Release/2.3.0 #5222

Release: Merge back 2.2.0 into dev from: master-into-dev/2.2.0-2.3.0-dev

…se.yml) (#5005) Co-authored-by: Renovate Bot <bot@renovateapp.com>

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.18.0 to 2.19.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.18.0...v2.19.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [django-environ](https://github.com/joke2k/django-environ) from 0.4.5 to 0.5.0. - [Release notes](https://github.com/joke2k/django-environ/releases) - [Changelog](https://github.com/joke2k/django-environ/blob/main/CHANGELOG.rst) - [Commits](joke2k/django-environ@v0.4.5...v0.5.0) --- updated-dependencies: - dependency-name: django-environ dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.17.3 to 0.18.1. - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](tfranzel/drf-spectacular@0.17.3...0.18.1) --- updated-dependencies: - dependency-name: drf-spectacular dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

) Bumps [datatables.net-buttons-dt](https://github.com/DataTables/Dist-DataTables-Buttons-DataTables) from 1.7.1 to 2.0.0. - [Release notes](https://github.com/DataTables/Dist-DataTables-Buttons-DataTables/releases) - [Commits](DataTables/Dist-DataTables-Buttons-DataTables@1.7.1...2.0.0) --- updated-dependencies: - dependency-name: datatables.net-buttons-dt dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

On the report builder we're seeing javascript errors since tuesday august 31st. ``` bootstrap.min.js:6 Uncaught TypeError: Cannot read properties of null (reading 'trigger') at HTMLDivElement.u (bootstrap.min.js:6) at HTMLDivElement.fn (jquery.js:5175) at HTMLDivElement.handle (bootstrap.min.js:6) at HTMLDivElement.dispatch (jquery.js:5430) at HTMLDivElement.elemData.handle (jquery.js:5234) at Object.trigger (jquery.js:8719) at HTMLDivElement.<anonymous> (jquery.js:8797) at Function.each (jquery.js:385) at jQuery.fn.init.each (jquery.js:207) at jQuery.fn.init.trigger (jquery.js:8796) ``` These happen with 2.2.0, 2.1.0 etc. We have a regex in the test suite that ignores this error, but the error message has changed slightly. This PR updates the regex. Also this error happens during manual usage, so I removed the comment about it only happening during integration tests. Apart from the error appearing in the javascript console, the report builders seems to work fin. So it _looks like_ we can keep ignoring this error. I guess we have to because we don't know where it's coming from as the stacktrace only contains bootstrap + jquery code paths.

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.0.1 to 2.0.2. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python@v2.0.1...v2.0.2) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

Bumps [django-tagulous](https://github.com/radiac/django-tagulous) from 1.2.0 to 1.2.1. - [Release notes](https://github.com/radiac/django-tagulous/releases) - [Commits](radiac/django-tagulous@v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: django-tagulous dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.4.5 to 0.4.6. - [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python-oauthlib@v0.4.5...v0.4.6) --- updated-dependencies: - dependency-name: google-auth-oauthlib dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

Bumps [pillow](https://github.com/python-pillow/Pillow) from 8.3.1 to 8.3.2. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst) - [Commits](python-pillow/Pillow@8.3.1...8.3.2) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

Bumps python from 3.8.11-slim-buster to 3.8.12-slim-buster. --- updated-dependencies: - dependency-name: python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [datatables.net-dt](https://github.com/DataTables/Dist-DataTables-DataTables) from 1.10.25 to 1.11.1. - [Release notes](https://github.com/DataTables/Dist-DataTables-DataTables/releases) - [Commits](DataTables/Dist-DataTables-DataTables@1.10.25...1.11.1) --- updated-dependencies: - dependency-name: datatables.net-dt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [django-environ](https://github.com/joke2k/django-environ) from 0.5.0 to 0.6.0. - [Release notes](https://github.com/joke2k/django-environ/releases) - [Changelog](https://github.com/joke2k/django-environ/blob/main/CHANGELOG.rst) - [Commits](joke2k/django-environ@v0.5.0...v0.6.0) --- updated-dependencies: - dependency-name: django-environ dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.18.1 to 0.18.2. - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](tfranzel/drf-spectacular@0.18.1...0.18.2) --- updated-dependencies: - dependency-name: drf-spectacular dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.19.0 to 2.19.1. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.19.0...v2.19.1) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

