changed Oauth to oicd plugin and configured it.... #5
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pna-nca
pushed a commit
that referenced
this pull request
Jul 29, 2024
* WIP * first draw * fix migrations * fix migrations * add epss to findings UI * added epss to finding list * Delete unittests/scans/wazuh/one_endpoint_finding.json * flake8 * add migration for ModelOptions * Add null values for epss + validators * updated findings detail page to display epss as percentage * removed wazuh file * update branch (#3) * Update versions in application files * Update jira-description.tpl (DefectDojo#9403) * Update and rename whitesource.md to mend.md (DefectDojo#9348) * Update and rename whitesource.md to mend.md * Update docs/content/en/integrations/parsers/file/mend.md Co-authored-by: Charles Neill <[email protected]> --------- Co-authored-by: Charles Neill <[email protected]> * API: Remote v2 OpenAPI2 Docs from menu (DefectDojo#9469) * 🐛 fix migration (DefectDojo#9467) * finding sla expiration date field (part one) (DefectDojo#9473) * addition of sla expiration date field on the finding model * add migration and fix indentation issue * fix mitigated finding remaining sla days calculation * fix sla violation filter to return only active, sla violating findings * migration system settings fix * fix mitigation date vs datetime discrepancy * fix breaking unit test * move product save check to signal * fix unit test failure * make signal operations async, fix sla config delete 500 error * add unit tests to test sla expiration date functionality * restarting without signals * add async updating flags, redo migration * move signal logic to overriden save * fix errors for non-existing objects at creation * clean up comments and a few logical expressions * fix flake8 error * addition of new unit tests * fix unit test error * add message to form fields when async updating flag is true * fix save location, reword form messages, reword redirect messages * remove commented lines from unit tests * add a bit more description to API validation errors * migration fix * migration performance improvements * fix datetime - str comparison issue * clean up for part one of sla expiration date field * fix flake8 * Update dojo/db_migrations/0200_finding_sla_expiration_date_product_async_updating_and_more.py Co-authored-by: Charles Neill <[email protected]> * Update dojo/models.py Co-authored-by: Charles Neill <[email protected]> --------- Co-authored-by: Charles Neill <[email protected]> * Update versions in application files * Update versions in application files * Update release-drafter/release-drafter action from v5.25.0 to v6 (.github/workflows/release-drafter.yml) (DefectDojo#9460) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump pytz from 2023.4 to 2024.1 (DefectDojo#9465) Bumps [pytz](https://github.com/stub42/pytz) from 2023.4 to 2024.1. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](stub42/pytz@release_2023.4...release_2024.1) --- updated-dependencies: - dependency-name: pytz dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django-debug-toolbar from 4.2.0 to 4.3.0 (DefectDojo#9466) Bumps [django-debug-toolbar](https://github.com/jazzband/django-debug-toolbar) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/jazzband/django-debug-toolbar/releases) - [Changelog](https://github.com/jazzband/django-debug-toolbar/blob/main/docs/changes.rst) - [Commits](django-commons/django-debug-toolbar@4.2...4.3) --- updated-dependencies: - dependency-name: django-debug-toolbar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump nginx from `d12e6f7` to `f2802c2` (DefectDojo#9477) Bumps nginx from `d12e6f7` to `f2802c2`. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependency postcss from 8.4.33 to v8.4.34 (docs/package.json) (DefectDojo#9481) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) (DefectDojo#9458) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * ⬆️ Bump boto3 from 1.34.32 to 1.34.35 (DefectDojo#9489) Bumps [boto3](https://github.com/boto/boto3) from 1.34.32 to 1.34.35. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.32...1.34.35) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependency ruff from 0.1.15 to v0.2.1 (requirements-lint.txt) (DefectDojo#9459) * Update dependency ruff from 0.1.15 to v0.2.1 (requirements-lint.txt) * Fix ruff warning (DefectDojo#9461) * Update dependency ruff from 0.1.15 to v0.2.0 (requirements-lint.txt) * fix ruff warning --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Charles Neill <[email protected]> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: kiblik <[email protected]> Co-authored-by: Charles Neill <[email protected]> * 🐛 fix defaulting severity, see last comments in DefectDojo#8778 (DefectDojo#9370) Co-authored-by: Cody Maffucci <[email protected]> * Add ruff for *tests (DefectDojo#9406) * Revert ":bug: fix dependencytrack deduplication (DefectDojo#9117)" (DefectDojo#9371) This reverts commit 0f55a7f. Co-authored-by: Cody Maffucci <[email protected]> * dojo/importers/importer/importer.py - Change "None" string to "Info" from cvss module when a CVSS vector string should evaluate to "Info" (DefectDojo#9453) * dojo/importers/importer/importer.py - Change "None" string to "Info" from cvss module when a CVSS vector string evaluates to "Info" * dojo/importers/importer/importer.py - Change "None" string to "Info" from cvss module when a CVSS vector string evaluates to "Info" #flake8_fix * Trivy Operator VulnerabilityReport Parser tweaks (DefectDojo#9452) * API: Check missing endpoints (DefectDojo#7618) * Rename unittest * Define exceptions for now * Announcement was implemented * Fix unittests with assertRaises + replace assertTrue/False with better checks (DefectDojo#9435) * Fix unittests with assertRaises * Replace assertTrue/False with better checks * Fixes * Optimize list of Maintenance in relase notes (DefectDojo#9492) * fix typo in docs (DefectDojo#9487) * 🐛 WFuzz: Add additional severity mappings (DefectDojo#9486) * 🐛 fix wfuzz, issue DefectDojo#7863 * add 302 * update docs * Be strict about Warnings during testing (DefectDojo#9490) * Set PYTHONWARNINGS=error * Add basic filterwarnings * Mute some warnings * Mute one more warning * 🐛 fix trufflehog3, issue DefectDojo#6999 (DefectDojo#9470) * 🐛 fix yarn_audit, DefectDojo#6495 (DefectDojo#9478) * Bump vulners from 2.1.2 to 2.1.5 (DefectDojo#9391) Bumps [vulners]() from 2.1.2 to 2.1.5. --- updated-dependencies: - dependency-name: vulners dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add support for DD_APPEND_SLASH (DefectDojo#9385) * Override default Django APPEND_SLASH * Update dojo/settings/settings.dist.py * 🎉 Improvements for wazuh importer (DefectDojo#9248) * improvement for wazuh importer * 🔧 change on dedupe for Wazuh * 🔧 change on dedupe for Wazuh * 📝 * ✏️ * 📝 * 📝 * flake8 * 🎉 recoded wazuh importer to support endpoints * ✅ adjusted unittests * 📝 * ✏️ * ✏️ --------- Co-authored-by: Cody Maffucci <[email protected]> * Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) (DefectDojo#9501) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency postcss from 8.4.34 to v8.4.35 (docs/package.json) (DefectDojo#9502) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Improve API endpoints for Risk Acceptances (DefectDojo#9415) * Modifying Bugcrowd API Parser to align to vendor documentation on wha… (DefectDojo#9517) * Modifying Bugcrowd API Parser to align to vendor documentation on what the not_applicable state means. It is now active == False and severity == 'Info'. [sc-4217] * fixing Flake8 errors * fixing Flake8 errors, part deux --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: DefectDojo release bot <[email protected]> Co-authored-by: Cody Maffucci <[email protected]> Co-authored-by: Paul Osinski <[email protected]> Co-authored-by: Charles Neill <[email protected]> Co-authored-by: kiblik <[email protected]> Co-authored-by: manuelsommer <[email protected]> Co-authored-by: Blake Owens <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Robert Kiss <[email protected]> Co-authored-by: ninp0 <[email protected]> Co-authored-by: Raouf HADDADA <[email protected]> Co-authored-by: Felix Hernandez <[email protected]> Co-authored-by: Jay Paz <[email protected]> * updated migrations * added percentage to findings_list * ✏️ tightening column title in findings detail page * flake8 * undo DT parser update * fix migrations * update migrations to changes in dev * merge dev into epss score * Update versions in application files * Update versions * Parse GitHub vulnerability version (DefectDojo#9462) * Fix SARIF parser with CodeQL rules (DefectDojo#9440) * fix for sarif parser with codeql rules * add check for extensions property * flake8 comparsion * finding sla expiration date field (part two) (DefectDojo#9494) * finding sla expiration date field (part two) * sla violation check updates * clean up of finding violates_sla property * flake8 fix * Update dojo/models.py Co-authored-by: Charles Neill <[email protected]> * Update 0201_populate_finding_sla_expiration_date.py --------- Co-authored-by: Charles Neill <[email protected]> * Jira Server/DataCenter: Update meta methods (DefectDojo#9512) * Jira Webhook: Catch comments from other issue updates (DefectDojo#9513) * Jira Webhook: Catch comments from other issue updates * Accommodate redirect responses * Update dojo/jira_link/views.py Co-authored-by: Charles Neill <[email protected]> * Fix syntax --------- Co-authored-by: Charles Neill <[email protected]> * add