Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: Merge release into master from: release/2.34.4 #10231

Merged
merged 7 commits into from
May 20, 2024
Merged

Release: Merge release into master from: release/2.34.4 #10231

merged 7 commits into from
May 20, 2024

Conversation

github-actions[bot]
Copy link
Contributor

Release triggered by Maffooch

DefectDojo release bot and others added 7 commits May 13, 2024 17:43
Update versions in application files
8c2fe51
@Maffooch
Merge pull request #10195 from DefectDojo/master-into-bugfix/2.34.3-2…
be9b861 
….35.0-dev

Release: Merge back 2.34.3 into bugfix from: master-into-bugfix/2.34.3-2.35.0-dev
@manuel-sommer @cneill
🐛 reset description in progpilot after each finding (#10210)
cc8b8d8 
* 🐛 reset description in progpilot after each finding

* Update dojo/tools/progpilot/parser.py

---------

Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
@manuel-sommer
🐛 fix SARIF, issue #10191 (#10200)
b12fc58
@dogboat
Make endpoint names visible in reports (#10230)
ebc199b 
* report-endpoint-name-style-fix Add panel-default class to endpoint name panel on reports so it can be seen (previously white text on white background)

* Update helm lock file

Signed-off-by: DefectDojo <defectdojo-project@owasp.org>

* Revert "Update helm lock file"

This reverts commit f89fb27.

---------

Signed-off-by: DefectDojo <defectdojo-project@owasp.org>
Co-authored-by: DefectDojo <defectdojo-project@owasp.org>
@Maffooch
Test_Import: Correct exception for multiple findings in the same obje…
63a7eb5 
…ct (#10226)
Update versions in application files
186ad36
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented May 20, 2024
edited
Loading

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer 0 findings
Sensitive Files Analyzer 1 finding
AppSec Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Secrets Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code changes cover a range of updates and improvements across multiple files in the DefectDojo application. The changes include:

  1. Dependency Updates: The package.json file has been updated to include the latest versions of various dependencies, which is a good security practice to address known vulnerabilities.
  2. Reimport Process Improvement: The default_reimporter.py file has been updated to improve the accuracy of the reimport process, ensuring that new, reactivated, and untouched findings are properly categorized.
  3. Version Updates: The __init__.py and Helm chart Chart.yaml files have been updated to reflect the new version of the DefectDojo application (2.34.4).
  4. HTML Report Template Update: The custom_html_report_endpoint_list.html template has been updated to improve the presentation and formatting of the custom HTML report.
  5. SARIF Parser Improvements: The test_sarif_parser.py and parser.py files have been updated to improve the handling of SARIF reports, including the parsing of severity information and edge cases.
  6. Progpilot Parser Update: The parser.py file in the dojo/tools/progpilot module has been updated to improve the handling of the description variable when processing Progpilot security scan results.

From an application security perspective, these changes generally address various maintenance and improvement tasks, with a focus on enhancing the reliability, accuracy, and security of the DefectDojo application. The updates to dependencies, the reimport process, and the SARIF and Progpilot parsers are particularly noteworthy, as they directly impact the application's ability to accurately identify and manage security vulnerabilities.

Files Changed:

  1. components/package.json: Updated the application version and dependency versions.
  2. dojo/importers/default_reimporter.py: Improved the accuracy of the reimport process.
  3. dojo/__init__.py: Updated the application version.
  4. dojo/templates/dojo/custom_html_report_endpoint_list.html: Updated the HTML report template.
  5. helm/defectdojo/Chart.yaml: Updated the Helm chart version and the underlying application version.
  6. unittests/tools/test_sarif_parser.py: Added a new test case to improve the SARIF parser.
  7. dojo/tools/progpilot/parser.py: Updated the handling of the description variable in the Progpilot parser.
  8. dojo/tools/sarif/parser.py: Improved the handling of the security-severity property in the SARIF parser.

Powered by DryRun Security

@Maffooch Maffooch closed this May 20, 2024
@Maffooch Maffooch reopened this May 20, 2024
@Maffooch Maffooch merged commit 618a0a5 into master May 20, 2024
120 checks passed
@Maffooch Maffooch deleted the release/2.34.4 branch July 9, 2024 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
helm parser ui unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Maffooch @manuel-sommer @dogboat