Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Syncs with upstream dev #116

Merged
merged 75 commits into from
Feb 21, 2024
Merged

Conversation

inesmartins-swordhealth

No description provided.

DefectDojo release bot and others added 30 commits February 5, 2024 23:04
…32.0-dev

Release: Merge back 2.31.0 into bugfix from: master-into-bugfix/2.31.0-2.32.0-dev
* fix for sarif parser with codeql rules

* add check for extensions property

* flake8 comparsion
…9502)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* finding sla expiration date field (part two)

* sla violation check updates

* clean up of finding violates_sla property

* flake8 fix

* Update dojo/models.py

Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>

* Update 0201_populate_finding_sla_expiration_date.py

---------

Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
#9517)

* Modifying Bugcrowd API Parser to align to vendor documentation on what the not_applicable state means.  It is now active == False and severity == 'Info'. [sc-4217]

* fixing Flake8 errors

* fixing Flake8 errors, part deux
* Jira Webhook: Catch comments from other issue updates

* Accommodate redirect responses

* Update dojo/jira_link/views.py

Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>

* Fix syntax

---------

Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
* add metrics page: "Product Tag Count"

It is fully based on "Product Type Count" metrics page.

* fixup! add metrics page: "Product Tag Count"

* Fix Flake8

* Update views.py

---------

Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* Disallow duplicate tool types

* Fix Flake8

* Only validate on new creations

* Force new name on tool type unit test
URL redirects were behaving strangely without this leading slash. it seems it was missed when all the others were added
Release: Merge release into master from: release/2.31.1
…32.0-dev

Release: Merge back 2.31.1 into bugfix from: master-into-bugfix/2.31.1-2.32.0-dev
…0-dev

Release: Merge back 2.31.1 into dev from: master-into-dev/2.31.1-2.32.0-dev
* Use correct name references

* fix db_mig

* Update and rename 0201_alter_dojo_group_social_provider.py to 0202_alter_dojo_group_social_provider.py

---------

Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
…alpine (docker-compose.yml) (#9535)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
With this change, renovate will create PRs to update
the helm-dependencies, just as with docker-compose.

Note that only setting the repository to the full URL did not work,
I also had to add the registryAlias.
…hart.yaml) (#9550)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…alpine (docker-compose.yml) (#9541)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
kiblik and others added 17 commits February 20, 2024 12:44
…ml) (#9573)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Questionnaires: Correct nested object deletions

* Fix Flake8
A couple fields are overwritten by DefectDojo when findings are pushed to an existing jira ticket. This can be destructive for developers in the following ways:
- Priority: This field often reflects the timeline a particular issue may be fixed. Developers may have more specific context for why a vulnerability may not be as severe as initially thought.
- Labels: Labels could be used to sort issues in a given queue to determine who works on a given ticket. When a finding is pushed to jira again after creation, these new labels should not be overwritten

These fields should be respected to avoid stomping on any changes/process set by developers
Bumps nginx from 1.25.3-alpine to 1.25.4-alpine.

---
updated-dependencies:
- dependency-name: nginx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Endpoints: Force object validation on save

* Prevent str concatenation with None type

* Remove forced clean on save
Release: Merge release into master from: release/2.31.2
…0-dev

Release: Merge back 2.31.2 into dev from: master-into-dev/2.31.2-2.32.0-dev
…9576)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* ✨ fix guardduty, issue #7813

* advance unittests

* add mitigation

* provide more information

* uniqueidfromtool not in description

* flake8

* update docs

* update docs

* update docs

* update according to review

* adapt docs

* 🐛 fix according to comment

* 🐛 fix wrong merge conflict resolal
@inesmartins-swordhealth inesmartins-swordhealth merged commit 0c20505 into SWORDHealth:dev Feb 21, 2024
6 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.