bump openpyxl from 3.0.7 to 3.0.8 (#5086)
Bumps [openpyxl](https://openpyxl.readthedocs.io) from 3.0.7 to 3.0.8. --- updated-dependencies: - dependency-name: openpyxl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Added ability to use business days or calendar days (#4260)
* Added ability to use business days or calendar days * Update settings.dist.py comment formatting * Updated variables in settings.dist.py * Updated comment * updated models * updated models Co-authored-by: Nick Cleary <nicholas.cleary@sherwin.com> Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
-
Change Dependency Check parser to make "Location" field more informat…
…ive (#4910) * Update dependency_check/parser.py Change "dependency_filename" to "dependency_filepath" in "file_path" variable * Move filepath to description * Move description addition to after title is set * Correct unit tests Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> Co-authored-by: Maffooch <maffouch@hotmail.com>
-
Improve detect-secrets parser (#5092)
* Improve detect-secrets parser * Fix description data * Adap tests
-
Commits on Sep 14, 2021
-
* initial commit * spacings and help icons * further ui improvements * fixed integration tests
-
Bump numpy from 1.19.5 to 1.21.2 (#5097)
Bumps [numpy](https://github.com/numpy/numpy) from 1.19.5 to 1.21.2. - [Release notes](https://github.com/numpy/numpy/releases) - [Changelog](https://github.com/numpy/numpy/blob/main/doc/HOWTO_RELEASE.rst.txt) - [Commits](numpy/numpy@v1.19.5...v1.21.2) --- updated-dependencies: - dependency-name: numpy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Change secrets severity in detect-secrets parser (#5098)
* Change secrets severity * Adapt secrets severity in unit tests
-
calendar: fix to work with bootstrap-chosen (#5094)
* calendar integration test enhancement * fix calendar with bootstrap chosen * fix test
Commits on Sep 15, 2021
-
Bump google-api-python-client from 2.20.0 to 2.21.0 (#5105)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.20.0 to 2.21.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.20.0...v2.21.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump google-auth from 2.0.2 to 2.1.0 (#5104)
Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.0.2 to 2.1.0. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python@v2.0.2...v2.1.0) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Sep 16, 2021
-
Make scan type list rely on Dynamic parser infra. (#5084)
* Make scan type list rely on Dhynamic parser infra. * Fix flake8 errors * Fix flake8 errors * Remove old loader * Fix import error * Clean factory * Fix import error * Update doc * Fix error in adhoc add a test * Add missing command * remove modifcation * Fix EOL * Fix initializer * Fix error in the initializer * Fix useless code * Implement parser exclusion list * Implemente Test_Type.active flag * Minor consistency formatting * Sort in engagement view
-
* Repair stub findings * Repair stub findings * Integration test for delete * flake8
Commits on Sep 17, 2021
-
ZAP parser maintenance (#5099)
* Add more unit tests * Adapt few tests with changes in the parser * Implement vuln_id_from_tool * Fix an integration test * Fix last integration test
-
-
-
Commits on Sep 20, 2021
-
Documentation update for settings and reports (#5122)
* Reports * Documentation update for settings and reports * Update docs/content/en/integrations/social-authentication.md Co-authored-by: Damien Carol <damien.carol@gmail.com> Co-authored-by: Damien Carol <damien.carol@gmail.com>
-
Bump gitpython from 3.1.23 to 3.1.24 (#5124)
Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.23 to 3.1.24. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.23...3.1.24) --- updated-dependencies: - dependency-name: gitpython dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
SARIF parser: Fix severity in rule and take into account the kind att…
…ribute (#5125) * Fix severity in rule * Ttake into account the child attribute
Commits on Sep 22, 2021
-
