1.6.0-rc

Changes

🚀 New scanners

• Adding a parser for Gitleaks scanner @steeve85 (#2149)
• Adding a parser from Harbor vulnerability API @natebwangsut (#2134)
• Adding SimilarityID and PathID concatenation as unique_id_from_tool for Checkmarx Parser @dshraddha23 (#1941)
• Add a parser for policy checks created by Anchore enterprise @ccojocar (#2016)
• Add parser for Crashtest Security JSON file @Phylu (#1996)
• [BurpE] Add multiple request/response tabs @Maffooch (#1997)

🚀 Features and enhancements

• Improve Google Sheets Sync feature @piyarathnalakmali (#1831)
• Feature/jira overhaul (Push All Issues) @Apipia (#2140)
• travis: reorder tests to prioritize important tests @valentijnscholten (#2189)
• Dockerfile for integration tests @alles-klar (#2114)
• Add TLS for Nginx Helm Chart @alles-klar (#2115)
• Cicd improvements: reupload mitigation, overdue @valentijnscholten (#1929)
• Add github integration @mestrade (#2116)
• Brakeman parser improvement @steeve85 (#2175)
• integration tests fixes and improvements @valentijnscholten (#2160)
• [apiv2] Add capability to query by finding_id on the jira_finding_mapping endpoint @madchap (#2138)
• Move similar finding below actual finding main info @madchap (#2131)
• Integration test: Assert absence of javascript errors @valentijnscholten (#2047)
• Prefetch tags and more to remove 1+N queries problem @valentijnscholten (#2012)
• Add bulk risk acceptance API @jvz (#1904)
• Add component name and version for JFrog scans @jvz (#1979)
• apiv2: add test.id in result of importscan @valentijnscholten (#2094)
• performance: cache system_settings in views @valentijnscholten (#1953)
• add url and product name to jira alert message @valentijnscholten (#2061)
• add system setting to enable/disable audit logging @valentijnscholten (#2068)
• Implement Auth0 OAuth2 authentication @xens (#2079)
• add watson middleware for more efficient search index updates @valentijnscholten (#2066)
• performance gains by prefetching in more places @valentijnscholten (#1955)
• Add parser for Crashtest Security JSON file @Phylu (#1996)
• Keyboard shortcuts to navigate to previous and next finding @madchap (#1990)

🐛 Bug Fixes

• fix copy-paste to prevent GH config to show on product edit @madchap (#2203)
• Travis reorder: remove finish_fast that is breaking builds @valentijnscholten (#2200)
• Acunetix parser fix @steeve85 (#2185)
• Hadolint parser fix @steeve85 (#2186)
• integration tests fixes and improvements @valentijnscholten (#2160)
• Fix test notes not appearing in report + cosmetic improvement @Apipia (#2157)
• system settings test: fix copy-paste error @valentijnscholten (#2158)
• unittests: check for existence of system_settings db record @valentijnscholten (#2105)
• Allow staff users to delete notes @madchap (#2127)
• honor note_type property on POST /findings/{id}/notes/ @madchap (#2120)
• fix dashboard graph - show values @alles-klar (#2112)
• Social-auth: Fix call-back URLs @xens (#2124)
• Fix middlewares @Nilix007 (#1863)
• product list: add missing quotes around asc for table sorter @valentijnscholten (#2095)
• DSOP parser missing fields @madchap (#2104)
• kubernetes: fix node selectors; add limits @ptrovatelli (#1881)
• Fix kubernetes helm upgrade @ptrovatelli (#1924)
• fix migrations after #2009 @valentijnscholten (#2100)
• Fix duplication issue @MarianG (#2009)
• Fix for issue #1993 @piyarathnalakmali (#2097)
• docker initializer: do not give a new non-working passwd if admin present in DB @madchap (#2084)
• fix #2050 broken javascript datatable product list @valentijnscholten (#2051)
• quickfix #1995 bulk edit in view_test @valentijnscholten (#2034)
• Fix whitesource parser @MarianG (#2011)
• fix login buttons by adding explicit CLASSIC_AUTH_ENABLED option @valentijnscholten (#2090)
• fix various DSOP parser issues @madchap (#2054)
• add version to filter fields @madchap (#1879)
• Anchore parser fix to consider package_path @madchap (#2086)
• Adding SimilarityID and PathID concatenation as unique_id_from_tool for Checkmarx Parser @dshraddha23 (#1941)
• fix some queries so that open include active verified and not verified @madchap (#2026)
• only show donut if donut (language) data is available, fixes #2005 @valentijnscholten (#2039)
• fix superfluous sla column in datatable config (fixes #2041) @valentijnscholten (#2042)
• only show dupes dropdown if there are dupes, fixes #2006 @valentijnscholten (#2046)
• npm audit parser: limit vulnerable paths to max 25 @valentijnscholten (#2060)
• From string to boolean - fix login page buttons not showing #2075 @madchap (#2077)
• add required middleware to set actor_id in auditlog entries @valentijnscholten (#2067)
• fix removed system settings processor @valentijnscholten (#2080)
• fix #2048 handle None value for CWE in apply finding template @valentijnscholten (#2049)
• [BurpE] Add multiple request/response tabs @Maffooch (#1997)

