Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#6620 Create API importer for Bugcrowd #6621

Merged
merged 39 commits into from
Sep 14, 2022
Merged

#6620 Create API importer for Bugcrowd #6621

merged 39 commits into from
Sep 14, 2022

Conversation

Gby56
Copy link
Contributor

@Gby56 Gby56 commented Jul 28, 2022

Implements #6620

Needs testing too

@github-actions github-actions bot added parser settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR ui labels Jul 28, 2022
@github-actions github-actions bot added the docs label Jul 28, 2022
@Gby56
Copy link
Contributor Author

Gby56 commented Jul 28, 2022

I have added a regex parsing for endpoints because I kept getting errors I have mentioned in #6580 ! Submissions can have random stuff in their bug_url, not just urls which is annoying...

@Maffooch
Copy link
Contributor

@Gby56 This is a great start here! There a couple things left to do before we can approve

Copy link
Contributor

@damiencarol damiencarol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a few changes needed, also unit tests are missing.

@Gby56
Copy link
Contributor Author

Gby56 commented Aug 2, 2022

@Maffooch all good :) I copied tests from Edgescan

@Gby56 Gby56 requested a review from damiencarol August 2, 2022 12:04
@damiencarol
Copy link
Contributor

@Gby56

  1. when I said use urlencode method instead, I was refering to something like this:
import urllib.request
import urllib.parse
params = urllib.parse.urlencode({'spam': 1, 'eggs': 2, 'bacon': 0})
url = "http://www.musi-cal.com/cgi-bin/query?%s" % params
with urllib.request.urlopen(url) as f:
    print(f.read().decode('utf-8'))

Which is easier to read and less bug prone (instead of pushing the string encoded directly in the code).

  1. We should convert this method get_findings(self, program, target) to be a generator function.
    If I understand well the data returned by GitLab API, the data are paginated.
    Which means that the function could return multiple time data. Perfect use case for a generator function.

Copy link
Contributor

@kiblik kiblik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Gby56,

I'm not sure that merging master to this branch was the best step. I suppose you wanted to merge dev.

I'm adding also a couple of comments to your changes.

dojo/tools/bugcrowd_api/api_client.py Outdated Show resolved Hide resolved
dojo/tools/bugcrowd_api/api_client.py Show resolved Hide resolved
dojo/tools/bugcrowd_api/parser.py Outdated Show resolved Hide resolved
dojo/tools/bugcrowd_api/parser.py Outdated Show resolved Hide resolved
dojo/tools/bugcrowd_api/parser.py Outdated Show resolved Hide resolved
dojo/tools/bugcrowd_api/parser.py Outdated Show resolved Hide resolved
@github-actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions github-actions bot removed the helm label Sep 13, 2022
@github-actions github-actions bot added the helm label Sep 13, 2022
@github-actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@Gby56
Copy link
Contributor Author

Gby56 commented Sep 13, 2022

@kiblik yeah I did the upstream fetch on my fork and it pulled the master, but now that I merged dev into my branch it's not working either, anyways I copied over the exact files from dev and there are no conflicts here, it's weird how the diff is showing

components/package.json Outdated Show resolved Hide resolved
@Gby56
Copy link
Contributor Author

Gby56 commented Sep 13, 2022 via email

@github-actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions github-actions bot removed the helm label Sep 14, 2022
@github-actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@Gby56
Copy link
Contributor Author

Gby56 commented Sep 14, 2022

the init file probably didn't get linted with black, the string delimiters were just different

@Gby56
Copy link
Contributor Author

Gby56 commented Sep 14, 2022

@kiblik tell me if everything is ok for you, I have added the feedback from the http responses in case of a failure as requested

@kiblik
Copy link
Contributor

kiblik commented Sep 14, 2022

Yes @Gby56, it looks good to me. Thank you for the changes and your effort.
Unfortunately, I do not have "approval" or "merge" rights here, so you will need to wait or ask somebody else.