* created and moved files to readme docs folder * Update README.md * standarizing folders * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Add files via upload * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Create README.md * Update README.md * Add files via upload * Add files via upload * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Add files via upload * Fix broken links * Update README.md * Downgrades openpyxl to latest version (3.0.7) * Update MAINTAINERS.md * Update MAINTAINERS.md Co-authored-by: Maffooch <maffouch@hotmail.com>
-
Helm - Add DD_DATABASE_NAME env (#5109)
* Helm - Add DD_DATABASE_NAME env * Bump chart version Co-authored-by: Vladislav Popov <vipopov@sber-solutions.ru>
-
Fixes build statuses, corrects image pointers, and removes outdated s…
…ponsorship info (#5133)
-
Bump drf-spectacular from 0.18.2 to 0.19.0 (#5139)
Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.18.2 to 0.19.0. - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](tfranzel/drf-spectacular@0.18.2...0.19.0) --- updated-dependencies: - dependency-name: drf-spectacular dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump google-api-python-client from 2.21.0 to 2.22.0 (#5138)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.21.0 to 2.22.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.21.0...v2.22.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Update dependency postcss from 8.3.6 to v8.3.7 (docs/package.json) (#…
…5136) Co-authored-by: Renovate Bot <bot@renovateapp.com>
-
Enhancements for KICS scans (#5131)
* Enhancements for KICS scans * flake8
-
Update dependency autoprefixer from 10.3.4 to v10.3.5 (docs/package.j…
…son) (#5135) Co-authored-by: Renovate Bot <bot@renovateapp.com>
-
-
Commits on Sep 23, 2021
-
Bump urllib3 from 1.26.6 to 1.26.7 (#5147)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.6 to 1.26.7. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/1.26.7/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.6...1.26.7) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump sqlalchemy from 1.4.23 to 1.4.25 (#5146)
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.23 to 1.4.25. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/master/CHANGES) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump openpyxl from 3.0.7 to 3.0.9 (#5145)
Bumps [openpyxl](https://openpyxl.readthedocs.io) from 3.0.7 to 3.0.9. --- updated-dependencies: - dependency-name: openpyxl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Sep 24, 2021
-
Update dependency postcss-cli from 8.3.1 to v9 (docs/package.json) (#…
…5150) Co-authored-by: Renovate Bot <bot@renovateapp.com>
-
Update actions/github-script action from v4 to v5 (.github/workflows/…
…new-release-pr.yml) (#5149) Co-authored-by: Renovate Bot <bot@renovateapp.com>
Commits on Sep 25, 2021
-
Update rabbitmq Docker tag from 3.9.5 to v3.9.7 (docker-compose.yml) (#…
…5152) Co-authored-by: Renovate Bot <bot@renovateapp.com>
-
Export findings to CSV and Excel (#5148)
* Export findings to CSV and Excel * Handling of foreign keys and more excludes * flake8 * Migrate to openpyxl * Integration tests * remove buttons for excel and csv * comment for innerHTML exception * include endpoints in exports * add more time to wait for files
-
Update dependency postcss from 8.3.7 to v8.3.8 (docs/package.json) (#…
…5153) Co-authored-by: Renovate Bot <bot@renovateapp.com>
-
Commits on Sep 26, 2021
-
Update dependency autoprefixer from 10.3.5 to v10.3.6 (docs/package.j…
…son) (#5157) Co-authored-by: Renovate Bot <bot@renovateapp.com>
Commits on Sep 27, 2021
-
Bump datatables.net-buttons-bs from 2.0.0 to 2.0.1 in /components (#5164
) Bumps [datatables.net-buttons-bs](https://github.com/DataTables/Dist-DataTables-Buttons-Bootstrap) from 2.0.0 to 2.0.1. - [Release notes](https://github.com/DataTables/Dist-DataTables-Buttons-Bootstrap/releases) - [Commits](DataTables/Dist-DataTables-Buttons-Bootstrap@2.0.0...2.0.1) --- updated-dependencies: - dependency-name: datatables.net-buttons-bs dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump datatables.net-dt from 1.11.2 to 1.11.3 in /components (#5163)
Bumps [datatables.net-dt](https://github.com/DataTables/Dist-DataTables-DataTables) from 1.11.2 to 1.11.3. - [Release notes](https://github.com/DataTables/Dist-DataTables-DataTables/releases) - [Commits](DataTables/Dist-DataTables-DataTables@1.11.2...1.11.3) --- updated-dependencies: - dependency-name: datatables.net-dt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump django-filter from 2.4.0 to 21.1 (#5161)