metrics page: "Product Tag Count" (fixes DefectDojo#9151) (DefectDojo#9152) * add metrics page: "Product Tag Count" It is fully based on "Product Type Count" metrics page. * fixup! add metrics page: "Product Tag Count" * Fix Flake8 * Update views.py --------- Co-authored-by: Cody Maffucci <[email protected]> * Release Drafter: Try validating inputs * Disallow duplicate tool types (DefectDojo#9530) * Disallow duplicate tool types * Fix Flake8 * Only validate on new creations * Force new name on tool type unit test * Engagement Surveys: Add missing leading slash (DefectDojo#9531) URL redirects were behaving strangely without this leading slash. it seems it was missed when all the others were added * Update versions in application files * Update versions in application files * Dojo_Group: Support for "RemoteUser" in model (DefectDojo#9405) * Use correct name references * fix db_mig * Update and rename 0201_alter_dojo_group_social_provider.py to 0202_alter_dojo_group_social_provider.py --------- Co-authored-by: Cody Maffucci <[email protected]> * Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) (DefectDojo#9535) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * remove flot-axis library (DefectDojo#9540) * use full url for helm-repos and alias in renovate.json (DefectDojo#9525) With this change, renovate will create PRs to update the helm-dependencies, just as with docker-compose. Note that only setting the repository to the full URL did not work, I also had to add the registryAlias. * Update Helm release redis from 16.12.3 to ~16.13.0 (helm/defectdojo/Chart.yaml) (DefectDojo#9550) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) (DefectDojo#9541) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update postgres Docker tag from 16.1 to v16.2 (docker-compose.yml) (DefectDojo#9536) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update Helm release mysql from 9.1.8 to ~9.19.0 (helm/defectdojo/Chart.yaml) (DefectDojo#9545) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --------- Co-authored-by: DefectDojo release bot <[email protected]> Co-authored-by: Cody Maffucci <[email protected]> Co-authored-by: Colm O hEigeartaigh <[email protected]> Co-authored-by: Andrei Serebriakov <[email protected]> Co-authored-by: Blake Owens <[email protected]> Co-authored-by: Charles Neill <[email protected]> Co-authored-by: tomaszn <[email protected]> Co-authored-by: kiblik <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Felix Hernandez <[email protected]> Co-authored-by: Sebastian Gumprich <[email protected]> * update epss-score (#5) solve conflicts --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: DefectDojo release bot <[email protected]> Co-authored-by: Cody Maffucci <[email protected]> Co-authored-by: Paul Osinski <[email protected]> Co-authored-by: Charles Neill <[email protected]> Co-authored-by: kiblik <[email protected]> Co-authored-by: manuelsommer <[email protected]> Co-authored-by: Blake Owens <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Robert Kiss <[email protected]> Co-authored-by: ninp0 <[email protected]> Co-authored-by: Raouf HADDADA <[email protected]> Co-authored-by: Felix Hernandez <[email protected]> Co-authored-by: Jay Paz <[email protected]> Co-authored-by: Colm O hEigeartaigh <[email protected]> Co-authored-by: Andrei Serebriakov <[email protected]> Co-authored-by: tomaszn <[email protected]> Co-authored-by: Sebastian Gumprich <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We are narrowing the scope of acceptable enhancements to DefectDojo in preparation for v3. Learn more here:
https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md
Description
Describe the feature / bug fix implemented by this PR.
If this is a new parser, the parser guide may be worth (re)reading.
Test results
Ideally you extend the test suite in
tests/anddojo/unitteststo cover the changed in this PR.Alternatively, describe what you have and haven't tested.
Documentation
Please update any documentation when needed in the documentation folder)
Checklist
This checklist is for your information.
dev.dev.bugfixbranch.Extra information
Please clear everything below when submitting your pull request, it's here purely for your information.
Moderators: Labels currently accepted for PRs:
Contributors: Git Tips
Rebase on dev branch
If the dev branch has changed since you started working on it, please rebase your work after the current dev.
On your working branch
mybranch:In case of conflict:
When everything's fine on your local branch, force push to your
myOriginremote:To cancel everything:
Squashing commits
pickbyfixupon the commits you want squashed outpickbyrewordon the first commit if you want to change the commit messageForce push to your
myOriginremote: