1.5.4rc6

What's Changed

🚀 New scanners

• HackerOne parser (#1712) @blacklotos
• Trivy scanner support (#1700) @sergray
• Add parser for Xanitizer (#1679) @jankuehl
• Add Aqua parser (#1544) @madchap
• SonarQube integration (#1444) @twsagarcia
• Add support for Hadolint (#1424) @william-billaud
• Testssl Importer (#1397) @dr3dd589
• SSLyze importer (#1376) @dr3dd589
• JFrog XRay importer (#1375) @madchap
• SslScan importer (#1351) @dr3dd589
• Wpscan importer (#1345) @dr3dd589
• Webinspect importer (#1268) @dr3dd589
• Whitesource importer (#1243) @dr3dd589
• Mozilla Observatory importer (#1226) @dr3dd589
• Outpost24 importer (#1750) @jvz

🚀 Features and enhancements

• Added CVE Reference to imported findings from clair (#1751) @Rakito
• Enable Domain and Email Whitelist for Google Oauth (#1738) @arkwrn
• Read images as binaries (#1734) @dougmorato
• Add endpoints to scan (#1733) @alles-klar
• Add jira issue type config in settings (#1731) @madchap
• Login page banner (#1723) @madchap
• Fortify Parser Overhaul (#1706) @Apipia
• [apiv2] ability to filter engagement by name (#1703) @madchap
• Documentation fixes (#1699) @sergray
• Adapting to Active findings for count (#1698) @madchap
• adding multi-procs and threads by default (#1673) @madchap
• Add more product metrics, and base off open findings (#1672) @madchap
• Deduplication configuration per parser (#1665) @ptrovatelli
• drf_yasg for api documentation (#1664) @alles-klar
• Integrating Google Sheets with DefectDojo (#1637) @piyarathnalakmali
• Add ability to quickly mark duplicate findings (#1628) @jvz
• Add nosniff header and other improvments related to installation (#1624) @ptrovatelli
• Show more elements on a page (#1620) @alles-klar
• Change note editing restrictions (#1614) @piyarathnalakmali
• Integrate Engagement Surveys (#1601) @Maffooch
• Add finding ID, Eng. Version and tags to search results (#1596) @dougmorato
• Ability to Add And Remove Notes with API v2 Finding Endpoint (#1595) @propersam
• Improve Product view filtering (#1588) @dougmorato
• Adding the All Engagements View (#1587) @dougmorato
• Introducing DataTables to Products and Findings (#1586) @dougmorato
• add v1 api enhancements (#1574) @devGregA
• [SonarQube API] Manage manual changes (#1568) @twsagarcia
• Twistlock add unittest and try-catch (#1567) @madchap
• Ease use of external db in helm charts (#1563) @william-billaud
• Add ability to import OWASP Dependency Track Finding Packaging Format (FPF) Exports as a scan (#1561) @csansone-handy
• Add note-types to organize finding notes (#1539) @piyarathnalakmali
• JS validation in template form (#1534) @no-sec-marko
• Make finding images downloadable via API (#1532) @efficiosoft
• Manually set parent of duplicate (#1516) @Maffooch
• Add option to move engagements to different products (#1512) @Maffooch
• Add table of contents to HTML/Asciidoc reports (#1509) @Maffooch
• Integrate Unit tests to Travis CI jobs (#1501) @propersam
• Add express addition of Jira configs (#1495) @Maffooch
• Add Ability to Manage Findings Tag with Api v2 (#1489) @propersam
• Add ptvsd debug option (#1485) @madchap
• Improve Retire.JS parser (#1481) @Maffooch
• Add cve to Crashtest + dawnscanner findings (#1480) @dr3dd589
• docker-compose related improvements (#1479) @ptrovatelli
• Enable reports and resolve errors (@1469) @Maffooch
• JIRA improvements (#1466, #1465) @Maffooch
• Propose finding templates based on recent activity and CVE (@1464) @Maffooch
• "Download template as..." (#1453) @devEricA
• CWE statistics in product metrics (#1451) @twsagarcia
• Added Api v2 Feature For Report Generation (#1447) @propersam
• Reactivate sonar (#1445) @ptrovatelli
• Add current commit hash in footer (#1440) @dr3dd589
• Notifications overhaul (#1437) @devEricA
• JIRA Webhook support Finding transition to Accept/False positive status (#1419) @twsagarcia
• Bulk edit tags (#1402) @devEricA
• Include tags in reports (#1400) @dr3dd589
• Add Notes Endpoint to Api v2 + private (#1360, #1358) @propersam
• Disable the 'push to jira' checkbox prevent accidental overwrite (#1324) @madchap
• Enhanced Blackduck parser (#1318) @madchap @jvz
• Implement Azure AD Tenant OAuth (#1309) @dougmorato
• Previous and Next button to navigate findings (#1269) @devEricA
• Add private notes to findings and prevent showing on reports (#1266) @Maffooch
• Clear all alerts option (#1258) @devEricA
• Get python3 branch up to dev place (#1246) @Maffooch
• Make risk acceptance accessible from finding (#1225) @devEricA

🐛 Bug Fixes

• owasp_dependency_checker: truncate too long cve fields (#1768) @valentijnscholten
• Fix dedupe for dynamic parsers: fix addition of endpoints (#1730) @ptrovatelli
• [Helm] Fix resources indentation (#1727) @carlosjgp
• Fix hover issue in product list (#1718) @Maffooch
• Updated datatable because the endpoint popup didnt work (#1715) @MarianG
• No staff for new social logins (#1711) @madchap
• Updated php parser to report on warnings even with no errors (#1705) @Apipia
• Whitesource cvss3 fix, improvements (#1690, #1685) @madchap
• Fixing endpoint pop-up in add_findings.html (#1689) @no-sec-marko
• Blackduck importer update and fixes (#1683) @Apipia
• Fix undefined and null value issue in netsparker import (#1677) @H4ckd4ddy
• Fix sslyze XML parser for undefined value (#1676) @H4ckd4ddy
• Checkmarx set false positive status (#1675) @ptrovatelli
• Fix bug with endpoints without colons (#1667) @alles-klar
• Fix bug in simple metrics (#1666) @alles-klar
• argument type for json.loads (#1662) @frannovo
• Repair Simple Metrics data displayed on /metrics/simple route (#1655) @amnesik
• Fix CVE regex (#1632) @blacklotos
• Fix bug when using tags with spaces (#1621) @alles-klar
• Fix bug in qualys parser (#1619) @alles-klar
• Fix Spotbugs import (#1615) @Tibo-le-canard
• fix dependency-check cwe parsing (#1611) @madchap
• Fix "Under Review" not showing in test view (#1599) @madchap
• fix finding.cwe in filters (#1591) @legik
• Fix Import OpenVas Scan Result (#1585) @gogo02
• Fix Closed/Accepted Finding errors (#1578) @Maffooch
• fix introduced regression to ingesting Xray scan (#1564) @madchap
• Fix tables of contents and test pdf report (#1556) @Maffooch
• promote_to_finding crash on endpoints (#1551) @agix
• json_output does not exist (#1548) @agix
• Urlunsplit crash fix (#1547) @agix
• Fix bug when displaying accepted findings (#1538) @alles-klar
• Remove unique constraint from jira_id (#1529) @madchap
• Expand default bleach whitelist (#1524) @no-sec-marko
• Show test lead name in the test summary table instead name of eng lead (#1519) @no-sec-marko
• fix initial date format (#1499) @madchap
• fix release mode git commit showing issue (#1483) @dr3dd589
• Fix tags in all finding templates (#1463) @Maffooch
• Fix Clair importer (#1459) @dr3dd589
• Fix Dependency Check parser (#1455) @dr3dd589
• Fix json based import scanners (#1449) @Maffooch
• Fix deprecated filter argument (#1405) @frannovo
• Fix Qualys parsing and importing (#1386) @dougmorato
• Fix Veracode static and dynamic issue (#1377) @dr3dd589

🧰 Maintenance activities

• Bumping parent docker images (#1786) @madchap
• Update python dependencies (#1758) @alles-klar
• Pushing dependabot config to master (#1732) @madchap
• README's installation update (#1642, #1641) @Maffooch
• Update migrations to make builds happy (#1523) @Maffooch
• Adjust finding status to display product metrics (#1520) @madchap
• Fix unit-tests not working in docker env (#1429) @ptrovatelli
• Refactor deduplication and implement with django signals (#1395) @Maffooch
• Fix DefectDojo build caused by Python3 docker update (#1379) @alles-klar
• Use git+https instead of git+git for GitHub on requirements.txt (#1297) @dougmorato