Bumps [django-filter](https://github.com/carltongibson/django-filter) from 2.4.0 to 21.1. - [Release notes](https://github.com/carltongibson/django-filter/releases) - [Changelog](https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst) - [Commits](carltongibson/django-filter@2.4.0...21.1) --- updated-dependencies: - dependency-name: django-filter dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump datatables.net-buttons-dt from 2.0.0 to 2.0.1 in /components (#5165
) Bumps [datatables.net-buttons-dt](https://github.com/DataTables/Dist-DataTables-Buttons-DataTables) from 2.0.0 to 2.0.1. - [Release notes](https://github.com/DataTables/Dist-DataTables-Buttons-DataTables/releases) - [Commits](DataTables/Dist-DataTables-Buttons-DataTables@2.0.0...2.0.1) --- updated-dependencies: - dependency-name: datatables.net-buttons-dt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump datatables.net from 1.11.2 to 1.11.3 in /components (#5162)
Bumps [datatables.net](https://github.com/DataTables/Dist-DataTables) from 1.11.2 to 1.11.3. - [Release notes](https://github.com/DataTables/Dist-DataTables/releases) - [Commits](DataTables/Dist-DataTables@1.11.2...1.11.3) --- updated-dependencies: - dependency-name: datatables.net dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump django-crispy-forms from 1.12.0 to 1.13.0 (#5160)
Bumps [django-crispy-forms](https://github.com/django-crispy-forms/django-crispy-forms) from 1.12.0 to 1.13.0. - [Release notes](https://github.com/django-crispy-forms/django-crispy-forms/releases) - [Changelog](https://github.com/django-crispy-forms/django-crispy-forms/blob/main/CHANGELOG.md) - [Commits](django-crispy-forms/django-crispy-forms@1.12.0...1.13.0) --- updated-dependencies: - dependency-name: django-crispy-forms dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
* Improve bug report template (#5066) * Improve bug report template * Update bug_report.md * Update bug_report.md * Update bug_report.md * Update bug_report.md * Update gh-pages.yml * Reverts gh-pages back to dev. Co-authored-by: Greg Anderson <greg.anderson@owasp.org>
-
Commits on Sep 28, 2021
-
fix/add missing/disabled integration tests (#5159)
* add/fix integration tests * set waiting time for exports to 20 seconds * GHA: log always Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>
-
Fix links in installation.md to point to existing files in dev (#5174)
Cleaned up and corrected #5158 to now point to dev in order to fix https://defectdojo.github.io/django-DefectDojo/getting_started/installation/
-
Fix integration test for export of findings (#5177)
* move downloads to media path * reinsert newline
-
Commits on Sep 29, 2021
-
fix import for SonarQube findings without 'htmlDesc' (#5123)
* fix import for SonarQube findings without 'htmlDesc' * add test TestSonarqubeImporterRuleWithoutHtmlDesc * fix import for SonarQube findings without 'htmlDesc' * add test TestSonarqubeImporterRuleWithoutHtmlDesc * fix external rule * add test for external rule * fix line * new line end of file * fix title Co-authored-by: Pavel Ikrenyi <pavel.ikrenyi@pan-net.eu> Co-authored-by: Tomas Kubla <tomas@kubla.sk> Co-authored-by: kiblik <kiblik@gjh.sk>
-
-
Bump google-api-python-client from 2.22.0 to 2.23.0 (#5186)
Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.22.0 to 2.23.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.22.0...v2.23.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Update dependency postcss-cli from 9.0.0 to v9.0.1 (docs/package.json) (
#5175) Co-authored-by: Renovate Bot <bot@renovateapp.com>
-
Bump djangosaml2 from 1.3.3 to 1.3.4 (#5184)
Bumps [djangosaml2](https://github.com/knaperek/djangosaml2) from 1.3.3 to 1.3.4. - [Release notes](https://github.com/knaperek/djangosaml2/releases) - [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES) - [Commits](IdentityPython/djangosaml2@v1.3.3...v1.3.4) --- updated-dependencies: - dependency-name: djangosaml2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Bump google-auth from 2.1.0 to 2.2.1 (#5185)
Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.1.0 to 2.2.1. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python@v2.1.0...v2.2.1) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
