Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Syncs with upstream dev #106

Merged
merged 38 commits into from
Jan 4, 2024
Merged

Syncs with upstream dev #106

merged 38 commits into from
Jan 4, 2024

Conversation

inesmartins-swordhealth
Copy link

No description provided.

dependabot bot and others added 30 commits December 27, 2023 11:10
@dependabot
Bump boto3 from 1.34.6 to 1.34.8 (#9229)
54e77f5 
Bumps [boto3](https://github.com/boto/boto3) from 1.34.6 to 1.34.8.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](boto/boto3@1.34.6...1.34.8)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump boto3 from 1.34.8 to 1.34.9 (#9237)
5d523a0 
Bumps [boto3](https://github.com/boto/boto3) from 1.34.8 to 1.34.9.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](boto/boto3@1.34.8...1.34.9)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump coverage from 7.3.4 to 7.4.0 (#9239)
c62bfed 
Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.3.4 to 7.4.0.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](nedbat/coveragepy@7.3.4...7.4.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump djangosaml2 from 1.8.0 to 1.9.0 (#9238)
f83ba23 
Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/IdentityPython/djangosaml2/releases)
- [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES)
- [Commits](IdentityPython/djangosaml2@v1.8.0...v1.9.0)

---
updated-dependencies:
- dependency-name: djangosaml2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump python-gitlab from 4.2.0 to 4.3.0 (#9236)
01665b0 
Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/python-gitlab/python-gitlab/releases)
- [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md)
- [Commits](python-gitlab/python-gitlab@v4.2.0...v4.3.0)

---
updated-dependencies:
- dependency-name: python-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@renovate
Update rabbitmq Docker tag from 3.12.10 to v3.12.11 (docker-compose.y…
2ffff83 
…ml) (#9233)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@dependabot
Bump openapitools/openapi-generator-cli from v7.1.0 to v7.2.0 (#9218)
7381e5f 
Bumps openapitools/openapi-generator-cli from v7.1.0 to v7.2.0.

---
updated-dependencies:
- dependency-name: openapitools/openapi-generator-cli
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump nginx from 3923f8d to a59278f (#9217)
6d4070f 
Bumps nginx from `3923f8d` to `a59278f`.

---
updated-dependencies:
- dependency-name: nginx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@manuel-sommer
🐛 fix issue #9221 (#9222)
c1bbf1e
@manuel-sommer
Trivy: Add k8 cluster resource objects (#9215)
87ce8ec 
* 🐛 fix issue #9170

* typo

* update according to review comment
@dsever
Pinning of django versions into a helm release (#9160)
0e010bf 
* Pin docker version

* fix indent

* Fix name for helm release action
@manuel-sommer
🎉 remove unnecessary unique_id_from_tool in settings.dist.py (#9188)
4c0b8fd 
* 🎉 unittest to help remove unnecessary lines in settings.dist.py

* 🐛 fix according to unittest

* update according to review comment
@manuel-sommer
fix typos in importing documentation (#9093)
32d5c13 
* fix typos in importing documentation

* update according to review comment
@manuel-sommer
🐛 fix error 500 for ssh-audit (#9228)
bd9f81f
@manuel-sommer
🎉 implement ms defender parser #8908 (#9232)
d19cea8 
* 🎉 implement ms defender parser #8908

* flake8

* fix

* fix
@kiblik
Drop DEV branch from release-drafter (#9230)
80ee67a 
There are no releases on the `dev` branch
@Maffooch
Improve Request Review Notifications (#9227)
dd84657
@ninp0
Parser - Black Duck Binary Analysis (#9163)
775d75c 
* Initial implementation of Black Duck Binary Analysis Parser

* Initial implementation of Black Duck Binary Analysis Parser

* Initial implementation of Black Duck Binary Analysis Parser #flake8

* Initial implementation of Black Duck Binary Analysis Parser #dedupe_algo

* Initial implementation of Black Duck Binary Analysis Parser #dedupe_algo_bugfix

* Initial implementation of Black Duck Binary Analysis Parser #extend_unittests_and_integrate_sha1_into_title

* Initial implementation of Black Duck Binary Analysis Parser #extend_unittests_include_report_path