🧰 Maintenance

• Minor DOCKER.md fix for ptvsd @madchap (#2177)
• Bump google-auth from 1.13.1 to 1.14.0 @dependabot-preview (#2199)
• travis: reorder tests to prioritize important tests @valentijnscholten (#2189)
• add doc about wrappers and branching model @ptrovatelli (#2003)
• Bump coverage from 5.0.4 to 5.1 @dependabot-preview (#2184)
• Bump cryptography from 2.8 to 2.9 @dependabot-preview (#2142)
• Bump pillow from 7.1.0 to 7.1.1 @dependabot-preview (#2141)
• Bump psycopg2-binary from 2.8.4 to 2.8.5 @dependabot-preview (#2154)
• Bump nginx from 3936fb3 to 7ac7819 @dependabot-preview (#2155)
• Bump humanize from 2.2.0 to 2.3.0 @dependabot-preview (#2156)
• Bump django-watson from 1.5.3 to 1.5.5 @dependabot-preview (#2126)
• Bump django from 2.2.11 to 2.2.12 @dependabot-preview (#2133)
• Bump pillow from 7.0.0 to 7.1.0 @dependabot-preview (#2136)
• Bump google-auth from 1.12.0 to 1.13.1 @dependabot-preview (#2139)
• Bump google-auth from 1.11.3 to 1.12.0 @dependabot-preview (#2111)
• Pinned yarn package manager to stable version @arkwrn (#1956)
• Find and correct duplicate loops @MarianG (#2010)
• remove unused view_product_details @valentijnscholten (#2063)
• Bump humanize from 2.1.0 to 2.2.0 @dependabot-preview (#2102)
• integration-tests: add wait/retry when checking for duplicates @valentijnscholten (#2101)
• Fix duplication issue @MarianG (#2009)
• Bump metismenu from 3.0.5 to 3.0.6 in /components @dependabot-preview (#2098)
• Bump humanize from 2.0.0 to 2.1.0 @dependabot-preview (#2091)
• simplify and speedup integration tests @valentijnscholten (#2015)
• remove unused docker/nginx.conf @valentijnscholten (#2055)
• Bump celery from 4.4.1 to 4.4.2 @dependabot-preview (#2076)
• Bump coverage from 5.0.2 to 5.0.4 @dependabot-preview (#2073)
• Bump google-auth from 1.11.2 to 1.11.3 @dependabot-preview (#2057)
• Bump google-api-python-client from 1.7.12 to 1.8.0 @dependabot-preview (#2058)
• Update CONTRIBUTING.md after migration to python3. @valentijnscholten (#2031)
• Bump google-api-python-client from 1.7.11 to 1.7.12 @dependabot-preview (#2043)
• Bump humanize from 0.5.1 to 2.0.0 @dependabot-preview (#1986)
• Bump bootswatch from 3.3.7 to 3.4.1 in /components @dependabot-preview (#2027)
• remove dependency pygments @alles-klar (#2017)
• Javascript dependency refactor @valentijnscholten (#2002)
• Bump nginx from 1.17.7 to 1.17.9 @dependabot-preview (#2008)
• Bump django-tagging from 0.4.6 to 0.5.0 @dependabot-preview (#1994)
• Bump urllib3 from 1.25.8 to 1.25.9 @dependabot-preview (#2206)

🚩 Requires settings change

• Fix middlewares @Nilix007 (#1863)
• Prefetch tags and more to remove 1+N queries problem @valentijnscholten (#2012)
• fix login buttons by adding explicit CLASSIC_AUTH_ENABLED option @valentijnscholten (#2090)
• From string to boolean - fix login page buttons not showing #2075 @madchap (#2077)
• add system setting to enable/disable audit logging @valentijnscholten (#2068)
• Implement Auth0 OAuth2 authentication @xens (#2079)
• add watson middleware for more efficient search index updates @valentijnscholten (#2066)
• add required middleware to set actor_id in auditlog entries @valentijnscholten (#2067)
• Javascript dependency refactor @valentijnscholten (#2002)
• performance gains by prefetching in more places @valentijnscholten (#1955)