@Maffooch Maffooch merged commit 9bb46ba into DefectDojo:dev Sep 14, 2022
salvianf added a commit to salvianf/django-DefectDojo that referenced this pull request Nov 11, 2022
* adapted the helm chart of initializer-job.yaml to allow for metadata … (#6730)

* adapted the helm chart of initializer-job.yaml to allow for metadata annotations

* adapted the helm chart of initializer-job.yaml to run after install or upgrade

* fixed typo initializerKeepSeconds to initializer.keepSeconds

* renamed to jobAnnotations and moved helm hook to template values

* indent fix

* indent fix

* Design fixes to footer, tags input, and filters snippet (#6751)

* Design fixes to footer, tags input, and filters

* Update dojo.css

* Update base.html

* Bump google-api-python-client from 2.57.0 to 2.58.0 (#6757)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.57.0 to 2.58.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.57.0...v2.58.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6755)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Fix assignee bug in JIRA view (#6741)

* Fix assignee bug in JIRA view

* Update dojo/jira_link/views.py

Co-authored-by: Cody Maffucci <[email protected]>

Co-authored-by: Cody Maffucci <[email protected]>

* Bump google-auth from 2.10.0 to 2.11.0 (#6745)

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.10.0 to 2.11.0.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.10.0...v2.11.0)

---
updated-dependencies:
- dependency-name: google-auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update local_settings.py description

* Update configuration.md

* Corrected deduplication settings for Twistlock Reports (#6777)

* Update versions in application files

* Update Chart.yaml

* Update version files

* Forgot a number

* Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.31.2 to v1.32.0 (helm/defectdojo/values.yaml) (#6823)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump cryptography from 37.0.4 to 38.0.1 (#6822)

Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.4 to 38.0.1.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/37.0.4...38.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update rabbitmq:3.10.7-alpine Docker digest from 3.10.7 to 3.10.7-alpine (docker-compose.yml) (#6821)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6820)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update nginx/nginx-prometheus-exporter Docker tag from 0.10.0 to v0.11.0 (helm/defectdojo/values.yaml) (#6818)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump sqlalchemy from 1.4.40 to 1.4.41 (#6813)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.40 to 1.4.41.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump google-api-python-client from 2.58.0 to 2.60.0 (#6812)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.58.0 to 2.60.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.58.0...v2.60.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update actions/checkout action from v2 to v3 (.github/workflows/submodule-update.yml) (#6805)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump jira from 3.4.0 to 3.4.1 (#6800)

Bumps [jira](https://github.com/pycontribs/jira) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/pycontribs/jira/releases)
- [Commits](https://github.com/pycontribs/jira/compare/3.4.0...3.4.1)

---
updated-dependencies:
- dependency-name: jira
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump djangosaml2 from 1.5.1 to 1.5.2 (#6799)

Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/IdentityPython/djangosaml2/releases)
- [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES)
- [Commits](https://github.com/IdentityPython/djangosaml2/compare/v1.5.1...v1.5.2)

---
updated-dependencies:
- dependency-name: djangosaml2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-slack from 5.17.8 to 5.18.0 (#6789)

Bumps [django-slack](https://github.com/lamby/django-slack) from 5.17.8 to 5.18.0.
- [Release notes](https://github.com/lamby/django-slack/releases)
- [Commits](https://github.com/lamby/django-slack/compare/5.17.8...5.18.0)

---
updated-dependencies:
- dependency-name: django-slack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump vcrpy from 4.2.0 to 4.2.1 (#6785)

Bumps [vcrpy](https://github.com/kevin1024/vcrpy) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/kevin1024/vcrpy/releases)
- [Changelog](https://github.com/kevin1024/vcrpy/blob/master/docs/changelog.rst)
- [Commits](https://github.com/kevin1024/vcrpy/compare/v4.2.0...v4.2.1)

---
updated-dependencies:
- dependency-name: vcrpy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump jquery from 3.6.0 to 3.6.1 in /components (#6766)

Bumps [jquery](https://github.com/jquery/jquery) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/jquery/jquery/releases)
- [Commits](https://github.com/jquery/jquery/compare/3.6.0...3.6.1)

---
updated-dependencies:
- dependency-name: jquery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump python-gitlab from 3.8.1 to 3.9.0 (#6765)

Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 3.8.1 to 3.9.0.
- [Release notes](https://github.com/python-gitlab/python-gitlab/releases)
- [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md)
- [Commits](https://github.com/python-gitlab/python-gitlab/compare/v3.8.1...v3.9.0)

---
updated-dependencies:
- dependency-name: python-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Corrected deduplication settings for anchore enterprise policy checks (#6770)

* Set finding to inactivate after creation of risk acceptance (#6780)

* Auth: Add RemoteUser implementation (#6782)

* Add RemoteUser implementation

* Add documentation

* Add support also for API

* Fix bug that caused scan imports to fail (#6775)

* Adding Closed Notes to Jira (#6806)

current condition : All notes that we sent through the finding detail are sent to jira. But, the closed notes we sent when we close the finding is not sent to jira even if that notes are saved to the finding notes in the finding detail page.
proposed changes : sent the close finding notes to jira also

* Sort findings in notifications (#6817)

* Sorting by severity after add/update

* Sorting out

* Sorting by severity after add/update

* Sorting out

* Translate metrics (#6819)

* Prepared translate for metrics pages

* Fix flake8 notice

Co-authored-by: Дмитрий Муковкин <[email protected]>

* Update the text that slack notification shows (#6825)

* Update the text that slack notification shows

Currently, when a test is added and slack notification is enable is showed: "New test added for engagement {engament.product}" 
I suggest adding the engament name to this phrase: " New test added for engagement {{engagement.name }} in product {{ engagement.produc}}"

* corrected typo in product

corrected typo in product

* #6620 Create API importer for Bugcrowd (#6621)

* Create API importer for Bugcrowd

* Fix linting

* Documentation update

* Implement URI extraction via regex, pagination fetch loop, switch to unique id from tool deduplication alg

* Update api_client.py

* Various fixes

* Fix dateutil parse and auth header

* Fix linting

* Switch to session

* Implement unit testing - WIP

* Bugcrowd api importer unit tests

* Fix flake8

* Simplify parameterization for bugcrowd JSONAPI format

* Fix urlencoding and loop for pagination

* Implement generator api client

* v3 of fetcher with multithreading

* Linting with Black, test data changed for generator function, fix tests

* fix pep8 and add ignore W503 in flake8

* remove json from test

* Use logger for endpoint parsing errors, without breaking parser

* Strip bug url to improve endpoint parsing

* Remove regex usage

* Handle endpoint uri a bit better

* use logger error for endpoint converting

* Improve requests exception handling

* Remove regexes, convert_endpoint function

* Raise exeptions for responses and connection tests

* Do not save broken endpoints, add cleaning in tests

* Align to dev branch

* Named ValidationError exceptions

* Fix conflicts

* Fix conflicts

* Add response text in error message

* Fix liniting

* Update __init__.py

Co-authored-by: Damien Carol <[email protected]>

* Bump numpy from 1.23.2 to 1.23.3 (#6830)

Bumps [numpy](https://github.com/numpy/numpy) from 1.23.2 to 1.23.3.
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](https://github.com/numpy/numpy/compare/v1.23.2...v1.23.3)

---
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-extensions from 3.2.0 to 3.2.1 (#6831)

Bumps [django-extensions](https://github.com/django-extensions/django-extensions) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/django-extensions/django-extensions/releases)
- [Changelog](https://github.com/django-extensions/django-extensions/blob/main/CHANGELOG.md)
- [Commits](https://github.com/django-extensions/django-extensions/compare/3.2.0...3.2.1)

---
updated-dependencies:
- dependency-name: django-extensions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump python from 3.8.13-slim-bullseye to 3.8.14-slim-bullseye (#6832)

Bumps python from 3.8.13-slim-bullseye to 3.8.14-slim-bullseye.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update dependency autoprefixer from 10.4.8 to v10.4.10 (docs/package.json) (#6828)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* fix npm audit JFrog Artifactory import bug (#6786)

* fix npm audit JFrog Artifactory import bug

* added unittest to ensure the npm parser error having a cwe: null will not happen again

* fixed wrong assertion

* Optimize metrics (#6798)

* Optimize metric pages

* Fix design in metrics.html page

* Fixed counting for active_per_period parameter in get_period_counts method

* Fixed unittest test_metrics_queries.py

Co-authored-by: Дмитрий Муковкин <[email protected]>

* switch to Has Capabilities (#6759)

* switch to Has Capabilities

* Address Ingress object

* Center the "No Endpoints" text to match the other objects (#6851)

* Center the "No Endpoints" text to match the other objects

* Update endpoints.html

* Fix simple search width (#6850)

* Added questionnaire functionality documentation

* Fixed bleach clean issue with display tag

* Fix simple search width

* Fixed simple search width

* Update release automation to fix helm issues, Bump versions (#6849)

* Replace documentation links (#6764)

* Replace documentation links, Remove local documentation workflows

* Fix flake8?

* Maybe this is it>

* Restore gh-pages workflow

* Fixed bleach clean not allowing links in descriptions (#6848)

* Added questionnaire functionality documentation

* Fixed bleach clean issue with display tag

* Fixed links in descriptions being cleaned by bleach

* API Cleanup: Set sane defaults for non  required fields and safely retrieve results (#6847)

* API Cleanup: Set san defaults for non  required fields and safely retrieve results

* Correct unit tests

* Added questionnaire functionality documentation (#6846)

* Update helm chart test

* Update versions in application files

* Bump google-auth-oauthlib from 0.5.2 to 0.5.3 (#6843)

Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.5.2 to 0.5.3.
- [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/compare/v0.5.2...v0.5.3)

---
updated-dependencies:
- dependency-name: google-auth-oauthlib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update release-drafter/release-drafter action from v5.20.1 to v5.21.0 (.github/workflows/release-drafter.yml) (#6842)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency autoprefixer from 10.4.10 to v10.4.11 (docs/package.json) (#6841)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump drf-spectacular from 0.23.1 to 0.24.0 (#6838)

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.23.1 to 0.24.0.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.23.1...0.24.0)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix log_user_login_failed is username is missing (#6854)

* Parse mitigation status for Veracode SCA findings (#6855)

* Bump packageurl-python from 0.10.1 to 0.10.3 (#6856)

Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.10.1 to 0.10.3.
- [Release notes](https://github.com/package-url/packageurl-python/releases)
- [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/package-url/packageurl-python/compare/v0.10.1...v0.10.3)

---
updated-dependencies:
- dependency-name: packageurl-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(helm): fix postgresql svc name (#6816)

* Update celery-beat-deployment.yaml

updated celery-beat-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs

* Update celery-worker-deployment.yaml

updated celery-worker-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs

* Update django-deployment.yaml

updated django-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs

* Update celery-beat-deployment.yaml

fixed helm lint problems

* Update celery-worker-deployment.yaml

fixed helm lint problems

* Update django-deployment.yaml

fixed helm lint problems

* Bump pyjwt from 2.4.0 to 2.5.0 (#6860)

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bugfixes for Github Vulnerability Parser (#6870)

* Add checks for anonymous users in auth model (#6869)

* Add checks for anonymous users in auth model

* Change type of failure for queries object

* Fix Flake8

* Update versions in application files

* Update versions in application files

* added Null value check in vectorString of Github Scan (Credit @L3m0nb4tt3ry) (#6879)

* Update test-helm-chart.yml

* SonarQube API Importer: Supprt for SonarCloud and Multi Branch Scanning (#6880)

* SonarQube API Importer: Supprt for SonarCloud and Multi Branch Scanning

* Correct the removed find project capability

* Update versions in application files

* Update versions in application files

* Bump google-auth from 2.11.0 to 2.11.1 (#6863)

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.11.0 to 2.11.1.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.11.0...v2.11.1)

---
updated-dependencies:
- dependency-name: google-auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update dependency autoprefixer from 10.4.11 to v10.4.12 (docs/package.json) (#6868)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump djangosaml2 from 1.5.2 to 1.5.3 (#6877)

Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.5.2 to 1.5.3.
- [Release notes](https://github.com/IdentityPython/djangosaml2/releases)
- [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES)
- [Commits](https://github.com/IdentityPython/djangosaml2/compare/v1.5.2...v1.5.3)

---
updated-dependencies:
- dependency-name: djangosaml2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update redis Docker tag from 7.0.4 to v7.0.5 (docker-compose.yml) (#6887)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update celery-beat-deployment.yaml

* Update celery-worker-deployment.yaml

* Update django-deployment.yaml

* Bump drf-spectacular from 0.24.0 to 0.24.2 (#6909)

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.24.0 to 0.24.2.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.24.0...0.24.2)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump drf-yasg from 1.21.3 to 1.21.4 (#6908)

Bumps [drf-yasg](https://github.com/axnsan12/drf-yasg) from 1.21.3 to 1.21.4.
- [Release notes](https://github.com/axnsan12/drf-yasg/releases)
- [Changelog](https://github.com/axnsan12/drf-yasg/blob/1.21.4/docs/changelog.rst)
- [Commits](https://github.com/axnsan12/drf-yasg/compare/1.21.3...1.21.4)

---
updated-dependencies:
- dependency-name: drf-yasg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update rabbitmq Docker tag from 3.10.7 to v3.11.0 (docker-compose.yml) (#6905)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency postcss-cli from 9.1.0 to v10 (docs/package.json) (#6903)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump django-debug-toolbar from 3.6.0 to 3.7.0 (#6900)

Bumps [django-debug-toolbar](https://github.com/jazzband/django-debug-toolbar) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/jazzband/django-debug-toolbar/releases)
- [Changelog](https://github.com/jazzband/django-debug-toolbar/blob/main/docs/changes.rst)
- [Commits](https://github.com/jazzband/django-debug-toolbar/compare/3.6...3.7)

---
updated-dependencies:
- dependency-name: django-debug-toolbar
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump humanize from 4.3.0 to 4.4.0 (#6884)

Bumps [humanize](https://github.com/python-humanize/humanize) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/python-humanize/humanize/releases)
- [Commits](https://github.com/python-humanize/humanize/compare/4.3.0...4.4.0)

---
updated-dependencies:
- dependency-name: humanize
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump easymde from 2.16.1 to 2.18.0 in /components (#6872)

Bumps [easymde](https://github.com/Ionaru/easy-markdown-editor) from 2.16.1 to 2.18.0.
- [Release notes](https://github.com/Ionaru/easy-markdown-editor/releases)
- [Changelog](https://github.com/Ionaru/easy-markdown-editor/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Ionaru/easy-markdown-editor/compare/2.16.1...2.18.0)

---
updated-dependencies:
- dependency-name: easymde
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update stefanzweifel/git-auto-commit-action action from v4.14.1 to v4.15.0 (.github/workflows/release-3-master-into-dev.yml) (#6895)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6902)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump google-api-python-client from 2.60.0 to 2.63.0 (#6910)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.60.0 to 2.63.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.60.0...v2.63.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump djangorestframework from 3.13.1 to 3.14.0 (#6883)

Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.13.1 to 3.14.0.
- [Release notes](https://github.com/encode/django-rest-framework/releases)
- [Commits](https://github.com/encode/django-rest-framework/compare/3.13.1...3.14.0)

---
updated-dependencies:
- dependency-name: djangorestframework
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Mitigate Veracode SourceClear findings with "Fixed" status (#6876)

* Added parser for new report format of AnchoreCTL (Anchore Enterprise Engine's new CLI Tool) (#6874)

* Added parser for anchore engine reports exported with AnchoreCTL

* Added parser for policy results from anchoreCTL, renamed vuln parser

* Adjusted name of class to avoid conflicts

* Corrected wrong key

* Adjusted syntax errors

* Added unit tests, fixed unit tests

* Removed explicit platform definition in docker-compose

* Corrected dedup settings

* Removed author info

* Fixing broken report generation when more than one item is selected (#6906)

* Fix error when promoting stub finding to JIRA (#6898)

* Fix improper reactivation in reimporter, using is_mitigated (#6885)

* Fix improper reactivation in reimporter, using is_mitigated

https://github.com/DefectDojo/django-DefectDojo/pull/6452

* Update reimporter.py

* Fix accepted by name (#6867)

* Update view_risk_acceptance.html

Remove get_full_name from accepted_by as it's free text not a user

* Update view_eng.html

Remove get_full_name from accepted_by as it's free text not a user

* Fix url creation for github for file location (#6888)

* [FIX] JQuery Error on Edit Finding (#6619)

* Bug Fix (JQuery Error)

When editing a finding, a click on the "See Alerts" button at the right corner of the webpage will cause a JQuery JavaScript Error. Removing JQuery usage and using JS trim instead.

* Update package.json

* Update __init__.py

* Update pipeline.py

* Update Chart.yaml

* Update pipeline.py

* Update views.py

* Update __init__.py

* Update views.py

* Update pipeline.py

* Update pipeline.py

* tools: NeuVector: introducing NeuVector (REST) scan type (#6809)

This commit adds the support of NeuVector
(https://github.com/neuvector/neuvector) tool for importing scan
results. Scan results can be exported via REST API in JSON format (that
is why the tool is named 'NeuVector (REST)'). There is no GUI for that
at the moment.

Scan results are just a list of issues found in packages installed in
a container or an image. Very similar to Twistlock.

NeuVector also provides compliance scan results. This is not supported
by the introduced tool.

* Bump django-dbbackup from 4.0.1 to 4.0.2 (#6911)

Bumps [django-dbbackup](https://github.com/jazzband/django-dbbackup) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/jazzband/django-dbbackup/releases)
- [Changelog](https://github.com/jazzband/django-dbbackup/blob/master/docs/changelog.rst)
- [Commits](https://github.com/jazzband/django-dbbackup/commits/4.0.2)

---
updated-dependencies:
- dependency-name: django-dbbackup
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-split-settings from 1.1.0 to 1.2.0 (#6914)

Bumps [django-split-settings](https://github.com/sponsors/wemake-services) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/sponsors/wemake-services/releases)
- [Commits](https://github.com/sponsors/wemake-services/commits)

---
updated-dependencies:
- dependency-name: django-split-settings
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump google-auth from 2.11.1 to 2.12.0 (#6913)

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.11.1 to 2.12.0.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.11.1...v2.12.0)

---
updated-dependencies:
- dependency-name: google-auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update helm/chart-testing-action action from v2.3.0 to v2.3.1 (.github/workflows/test-helm-chart.yml) (#6915)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Estimated remediation date (#6302)

* initial commit for branch

* added bulk edit

* code complete (I hope). Committing before adding tests

* additional work to allow users to edit/add a planned remediation date

* Typo on auto_create_context (#6291)

* removed calendar icons in list view

* pep8 fixes

* pep8 fixes

* pep8 again!

* removed manually created migration file

* auto-generated migration file

* formatting fixes

* pep8 fix

* reran migrations and still getting changes for rule and child_rule

* reran migrations

* formatting changes

* Update forms.py

* updated find method for dom element

* updated adhoc Finding form for bug fix

* removing erroneous selenium config

* updated promot finding form for bug fix

* formatting fix

* PR cleanups

* rebase on latest dev

* pep8 fixes

* formatting fixes

* formatting changes

* updated adhoc Finding form for bug fix

* PR cleanups

* fixed bolded remediation date field

* removed breaks and used CSS

* pep8 fixes

* pep8 fix

* fixing bad migration

* merging latest from dev

* further merge fixes

* css fixes for date picker

* Update docker-compose.override.integration_tests.yml

Co-authored-by: Chris Fort <[email protected]>
Co-authored-by: Bastian Hodapp <[email protected]>
Co-authored-by: Cody Maffucci <[email protected]>

* Bump python-gitlab from 3.9.0 to 3.10.0 (#6912)

Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 3.9.0 to 3.10.0.
- [Release notes](https://github.com/python-gitlab/python-gitlab/releases)
- [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md)
- [Commits](https://github.com/python-gitlab/python-gitlab/compare/v3.9.0...v3.10.0)

---
updated-dependencies:
- dependency-name: python-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add support for specifying custom JIRA fields (#6740)

* Add support for specifying custom JIRA fields

* Update and rename 0169_jira_project_custom_fields.py to 0170_jira_project_custom_fields.py

Co-authored-by: Cody Maffucci <[email protected]>

* Don't create finding JIRAs on a bulk update if we are creating a finding group JIRA (#6709)

* Update dependency postcss from 8.4.16 to v8.4.17 (docs/package.json) (#6923)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Add the ability to set JIRA labels per-product or engagement (#6720)

* Add the ability to set JIRA labels per-product or engagement

* Rename 0169_auto_20220816_1333.py to 0169_jira_labels_per_product_and_engagement.py

* Delete 0170_jira_project_custom_fields.py

* Update and rename 0169_jira_labels_per_product_and_engagement.py to 0171_jira_labels_per_product_and_engagement.py

* Restore deleted migration

* Fix spacing in migration to remove change from dif

Co-authored-by: Cody Maffucci <[email protected]>

* Added filter for existance of JIRA issue in finding (#6919)

* Bump coverage from 6.4.4 to 6.5.0 (#6921)

Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.4 to 6.5.0.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/6.4.4...6.5.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* changed type to regular django type to also pick up creation events (#6918)

* changed type to regular django type to also pick up creation events from ldap and oauth

* removed unused import

* this event should be triggered for all user-types

* fixed test to include the now created group/notification relations

* Bugfixing when the Checkov report has no findings (#6097)