* Initial implementation of Black Duck Binary Analysis Parser - update title since CVE can sometimes be blank (i.e. replacing CVE w/ Object SHA1)

* Initial implementation of Black Duck Binary Analysis Parser - settings.dist.py #tweak

* Initial implementation of Black Duck Binary Analysis Parser - parser.py, #bugfix in mismatched title

* Initial implementation of Black Duck Binary Analysis Parser - Make Dedupe more resilient as it's also possible to have the same components in different object paths despite being the same object

* Initial implementation of Black Duck Binary Analysis Parser - parser.py, #bugfix in mismatched description

* Initial implementation of Black Duck Binary Analysis Parser - parser.py, slight tweak in description

* Initial implementation of Black Duck Binary Analysis Parser - Make Dedupe more resilient as it's also possible for the same components in the same object full path to have different CVEs.  There's also circumstances in which a component may not have a CVE.

* Initial implementation of Black Duck Binary Analysis Parser - Slight tweak in Dedupe verification.  Rely upon Object SHA1 in unique_id_from_tool field instead of including the object SHA1 in the title (i.e. reduce characters in title and make more readable).

* Initial implementation of Black Duck Binary Analysis Parser - more resilient cvss score calculation

* Initial implementation of Black Duck Binary Analysis Parser - more resilient cvss score calculation #bugfix

* Initial implementation of Black Duck Binary Analysis Parser - more resilient cvss score calculation #flake8

* Initial implementation of Black Duck Binary Analysis Parser - if CVSS3 is available, update finding.cvssv3 && cvssv3_score.  Otherwise, populate severity justification w/ CVSS2 vector and score

* Initial implementation of Black Duck Binary Analysis Parser - if CVSS3 is available, update finding.cvssv3 && cvssv3_score.  Otherwise, populate severity justification w/ CVSS2 vector and score #bugfix

* Initial implementation of Black Duck Binary Analysis Parser - if CVSS3 is available, update finding.cvssv3 && cvssv3_score.  Otherwise, populate severity justification w/ CVSS2 vector and score #bugfix2

* Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2.  If CVSSv2 is the only one available, use it else if nothing else set to Info

* Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2.  If CVSSv2 is the only one available, use it else if nothing else set to Info #bugfix

* Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2.  If CVSSv2 is the only one available, use it else if nothing else set to Info #simplify

* Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2.  If CVSSv2 is the only one available, use it else if nothing else set to Info #bugfixes

* Initial implementation of Black Duck Binary Analysis Parser - prefer CVSSv3 over CVSSv2.  If CVSSv2 is the only one available, use it else if nothing else set to Info #more_bugfixes

* Initial implementation of Black Duck Binary Analysis Parser - CVSSv2 vector massaging

* Initial implementation of Black Duck Binary Analysis Parser - #bugfixes in unit tests.

* Initial implementation of Black Duck Binary Analysis Parser - #bugfixes in unit tests...include get_unit_tests_path during import.

* Initial implementation of Black Duck Binary Analysis Parser - #more_bugfixes in unit test

* Initial implementation of Black Duck Binary Analysis Parser - Preserve original report name to include in description

* Initial implementation of Black Duck Binary Analysis Parser - Preserve original report name to include in description #bugfix

* Initial implementation of Black Duck Binary Analysis Parser - Enrich documentation

* Initial implementation of Black Duck Binary Analysis Parser - 1. update unit test to check for expected fields.\n2. Update how dedupe is derived.\nImplement suggested changes per @Maffooch feedback.

* Initial implementation of Black Duck Binary Analysis Parser - 1. unit test #tweak

* Initial implementation of Black Duck Binary Analysis Parser - 1. unit test #tweak
@manuel-sommer
Trivy: Improve package path parsing behavior (#9235)
957a37d 
* 🐛 fix issue #9234

