From 6c55709a3a5f2d4fb5e8521614e73b0f52d795dc Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 13 Nov 2023 18:10:57 +0000 Subject: [PATCH 1/4] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index 947b4828a1..c304d69941 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.28.1", + "version": "2.29.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index ecacca8a3c..b03e47f8ef 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa -__version__ = '2.28.1' +__version__ = '2.29.0-dev' __url__ = 'https://github.com/DefectDojo/django-DefectDojo' __docs__ = 'https://documentation.defectdojo.com' diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index ccb123f9e5..29c8e9385d 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.28.1" +appVersion: "2.29.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.95 +version: 1.6.96-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From 893dfeb402f1af2e558bf3ee2a93d5c5ce29a1a8 Mon Sep 17 00:00:00 2001 From: lme-nca <79927042+lme-nca@users.noreply.github.com> Date: Fri, 17 Nov 2023 17:41:10 +0100 Subject: [PATCH 2/4] fix metrics to also calculate risk acceptance and duplicate findings. (#9013) --- dojo/utils.py | 70 ++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 64 insertions(+), 6 deletions(-) diff --git a/dojo/utils.py b/dojo/utils.py index 62b505e614..dd3eea9278 100644 --- a/dojo/utils.py +++ b/dojo/utils.py @@ -2395,17 +2395,57 @@ def sum_by_severity_level(metrics): def get_open_findings_burndown(product): - findings = Finding.objects.filter(test__engagement__product=product) + findings = Finding.objects.filter(test__engagement__product=product, duplicate=False) f_list = list(findings) curr_date = datetime.combine(datetime.now(), datetime.min.time()) start_date = curr_date - timedelta(days=90) - critical_count = len(list(findings.filter(date__lt=start_date).filter(severity='Critical'))) - high_count = len(list(findings.filter(date__lt=start_date).filter(severity='High'))) - medium_count = len(list(findings.filter(date__lt=start_date).filter(severity='Medium'))) - low_count = len(list(findings.filter(date__lt=start_date).filter(severity='Low'))) - info_count = len(list(findings.filter(date__lt=start_date).filter(severity='Info'))) + critical_count = 0 + high_count = 0 + medium_count = 0 + low_count = 0 + info_count = 0 + + # count all findings older than 90 days that are still active OR will be mitigated/risk-accepted in the next 90 days + for f in list(findings.filter(date__lt=start_date)): + if f.active: + if f.severity == 'Critical': + critical_count += 1 + if f.severity == 'High': + high_count += 1 + if f.severity == 'Medium': + medium_count += 1 + if f.severity == 'Low': + low_count += 1 + if f.severity == 'Info': + info_count += 1 + elif f.is_mitigated: + f_mitigated_date = f.mitigated.timestamp() + if f_mitigated_date >= start_date.timestamp(): + if f.severity == 'Critical': + critical_count += 1 + if f.severity == 'High': + high_count += 1 + if f.severity == 'Medium': + medium_count += 1 + if f.severity == 'Low': + low_count += 1 + if f.severity == 'Info': + info_count += 1 + elif f.risk_accepted: + f_risk_accepted_date = f.risk_acceptance.created.timestamp() + if f_risk_accepted_date >= start_date.timestamp(): + if f.severity == 'Critical': + critical_count += 1 + if f.severity == 'High': + high_count += 1 + if f.severity == 'Medium': + medium_count += 1 + if f.severity == 'Low': + low_count += 1 + if f.severity == 'Info': + info_count += 1 running_min, running_max = float('inf'), float('-inf') past_90_days = { @@ -2416,6 +2456,7 @@ def get_open_findings_burndown(product): 'Info': [] } + # count the number of open findings for the 90-day window for i in range(90, -1, -1): start = (curr_date - timedelta(days=i)) @@ -2423,6 +2464,7 @@ def get_open_findings_burndown(product): d_end = (start + timedelta(days=1)).timestamp() for f in f_list: + # If a finding was opened on this day we add it to the counter of that day f_open_date = datetime.combine(f.date, datetime.min.time()).timestamp() if f_open_date >= d_start and f_open_date < d_end: if f.severity == 'Critical': @@ -2436,6 +2478,7 @@ def get_open_findings_burndown(product): if f.severity == 'Info': info_count += 1 + # If a finding was mitigated on this day we subtract it if f.is_mitigated: f_mitigated_date = f.mitigated.timestamp() if f_mitigated_date >= d_start and f_mitigated_date < d_end: @@ -2450,6 +2493,21 @@ def get_open_findings_burndown(product): if f.severity == 'Info': info_count -= 1 + # If a finding was risk accepted on this day we subtract it + elif f.risk_accepted: + f_risk_accepted_date = f.risk_acceptance.created.timestamp() + if f_risk_accepted_date >= d_start and f_risk_accepted_date < d_end: + if f.severity == 'Critical': + critical_count -= 1 + if f.severity == 'High': + high_count -= 1 + if f.severity == 'Medium': + medium_count -= 1 + if f.severity == 'Low': + low_count -= 1 + if f.severity == 'Info': + info_count -= 1 + f_day = [critical_count, high_count, medium_count, low_count, info_count] if min(f_day) < running_min: running_min = min(f_day) From c0341be7b20ab417072473513a4699f91ed94e43 Mon Sep 17 00:00:00 2001 From: Gabriel Marquet Date: Mon, 20 Nov 2023 15:39:45 +0100 Subject: [PATCH 3/4] Update settings.dist.py (#8994) --- dojo/settings/settings.dist.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 4f0716a554..d8df97755b 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1432,7 +1432,7 @@ def saml2_attrib_map_format(dict): 'Gitleaks Scan': DEDUPE_ALGO_HASH_CODE, 'pip-audit Scan': DEDUPE_ALGO_HASH_CODE, 'Edgescan Scan': DEDUPE_ALGO_HASH_CODE, - 'Bugcrowd API': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + 'Bugcrowd API Import': DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, 'Rubocop Scan': DEDUPE_ALGO_HASH_CODE, 'JFrog Xray Scan': DEDUPE_ALGO_HASH_CODE, 'CycloneDX Scan': DEDUPE_ALGO_HASH_CODE, From c52f735098515fdc336e830165e16a452cdc1c04 Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 20 Nov 2023 15:38:57 +0000 Subject: [PATCH 4/4] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index c304d69941..9e18b1e3cb 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.29.0-dev", + "version": "2.28.2", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index b03e47f8ef..9ee3465726 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa -__version__ = '2.29.0-dev' +__version__ = '2.28.2' __url__ = 'https://github.com/DefectDojo/django-DefectDojo' __docs__ = 'https://documentation.defectdojo.com' diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 29c8e9385d..bb61cd9cf0 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.29.0-dev" +appVersion: "2.28.2" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.96-dev +version: 1.6.96 icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap