Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Close Findings: Push notes if push notes is enabled #10581

Merged
merged 1 commit into from
Jul 19, 2024
Merged

Close Findings: Push notes if push notes is enabled #10581

merged 1 commit into from
Jul 19, 2024

Conversation

Maffooch
Copy link
Contributor

when I have push notes enabled in a product with manually synced findings to JIRA and I close the finding with a note, I expect the note to also get synced to JIRA

[sc-6729]

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request focuses on improving the integration between the DefectDojo application and the JIRA issue tracking system when closing a finding, including checking for associated JIRA issues, determining if automatic sync should occur, adding comments to JIRA issues, and saving the finding and pushing changes to JIRA for finding groups.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the integration between the DefectDojo
application and the JIRA issue tracking system when closing a finding. The key changes include:

  1. Checking if the finding has a JIRA issue associated with it or if the finding is part of a
    finding group that has a JIRA issue.
  2. Determining if any automatic sync should occur based on the "is_push_all_issues" function
    and the "finding_jira_sync" attribute of the JIRA instance.
  3. Adding a comment to the JIRA issue if the finding is not part of a finding group and the
    automatic sync conditions are met.
  4. Saving the finding and, if the finding is part of a finding group, pushing the changes to
    JIRA for the entire finding group.

From an application security perspective, these changes help maintain synchronization between
the DefectDojo application and the JIRA issue tracking system, which is important for effective
issue management and reporting. The handling of finding groups is also a necessary consideration
for applications that use this feature to manage related findings.

Files Changed:

  • dojo/finding/views.py: This file contains the "close_finding" function, which has been
    updated to handle the JIRA integration when closing a finding. The changes ensure that any
    associated JIRA issues are updated accordingly, both for individual findings and for finding
    groups. This improves the overall integration between the DefectDojo application and the
    JIRA issue tracking system.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Jul 18, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit c46b08d into DefectDojo:bugfix Jul 19, 2024
124 checks passed
@Maffooch Maffooch deleted the bugs branch July 19, 2024 19:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grendel513 grendel513 grendel513 approved these changes

@cneill cneill cneill approved these changes

@mtesauro mtesauro mtesauro approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees
No one assigned
Labels
bugfix jira
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Maffooch @grendel513 @cneill @mtesauro @blakeaowens