* retrigger failed pipeline with additional unittest
@manuel-sommer
🐛 fix typo for MSDefender in settings.dist.py (#9249)
31cbc36
Update versions in application files
744687e
@Maffooch
Merge pull request #9259 from DefectDojo/release/2.30.0
e6313e0 
Release: Merge release into master from: release/2.30.0
@dependabot
Bump boto3 from 1.34.9 to 1.34.11 (#9254)
3dba304 
Bumps [boto3](https://github.com/boto/boto3) from 1.34.9 to 1.34.11.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](boto/boto3@1.34.9...1.34.11)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Maffooch
Update release-x-manual-helm-chart.yml
7a9ab2f
@Maffooch
Update release-x-manual-helm-chart.yml
f387167
Update versions in application files
b4739ce
@Maffooch
Merge pull request #9261 from DefectDojo/master-into-dev/2.30.0-2.31.…
f4cb7bd 
…0-dev

Release: Merge back 2.30.0 into dev from: master-into-dev/2.30.0-2.31.0-dev
@dependabot
Bump lxml from 4.9.4 to 5.0.0 (#9251)
af66030 
Bumps [lxml](https://github.com/lxml/lxml) from 4.9.4 to 5.0.0.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-4.9.4...lxml-5.0.0)

---
updated-dependencies:
- dependency-name: lxml
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@renovate
Update rabbitmq:3.12.11-alpine Docker digest from 3.12.11 to 3.12.11-…
5cd53bc 
…alpine (docker-compose.yml) (#9240)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@dependabot
Bump sqlalchemy from 2.0.23 to 2.0.24 (#9244)
960859f 
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.23 to 2.0.24.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot bot and others added 8 commits January 2, 2024 12:35
@dependabot
Bump drf-spectacular-sidecar from 2023.12.1 to 2024.1.1 (#9252)
b329ee6 
Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2023.12.1 to 2024.1.1.
- [Commits](tfranzel/drf-spectacular-sidecar@2023.12.1...2024.1.1)

---
updated-dependencies:
- dependency-name: drf-spectacular-sidecar
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@renovate
Update manusa/actions-setup-minikube action from v2.9.0 to v2.10.0 (.…
0076894 
…github/workflows/k8s-tests.yml) (#9257)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@dependabot
Bump sqlalchemy from 2.0.24 to 2.0.25 (#9266)
9a98df7 
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.24 to 2.0.25.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump pillow from 10.1.0 to 10.2.0 (#9265)
b5c6b2b 
Bumps [pillow](https://github.com/python-pillow/Pillow) from 10.1.0 to 10.2.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@10.1.0...10.2.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@manuel-sommer
🐛 fix zap, issue #9242 (#9243)
59fab10 
* 🐛 fix zap, issue #9242

* adapt identiation
@kiblik
API: Add Announcements (#9112)
38f4d22 
* Add Announcement to API

* Add test_rest_framework

* Add test_swagger_schema

* Flake8

* Fix count

* Skip test

* Inc db_mig

* Use DojoModelViewSet

* inc db_mig
@manuel-sommer
🐛 None Type in cvss score in Trivy #9263e (#9268)
c0948bb
@MarianG @kiblik
Feature: Add Auditlog Retention and Cleanup (#9208)
4a3f333 
* feat: add auditlog retention

* linting: satisfy flake8

* fix: forgot imports in tasks.py

* fix: add necessary test-data

* Update unittests/test_flush_auditlog.py

Co-authored-by: kiblik <kiblik@gjh.sk>

* Update unittests/test_flush_auditlog.py

Co-authored-by: kiblik <kiblik@gjh.sk>

* Update unittests/test_flush_auditlog.py

Co-authored-by: kiblik <kiblik@gjh.sk>

* Update dojo/tasks.py

Co-authored-by: kiblik <kiblik@gjh.sk>

* Update unittests/test_flush_auditlog.py

Co-authored-by: kiblik <kiblik@gjh.sk>

* Update test_flush_auditlog.py

removed spaces

* fix: change default value for the retetion period to disable log recycling and mimic the default behavior. Then no change will happen until a user actively sets/ changes this parameter

---------

Co-authored-by: MarianG <marian.gawron@deutschebahn.com>
Co-authored-by: kiblik <kiblik@gjh.sk>
@inesmartins-swordhealth inesmartins-swordhealth merged commit 943188e into SWORDHealth:dev Jan 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
apiv2 docker docs helm New Migration parser settings_changes ui unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@inesmartins-swordhealth @manuel-sommer @dsever @kiblik @Maffooch @ninp0 @MarianG