Finding Open/Close/Review: Enforce more status standardization #10606
Conversation
DryRun Security SummaryThe pull request focuses on improving the functionality of the Defect Dojo application, specifically related to the handling of finding review and closure, without introducing any obvious security concerns, and aims to enhance the application's workflow and data integrity. Expand for full summarySummary: The code changes in this pull request are focused on improving the functionality of the Defect Dojo application, specifically related to the handling of finding review and closure. The changes do not introduce any obvious security concerns and instead aim to enhance the application's workflow and data integrity. The first change adds a new field called "is_mitigated" to the ClearFindingReviewForm, allowing users to update the mitigation status of a finding when clearing its review status. This is a minor update that does not raise any significant security red flags. The second set of changes is related to the close_finding function in the dojo/finding/views.py file. These changes ensure that the finding's review status, last reviewed information, risk acceptance, and JIRA integration are properly handled when a finding is closed. This helps maintain the integrity and traceability of the findings within the application, which is crucial for effective vulnerability management and security posture. Files Changed:
Code AnalysisWe ran
Riskiness🟢 Risk threshold not exceeded. |
|
under_reviewflag is set toFalsewhen reopening or closing a finding[sc-3366]