1.15.0 🌈
·
5365 commits
to master
since this release
Changes since 1.14.0
💣 Breaking changes
- Allow grouping of Findings (and push to JIRA) (disabled by default) @valentijnscholten (#4017)
🚩 Requires settings change or database migration
- deletion: dupe-cascade refactor and fixes @valentijnscholten (#4283)
- don't delete all duplicates when deleting an original, fix product grade on deletion. @valentijnscholten (#4142)
- import history improvements @valentijnscholten (#4209)
- jira: improve UI around inheritance for engagement JIRA config @valentijnscholten (#4207)
- Allow grouping of Findings (and push to JIRA) @valentijnscholten (#4017)
🚀 New importers
- Add Microsoft CredScan parser @Maffooch (#4299)
- Add parser for CycloneDX @damiencarol (#4029)
🚀 General features and enhancements
- dependency check improvements @valentijnscholten (#4312)
- [Nikto parser] Fix severity and add more unit tests @damiencarol (#4357)
- [Generic parser] Add more unit tests @damiencarol (#4354)
- [Acunetix parser] Remove lxml, implements endpoints/date/CVSS vectors and requests @damiencarol (#4308)
- Authorization V2: Integrationtests for management of product members and product type members @StefanFl (#4333)
- SpotBugs: Use hash_code for deduplication and minor enhancements @StefanFl (#4323)
- view_finding: show hash_code in title of ID field @valentijnscholten (#4305)
- filters: file_path partial matching instead of exact match @valentijnscholten (#4311)
- OpenVAS parser: add port and protocol implementation @damiencarol (#4137)
- [Semgrep parser] fix internal de-duplication @damiencarol (#4258)
- Contrast parser: switch endpoint to unsaved_endpoints @damiencarol (#4183)
- [Nexpose parser] Fix error with Python 3.9 @damiencarol (#4296)
- Authorization V2: Feature-complete, ready for testing @StefanFl (#4290)
- Harmonize managing of users with the rest of the UI @StefanFl (#4247)
- Bandit parser: implement scanner confidence @damiencarol (#4239)
- Refactor numerical_severity in importer/reimporter @damiencarol (#4270)
- import-scan not preserving active and verified statuses from findings @michaelgibson (#4014)
- Integrate interactive and ci/cd engagements in one list @StefanFl (#4243)
- login banner: allow clickable urls @valentijnscholten (#4240)
- Engagement page performance @danielnaab (#4049)
- Product engagements page performance @danielnaab (#4124)
- Authorization V2: Findings and Endpoints @StefanFl (#4196)
- Show benchmark results in Product view only when benchmarks are enabled @StefanFl (#4218)
- import history improvements @valentijnscholten (#4209)
- Update Wapiti parser to support more recent versions @damiencarol (#4150)
- [anchore parser] add cvssv3_score when available @madchap (#4182)
- jira: improve UI around inheritance for engagement JIRA config @valentijnscholten (#4207)
- optimize dedupe command, fix product grade @valentijnscholten (#4199)
- Trustwave parser: switch endpoints to unsaved_endpoints @damiencarol (#4151)
- finding.save and dedupe streamlining @valentijnscholten (#4134)
- prod overview: fix perf regression @valentijnscholten (#4177)
- Publish the Helm chart tarball with each release (try 2) by @bgoareguer @valentijnscholten (#4171)
- Generic parser: fix endpoint management @damiencarol (#4169)
- finding groups: remove superfluous dropdown @valentijnscholten (#4208)
- Optimize (pdf) report in main menu and small fix for product type list @StefanFl (#4145)
🐛 Bug Fixes
- [ZAP parser] fixes missing attribute 'param' error @damiencarol (#4361)
- AuthV2: Change wording (admin set user perms) @kiblik (#4346)
- Bulk risk acceptance filter remove need for Verified status @madchap (#4355)
- [RetireJS parser] fix JSON parsing error @damiencarol (#4364)
- [Gitlab SAST parser] Fixes missing severity error @damiencarol (#4345)
- Duplicate scanner name fix #4275 @37b (#4365)
- Unaccept risk on finding edit only if already accepted @madchap (#4339)
- Rename role for API Importer @StefanFl (#4351)
- Re-import fix "Finding has not test" exception @Maffooch (#4349)
- Import History: fix Endpoint JSON Serialization issue @alles-klar (#4331)
- JIRA webhooks to properly handle JIRA resolution when set as 2nd step @madchap (#4332)
- deletion: dupe-cascade refactor and fixes @valentijnscholten (#4283)
- [Burp Entreprise parser] fixes HTML read issue #4287 @damiencarol (#4303)
- Fix datetime/date mismatch between CICD engagement and test @valentijnscholten (#4294)
- Set rabbitMQ memory high watermark @madchap (#4281)
- fix str for GitHub_Issue model @valentijnscholten (#4282)
- delete jira issues when product/engagement is deleted @valentijnscholten (#4291)
- [Snyk parser] Fix missing attribute errors @damiencarol (#4284)
- fix Nonetype when adding from template @valentijnscholten (#4273)
- Add line number to repository link @StefanFl (#4279)
- [PHPCS parser] fix invalid classname error @damiencarol (#4217)
- Nexpose parser - fix edge-case - port is defined but service is "" @kiblik (#4253)
- Qualys parser: fixes TypeError: init() got an unexpected keyword argument 'resolve_entities' @alles-klar (#4121)
- bulk edit: fix auth v2 regression @valentijnscholten (#4241)
- don't show fields on delete forms @valentijnscholten (#4219)
- jira: remove validate parameter on config change @valentijnscholten (#4229)
- Fixes safety parser unit test#4191 (#4192) @valentijnscholten (#4231)
- don't delete all duplicates when deleting an original, fix product grade on deletion. @valentijnscholten (#4142)
- optimize dedupe command, fix product grade @valentijnscholten (#4199)
- fix ORT parser error when importing oss-review-toolkit file @devsecopsale (#4189)
- fix api prefetch for test imports @valentijnscholten (#4204)
- Fixes safety parser unit test #4191 @damiencarol (#4192)
- Testssl parser: fix filtering and use unsaved_endpoints @damiencarol (#4156)
- Microfocus WebInspect parser: fix a bug in endpoint management @damiencarol (#4159)
- finding.save and dedupe streamlining @valentijnscholten (#4134)
- prod overview: fix perf regression @valentijnscholten (#4177)
📝 Documentation updates
- Documentation for authorization V2 @StefanFl (#4352)
- SecureCodeBox - update java wrapper doc @wurstbrot (#4268)
- Push godojo in the supported install in README @madchap (#4252)
🧰 Maintenance
- jira: fix silent epic error during unit tests @valentijnscholten (#4366)
- Bump google-auth from 1.29.0 to 1.30.0 @dependabot (#4368)
- Added media path @n0t4u (#4371)
- Bump pygithub from 1.54.1 to 1.55 @dependabot (#4356)
- Update rabbitmq:3.8.14 Docker digest from 3.8.14 to 3.8.14 (docker-compose.yml) @renovate (#4350)
- Add beta/unsupported warning for rules framework @madchap (#4337)
- Update manusa/actions-setup-minikube action from v2.3.1 to v2.4.0 (.github/workflows/k8s-testing.yml) @renovate (#4348)
- Bump easymde from 2.14.0 to 2.15.0 in /components @dependabot (#4343)
- Update actions/github-script action from v3 to v4 (.github/workflows/new-release-pr.yml) @renovate (#4334)
- Bump sqlalchemy from 1.4.10 to 1.4.11 @dependabot (#4335)
- Include suggested CredScan fixes from #4299 @Maffooch (#4325)
- Bump sqlalchemy from 1.4.9 to 1.4.10 @dependabot (#4326)
- Bump mysql-connector-python from 8.0.23 to 8.0.24 @dependabot (#4327)
- Delete unused entrypoint-celery.sh @valentijnscholten (#4324)
- Update mysql Docker tag from 5.7.33 to v5.7.34 (docker-compose.yml) @renovate (#4318)
- Bump django-extensions from 3.1.2 to 3.1.3 @dependabot (#4320)
- Bump sqlalchemy from 1.4.8 to 1.4.9 @dependabot (#4313)
- Bump nginx from 1.19.9-alpine to 1.19.10-alpine @dependabot (#4314)
- Helm chart linting - pick target branch @madchap (#4302)
- reimporter: make close_old_findings True by default everywhere @valentijnscholten (#4295)
- update npm audit parser description @valentijnscholten (#4286)
- Bump django-debug-toolbar from 3.2 to 3.2.1 @dependabot (#4300)
- Bump google-auth from 1.28.1 to 1.29.0 @dependabot (#4288)
- Bump sqlalchemy from 1.4.7 to 1.4.8 @dependabot (#4289)
- Bump django-debug-toolbar from 3.2 to 3.2.1 @dependabot (#4280)
- Update .gitignore @fabelx (#4278)
- Update stefanzweifel/git-auto-commit-action action from v4.9.2 to v4.10.0 (.github/workflows/plantuml.yml) @renovate (#4261)
- Bump humanize from 3.4.0 to 3.4.1 @dependabot (#4265)
- Bump json-log-formatter from 0.3.0 to 0.3.1 @dependabot (#4266)
- Bump humanize from 3.3.0 to 3.4.0 @dependabot (#4254)
- Bump sqlalchemy from 1.4.6 to 1.4.7 @dependabot (#4255)
- Harmonize import and reimport logic @valentijnscholten (#4246)
- Update styfle/cancel-workflow-action action from 0.8.0 to v0.9.0 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#4251)
- Update mysql:5.7.33 Docker digest from to 5.7.33 (docker-compose.yml) @renovate (#4250)
- reimport utils: move into its own folder @valentijnscholten (#4245)
- finding groups: clarify it's only available per test @valentijnscholten (#4244)
- move parser unit test to correct folder @valentijnscholten (#4230)
- Bump google-auth from 1.28.0 to 1.28.1 @dependabot (#4238)
- Bump django from 2.2.18 to 2.2.20 @dependabot (#4236)
- Update rabbitmq:3.8.14 Docker digest from to 3.8.14 (docker-compose.yml) @renovate (#4224)
- Bump sqlalchemy from 1.4.5 to 1.4.6 @dependabot (#4215)
- Bump pdfmake from 0.1.70 to 0.1.71 in /components @dependabot (#4214)
- Bump django-extensions from 3.1.1 to 3.1.2 @dependabot (#4213)
- Update mysql:5.7.33 Docker digest from to 5.7.33 (docker-compose.yml) @renovate (#4210)
- Update rabbitmq:3.8.14 Docker digest from to 3.8.14 (docker-compose.yml) @renovate (#4211)
- Bump sqlalchemy from 1.4.4 to 1.4.5 @dependabot (#4205)
- Bump nginx from 1.19.8-alpine to 1.19.9-alpine @dependabot (#4206)
- Bump pillow from 8.1.2 to 8.2.0 @dependabot (#4194)
- Bump sqlalchemy from 1.4.3 to 1.4.4 @dependabot (#4178)
- Bump djangorestframework from 3.12.3 to 3.12.4 @dependabot (#4152)
- Bump gunicorn from 20.0.4 to 20.1.0 @dependabot (#4153)
- Bump nginx from
e20c21etoef3c79a@dependabot (#4154)