Bumps [datatables.net](https://github.com/DataTables/Dist-DataTables) from 1.10.25 to 1.11.1. - [Release notes](https://github.com/DataTables/Dist-DataTables/releases) - [Commits](DataTables/Dist-DataTables@1.10.25...1.11.1) --- updated-dependencies: - dependency-name: datatables.net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

On behalf of DB Systel GmbH Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* quote variables * try docker compose v2 in github action * revert docker compose v2 test Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* Better support SARIF ruleId attribute * Add flawfinder data * Fix flake8 errors * fix flake8 errors * Implement mitigation

) Bumps [datatables.net-buttons-bs](https://github.com/DataTables/Dist-DataTables-Buttons-Bootstrap) from 1.7.1 to 2.0.0. - [Release notes](https://github.com/DataTables/Dist-DataTables-Buttons-Bootstrap/releases) - [Commits](DataTables/Dist-DataTables-Buttons-Bootstrap@1.7.1...2.0.0) --- updated-dependencies: - dependency-name: datatables.net-buttons-bs dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

When using the safety parser in environments without internet connection it take a while until the parser using the fallback offline mode. Now you can configure to use offline mode only. On behalf of DB Systel GmbH Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* Implemented dynamic scan import for Veracode * Implemented unit tests for Veracode dynamic finding import. * Corrected reimport unit test errors. * Corrected issues with finding counts in unit tests after adding new dynamic analysis data. Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

Bumps [datatables.net-dt](https://github.com/DataTables/Dist-DataTables-DataTables) from 1.11.1 to 1.11.2. - [Release notes](https://github.com/DataTables/Dist-DataTables-DataTables/releases) - [Commits](DataTables/Dist-DataTables-DataTables@1.11.1...1.11.2) --- updated-dependencies: - dependency-name: datatables.net-dt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…son) (#5062) Co-authored-by: Renovate Bot <bot@renovateapp.com>

…ose.yml) (#5061) Co-authored-by: Renovate Bot <bot@renovateapp.com>

Bumps [datatables.net](https://github.com/DataTables/Dist-DataTables) from 1.11.1 to 1.11.2. - [Release notes](https://github.com/DataTables/Dist-DataTables/releases) - [Commits](DataTables/Dist-DataTables@1.11.1...1.11.2) --- updated-dependencies: - dependency-name: datatables.net dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Release: Merge back 2.2.1 into dev from: master-into-dev/2.2.1-2.3.0-dev

* added fix for django3 change from keyOrder to field_order * removed erronously added file Co-authored-by: Chris Fort <Chris.Fort@lexisnexis.com>

Add a deduplication configuration for Aquasecurity's Cloudsploit

… a string of a list of strings (#5055) Co-authored-by: Axel Pavageau <axel.pavageau@ekino.com>

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.19.1 to 2.20.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.19.1...v2.20.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* changed the severity to display the vulnerability severity rather than the rule severity * changed the severity to display the vulnerability severity rather than the rule severity * changed the severity to display the vulnerability severity rather than the rule severity * changed the severity to display the vulnerability severity rather than the rule severity * changed the severity to display the vulnerability severity rather than the rule severity Co-authored-by: Zeeshan Syed <zsyed@ezesoft.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* Add Cobalt.io API parser Add a second parser for Cobalt.io that is intended for importing findings from the the Cobalt API's /findings endpoint [1]. As is, the user is expected to fetch the findings - scoped as they see fit - from the API themselves and upload the JSON as is to DefectDojo. -- 1. https://docs.cobalt.io/#get-specific-findings * Covert Cobalt.io API parser into an "importer" Convert the Cobalt.io API parser into a parser that imports findings from the API given (1) a _Tool Configuration_ with the Cobalt API token and a Cobalt "Org" token, and (2) a product-level Cobalt.io configuraton for the "Asset" from which to import findings. * Fix whitespace & f-string mistakes * Resolve a11y issue on Cobalt.io Configurations page * Update Cobalt.io API parser - Remove author metadata - Set `dynamic_finding` of findings to True. * Update Cobalt.io API parser unit tests * Refactor: use textwrap for Cobalt finding title * Remove explicit numerical_severity from Cobalt API parser Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>

* Create validatededupeconfig.py This script will solve issue #3666 by checking for deduplication configuration at startup. * Update validatededupeconfig.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Co-authored-by: Maffooch <maffouch@hotmail.com>

) * Add release cadence to README (#4796) * Add release cadence to README * Update README.md * Update README.md Co-authored-by: Damien Carol <damien.carol@gmail.com> Co-authored-by: Damien Carol <damien.carol@gmail.com> * Fix: Active and review parameters are commented due the issue #4598 * Update parser.py * Update parser.py * Remove checks for active/verified in unit tests * Remove README change from rebase * Fix unit tests Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> Co-authored-by: Damien Carol <damien.carol@gmail.com> Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Co-authored-by: Maffooch <maffouch@hotmail.com>

* Fix errors with Spotbugs 4.4.x * Fix flake8 * Fix title problem

Bumps [debugpy](https://github.com/microsoft/debugpy) from 1.4.1 to 1.4.3. - [Release notes](https://github.com/microsoft/debugpy/releases) - [Commits](microsoft/debugpy@v1.4.1...v1.4.3) --- updated-dependencies: - dependency-name: debugpy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

….12.0 (.github/workflows/plantuml.yml) (#5081) Co-authored-by: Renovate Bot <bot@renovateapp.com>

Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.18 to 3.1.23. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.18...3.1.23) --- updated-dependencies: - dependency-name: gitpython dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [django-tagulous](https://github.com/radiac/django-tagulous) from 1.2.1 to 1.3.0. - [Release notes](https://github.com/radiac/django-tagulous/releases) - [Changelog](https://github.com/radiac/django-tagulous/blob/develop/docs/changelog.rst) - [Commits](radiac/django-tagulous@v1.2.1...v1.3.0) --- updated-dependencies: - dependency-name: django-tagulous dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add more information to findings

Bumps nginx from 1.21.1-alpine to 1.21.3-alpine. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [django-environ](https://github.com/joke2k/django-environ) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/joke2k/django-environ/releases) - [Changelog](https://github.com/joke2k/django-environ/blob/main/CHANGELOG.rst) - [Commits](joke2k/django-environ@v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: django-environ dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [openpyxl](https://openpyxl.readthedocs.io) from 3.0.7 to 3.0.8. --- updated-dependencies: - dependency-name: openpyxl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Added ability to use business days or calendar days * Update settings.dist.py comment formatting * Updated variables in settings.dist.py * Updated comment * updated models * updated models Co-authored-by: Nick Cleary <nicholas.cleary@sherwin.com> Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>

…ive (#4910) * Update dependency_check/parser.py Change "dependency_filename" to "dependency_filepath" in "file_path" variable * Move filepath to description * Move description addition to after title is set * Correct unit tests Co-authored-by: valentijnscholten <valentijnscholten@gmail.com> Co-authored-by: Maffooch <maffouch@hotmail.com>

* Improve detect-secrets parser * Fix description data * Adap tests

* initial commit * spacings and help icons * further ui improvements * fixed integration tests

Bumps [numpy](https://github.com/numpy/numpy) from 1.19.5 to 1.21.2. - [Release notes](https://github.com/numpy/numpy/releases) - [Changelog](https://github.com/numpy/numpy/blob/main/doc/HOWTO_RELEASE.rst.txt) - [Commits](numpy/numpy@v1.19.5...v1.21.2) --- updated-dependencies: - dependency-name: numpy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Change secrets severity * Adapt secrets severity in unit tests

* calendar integration test enhancement * fix calendar with bootstrap chosen * fix test

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.20.0 to 2.21.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.20.0...v2.21.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.0.2 to 2.1.0. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python@v2.0.2...v2.1.0) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Make scan type list rely on Dhynamic parser infra. * Fix flake8 errors * Fix flake8 errors * Remove old loader * Fix import error * Clean factory * Fix import error * Update doc * Fix error in adhoc add a test * Add missing command * remove modifcation * Fix EOL * Fix initializer * Fix error in the initializer * Fix useless code * Implement parser exclusion list * Implemente Test_Type.active flag * Minor consistency formatting * Sort in engagement view

* Repair stub findings * Repair stub findings * Integration test for delete * flake8

* Add more unit tests * Adapt few tests with changes in the parser * Implement vuln_id_from_tool * Fix an integration test * Fix last integration test

* Reports * Documentation update for settings and reports * Update docs/content/en/integrations/social-authentication.md Co-authored-by: Damien Carol <damien.carol@gmail.com> Co-authored-by: Damien Carol <damien.carol@gmail.com>

Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.23 to 3.1.24. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.23...3.1.24) --- updated-dependencies: - dependency-name: gitpython dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…ribute (#5125) * Fix severity in rule * Ttake into account the child attribute

* created and moved files to readme docs folder * Update README.md * standarizing folders * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Add files via upload * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Create README.md * Update README.md * Add files via upload * Add files via upload * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Add files via upload * Fix broken links * Update README.md * Downgrades openpyxl to latest version (3.0.7) * Update MAINTAINERS.md * Update MAINTAINERS.md Co-authored-by: Maffooch <maffouch@hotmail.com>

* Helm - Add DD_DATABASE_NAME env * Bump chart version Co-authored-by: Vladislav Popov <vipopov@sber-solutions.ru>

…ponsorship info (#5133)

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.18.2 to 0.19.0. - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](tfranzel/drf-spectacular@0.18.2...0.19.0) --- updated-dependencies: - dependency-name: drf-spectacular dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.21.0 to 2.22.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.21.0...v2.22.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…5136) Co-authored-by: Renovate Bot <bot@renovateapp.com>

* Enhancements for KICS scans * flake8

…son) (#5135) Co-authored-by: Renovate Bot <bot@renovateapp.com>

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.6 to 1.26.7. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/1.26.7/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.6...1.26.7) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.23 to 1.4.25. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/master/CHANGES) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [openpyxl](https://openpyxl.readthedocs.io) from 3.0.7 to 3.0.9. --- updated-dependencies: - dependency-name: openpyxl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…5150) Co-authored-by: Renovate Bot <bot@renovateapp.com>

…new-release-pr.yml) (#5149) Co-authored-by: Renovate Bot <bot@renovateapp.com>

…5152) Co-authored-by: Renovate Bot <bot@renovateapp.com>

* Export findings to CSV and Excel * Handling of foreign keys and more excludes * flake8 * Migrate to openpyxl * Integration tests * remove buttons for excel and csv * comment for innerHTML exception * include endpoints in exports * add more time to wait for files

…5153) Co-authored-by: Renovate Bot <bot@renovateapp.com>

…son) (#5157) Co-authored-by: Renovate Bot <bot@renovateapp.com>

Fixes an issue introduced in #5064, which was supposed to fix merging. Tested and merging now works.

) Bumps [datatables.net-buttons-bs](https://github.com/DataTables/Dist-DataTables-Buttons-Bootstrap) from 2.0.0 to 2.0.1. - [Release notes](https://github.com/DataTables/Dist-DataTables-Buttons-Bootstrap/releases) - [Commits](DataTables/Dist-DataTables-Buttons-Bootstrap@2.0.0...2.0.1) --- updated-dependencies: - dependency-name: datatables.net-buttons-bs dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [datatables.net-dt](https://github.com/DataTables/Dist-DataTables-DataTables) from 1.11.2 to 1.11.3. - [Release notes](https://github.com/DataTables/Dist-DataTables-DataTables/releases) - [Commits](DataTables/Dist-DataTables-DataTables@1.11.2...1.11.3) --- updated-dependencies: - dependency-name: datatables.net-dt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [django-filter](https://github.com/carltongibson/django-filter) from 2.4.0 to 21.1. - [Release notes](https://github.com/carltongibson/django-filter/releases) - [Changelog](https://github.com/carltongibson/django-filter/blob/main/CHANGES.rst) - [Commits](carltongibson/django-filter@2.4.0...21.1) --- updated-dependencies: - dependency-name: django-filter dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

) Bumps [datatables.net-buttons-dt](https://github.com/DataTables/Dist-DataTables-Buttons-DataTables) from 2.0.0 to 2.0.1. - [Release notes](https://github.com/DataTables/Dist-DataTables-Buttons-DataTables/releases) - [Commits](DataTables/Dist-DataTables-Buttons-DataTables@2.0.0...2.0.1) --- updated-dependencies: - dependency-name: datatables.net-buttons-dt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [datatables.net](https://github.com/DataTables/Dist-DataTables) from 1.11.2 to 1.11.3. - [Release notes](https://github.com/DataTables/Dist-DataTables/releases) - [Commits](DataTables/Dist-DataTables@1.11.2...1.11.3) --- updated-dependencies: - dependency-name: datatables.net dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [django-crispy-forms](https://github.com/django-crispy-forms/django-crispy-forms) from 1.12.0 to 1.13.0. - [Release notes](https://github.com/django-crispy-forms/django-crispy-forms/releases) - [Changelog](https://github.com/django-crispy-forms/django-crispy-forms/blob/main/CHANGELOG.md) - [Commits](django-crispy-forms/django-crispy-forms@1.12.0...1.13.0) --- updated-dependencies: - dependency-name: django-crispy-forms dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Improve bug report template (#5066) * Improve bug report template * Update bug_report.md * Update bug_report.md * Update bug_report.md * Update bug_report.md * Update gh-pages.yml * Reverts gh-pages back to dev. Co-authored-by: Greg Anderson <greg.anderson@owasp.org>

* add/fix integration tests * set waiting time for exports to 20 seconds * GHA: log always Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

Cleaned up and corrected #5158 to now point to dev in order to fix https://defectdojo.github.io/django-DefectDojo/getting_started/installation/

* move downloads to media path * reinsert newline

* fix import for SonarQube findings without 'htmlDesc' * add test TestSonarqubeImporterRuleWithoutHtmlDesc * fix import for SonarQube findings without 'htmlDesc' * add test TestSonarqubeImporterRuleWithoutHtmlDesc * fix external rule * add test for external rule * fix line * new line end of file * fix title Co-authored-by: Pavel Ikrenyi <pavel.ikrenyi@pan-net.eu> Co-authored-by: Tomas Kubla <tomas@kubla.sk> Co-authored-by: kiblik <kiblik@gjh.sk>

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.22.0 to 2.23.0. - [Release notes](https://github.com/googleapis/google-api-python-client/releases) - [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md) - [Commits](googleapis/google-api-python-client@v2.22.0...v2.23.0) --- updated-dependencies: - dependency-name: google-api-python-client dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

#5175) Co-authored-by: Renovate Bot <bot@renovateapp.com>

Bumps [djangosaml2](https://github.com/knaperek/djangosaml2) from 1.3.3 to 1.3.4. - [Release notes](https://github.com/knaperek/djangosaml2/releases) - [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES) - [Commits](IdentityPython/djangosaml2@v1.3.3...v1.3.4) --- updated-dependencies: - dependency-name: djangosaml2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.1.0 to 2.2.1. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python@v2.1.0...v2.2.1) --- updated-dependencies: - dependency-name: google-auth dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* implementation of parser * implementation of unit tests * flake8 * use unique_id_from_tool for deduplication