Yet another parser: Azure Security Center (#5182)
* implementation of parser * implementation of unit tests * flake8 * use unique_id_from_tool for deduplication
Commits on Sep 30, 2021
-
Custom Test_Type for parsers (modify "Found by" dynamicaly) (#5121)
* Add first shot * Fix missing ref * Fix unit tests for SARIF parser * Fix unit tests * Fix unit tests * Merge #5125 * Fix missing ref * Add more unit tests for importer * Add more unit tests for new code * Add more checks in unit tests * Add comments * Add suffix for UI * Add de-duplication algorithm for SARIF parser * Modify the label of test types * Rename a variable * Rename variable * Rebased on last dev and and more docs+comments * Apply suggestions from code review Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de> Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>
-
Rename Azure Security Center parser (#5189)
* Rename Azure Security Center parser * set hash_code and deduplication algo correct
-
docs: Use https as submodule url of google/docsy.git (#5192)
The https version can be used without registering an SSH key with GitHub
-
Bump cryptography from 3.4.8 to 35.0.0 (#5196)
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.8 to 35.0.0. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@3.4.8...35.0.0) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
SonarQube API Import: set dedup algo (#5194)
* Set SonarQube API Import dedup algo
-
Import SonarQube security hotspots (#4107)
* Get security hotspots using SonarQube API * Fix db migrations for SonarQube API type length * Fix styling issues * Fix db migrations * Fix db migration and remove unnecessary attributes from hotspots * Fix db migration and styling issues * Use textwrap library for hotspot title * Fix styling issues * Fix unit tests * Fix styling issues * Add feature flag to enable/disable security hotspots import * Fix hotspots to get their severity from hotspots and not from rules. * Extend SonarQube unit tests to check for data. * Fix styling issues * Apply requested changes * Fix styling issues * Fix unit test * Fix styling issue * Fix db migrations Co-authored-by: Defect Dojo <jimtsikos>
-
* gha: add pr labeler * gha: add pr labeler
-
* gha: add pr labeler * gha: add pr labeler * gha: add pr labeler
Commits on Oct 1, 2021
-
-
-
Update rabbitmq:3.9.7 Docker digest from 3.9.7 to 3.9.7 (docker-compo…
…se.yml) (#5201) Co-authored-by: Renovate Bot <bot@renovateapp.com>
-
Use additional test types for GitLab SAST (#5203)
* Use additional test types for GitLab SAST
Commits on Oct 2, 2021
Commits on Oct 4, 2021
-
Bandit parser: add de-duplication algorithm (#5206)
* Bandit parser: add de-duplication algorithm * Add new tests * Fix some comments
-
Commits on Oct 5, 2021
-
Add customizable header and footer logo (#5216)
At many organizations, putting their own logo in an application is a desired functionality.
-
Use django-filter for quick reports and CSV and Excel reports (#5170)
fixes #5155 With this PR quick reports and the exports work with all filter setting. This PR includes some refactoring to move the filtering of findings into its own method and removal of 2 superfluous filters.
-
SQ: Fix broken migration 0120 (#5127)
* Fix broken migration 0120 * flake8 * remove "sonarqube_config" to be able to finish migration * add 0125_sonarqube_clean.py * Fix is null * fix flake8 * fix typo * change atomic method * create fix command * fix atomic * fix executor * fix typo * fix typo * fix fix 0120 * fix flake8
-
Switch Finding.publish_date to Date type (DateField) (#5076)
* Switch Finding.publish_date to Date type * Fix db migration * Rename the migration file * Fix migration * Fix eeror in rebase * Update and rename 0125_finding_publish_date.py to 0126_finding_publish_date.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
-
Merge pull request from GHSA-qm5q-2jrx-cch3
* security fixes for GHSA-qm5q-2jrx-cch3 * remove password hashes from auditlog * whitelist for global roles and fix for migration * Update and rename 0125_remove_hashes.py to 0127_remove_hashes.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
-
Maffooch committed
Oct 5, 2021