* Add first shot * Fix missing ref * Fix unit tests for SARIF parser * Fix unit tests * Fix unit tests * Merge #5125 * Fix missing ref * Add more unit tests for importer * Add more unit tests for new code * Add more checks in unit tests * Add comments * Add suffix for UI * Add de-duplication algorithm for SARIF parser * Modify the label of test types * Rename a variable * Rename variable * Rebased on last dev and and more docs+comments * Apply suggestions from code review Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de> Co-authored-by: Stefan Fleckenstein <stefan.fleckenstein@maibornwolff.de>

* Rename Azure Security Center parser * set hash_code and deduplication algo correct

The https version can be used without registering an SSH key with GitHub

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.4.8 to 35.0.0. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@3.4.8...35.0.0) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Set SonarQube API Import dedup algo

* Get security hotspots using SonarQube API * Fix db migrations for SonarQube API type length * Fix styling issues * Fix db migrations * Fix db migration and remove unnecessary attributes from hotspots * Fix db migration and styling issues * Use textwrap library for hotspot title * Fix styling issues * Fix unit tests * Fix styling issues * Add feature flag to enable/disable security hotspots import * Fix hotspots to get their severity from hotspots and not from rules. * Extend SonarQube unit tests to check for data. * Fix styling issues * Apply requested changes * Fix styling issues * Fix unit test * Fix styling issue * Fix db migrations Co-authored-by: Defect Dojo <jimtsikos>

* gha: add pr labeler * gha: add pr labeler

* gha: add pr labeler * gha: add pr labeler * gha: add pr labeler

…se.yml) (#5201) Co-authored-by: Renovate Bot <bot@renovateapp.com>

* Use additional test types for GitLab SAST

* Bandit parser: add de-duplication algorithm * Add new tests * Fix some comments

At many organizations, putting their own logo in an application is a desired functionality.

* Fix BulkEdit severity dropdown after #4766 * Add fix to view test

fixes #5155 With this PR quick reports and the exports work with all filter setting. This PR includes some refactoring to move the filtering of findings into its own method and removal of 2 superfluous filters.

* Fix broken migration 0120 * flake8 * remove "sonarqube_config" to be able to finish migration * add 0125_sonarqube_clean.py * Fix is null * fix flake8 * fix typo * change atomic method * create fix command * fix atomic * fix executor * fix typo * fix typo * fix fix 0120 * fix flake8

* Switch Finding.publish_date to Date type * Fix db migration * Rename the migration file * Fix migration * Fix eeror in rebase * Update and rename 0125_finding_publish_date.py to 0126_finding_publish_date.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>

* security fixes for GHSA-qm5q-2jrx-cch3 * remove password hashes from auditlog * whitelist for global roles and fix for migration * Update and rename 0125_remove_hashes.py to 0127_remove_hashes.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>

Commits on Sep 12, 2021

Changed dropdown button color to white for better visibility (#5074 )

blakeaowens committed Sep 12, 2021

Copy the full SHA

99e0210 View commit details

Browse the repository at this point in the history

Commits on Oct 2, 2021

Set Argon2 as default password hasher (#5205 )

valentijnscholten committed Oct 2, 2021

Copy the full SHA

39f4dfd View commit details

Browse the repository at this point in the history

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release/2.3.0 #5222

Release/2.3.0 #5222

Commits on Aug 31, 2021

Commits on Sep 6, 2021

Commits on Sep 7, 2021

Commits on Sep 8, 2021

Commits on Sep 9, 2021

Commits on Sep 10, 2021

Commits on Sep 11, 2021

Commits on Sep 12, 2021

Commits on Sep 13, 2021

Commits on Sep 14, 2021

Commits on Sep 15, 2021

Commits on Sep 16, 2021

Commits on Sep 17, 2021

Commits on Sep 20, 2021

Commits on Sep 22, 2021

Commits on Sep 23, 2021

Commits on Sep 24, 2021

Commits on Sep 25, 2021

Commits on Sep 26, 2021

Commits on Sep 27, 2021

Commits on Sep 28, 2021

Commits on Sep 29, 2021

Commits on Sep 30, 2021

Commits on Oct 1, 2021

Commits on Oct 2, 2021

Commits on Oct 4, 2021

Commits on Oct 5, 2021