* Bugfixing when the Checkov report has no findings

# Current error log:
[29/Mar/2022 11:55:54] ERROR [dojo.api_v2.exception_handler:26] 'check_type'
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/rest_framework/mixins.py", line 19, in create
    self.perform_create(serializer)
  File "/app/./dojo/api_v2/views.py", line 1957, in perform_create
    serializer.save(push_to_jira=push_to_jira)
  File "/app/./dojo/api_v2/serializers.py", line 1246, in save
    test, finding_count, closed_finding_count = importer.import_scan(scan, scan_type, engagement, lead, environment,
  File "/app/./dojo/importers/importer/importer.py", line 349, in import_scan
    parsed_findings = parser.get_findings(scan, test)
  File "/app/./dojo/tools/checkov/parser.py", line 22, in get_findings
    check_type = tree['check_type']
KeyError: 'check_type'
[29/Mar/2022 11:55:54] ERROR [django.request:224] Internal Server Error: /api/v2/import-scan/
ERROR:django.request:Internal Server Error: /api/v2/import-scan/
[pid: 1|app: 0|req: 2020/4117] 10.6.33.147 () {44 vars in 738 bytes} [Tue Mar 29 11:55:54 2022] POST /api/v2/import-scan/ => generated 59 bytes in 54 msecs (HTTP/1.1 500) 7 headers in 212 bytes (1 switches on core 1)

* Fix to make the previous fix shorter.

Co-authored-by: Daniel Velardez <[email protected]>

* added option to add labels using podLabels: {}

* Bump django from 3.2.15 to 3.2.16 (#6938)

Bumps [django](https://github.com/django/django) from 3.2.15 to 3.2.16.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/3.2.15...3.2.16)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* SonarQube API Importer: Add sonarcloud global org id, code clean up (#6928)

* SonarQube API Importer: Add sonarcloud global org id, code clean up

* Fix Flake8

* Add clause for non entered extras

* Jira Webhook: Catch missing assignee field + code cleanup (#6929)

* Add validation error when users attempt to send email without valid SMTP server (#6930)

* Add validation error when users attempt send email without valid SMTP server

* Be sure to close connection after opening it

* Update views.py

* TruffleHog: Add v3 support to original trufflehog parser (#6937)

* TruffleHog: Add v3 support to originaly trufflehog parser

* Remove extra printing

* Flake8

* Update versions in application files

* Add upgrade notes for 2.15.0

* Update versions in application files

* Make doc update action only apply when docs are updated

* Rev node version for gh-pages deploy

* Update rabbitmq:3.11.0-alpine Docker digest from 3.11.0 to 3.11.0-alpine (docker-compose.yml) (#6936)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump pytz from 2022.2.1 to 2022.4 (#6934)

Bumps [pytz](https://github.com/stub42/pytz) from 2022.2.1 to 2022.4.
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](https://github.com/stub42/pytz/commits)

---
updated-dependencies:
- dependency-name: pytz
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Make version optional for cyclonedx (#6950)

* Update tj-actions/changed-files action from v31 to v32 (.github/workflows/submodule-update.yml) (#6949)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump google-api-python-client from 2.63.0 to 2.64.0 (#6946)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.63.0 to 2.64.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.63.0...v2.64.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Parse state, cwe and createdAt in the GitHub parser (#6945)

* Update styfle/cancel-workflow-action action from 0.10.0 to v0.10.1 (.github/workflows/cancel-outdated-workflow-runs.yml) (#6927)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update redis:7.0.5-alpine Docker digest from 7.0.5 to 7.0.5-alpine (docker-compose.yml) (#6953)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Rev actions to latest ubuntu version per https://github.com/actions/runner-images/issues/6002 (#6931)

* Helm Chart: Create PVC as part of the Chart (#6271)

* Create PVC as part of the Chart

* Allow creating pvc or disabling it

* Set pvc creation to false as default

* Remove trailing spaces

* Modify storage access mode and size

* Update KUBERNETES.md to reflect storage accessMode

* Fix linting issue

* Modify pvc documentation in KUBERNETES.md

* Bump psycopg2-binary from 2.9.3 to 2.9.4 (#6958)

Bumps [psycopg2-binary](https://github.com/psycopg/psycopg2) from 2.9.3 to 2.9.4.
- [Release notes](https://github.com/psycopg/psycopg2/releases)
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](https://github.com/psycopg/psycopg2/commits)

---
updated-dependencies:
- dependency-name: psycopg2-binary
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump gitpython from 3.1.27 to 3.1.28 (#6957)

Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.27 to 3.1.28.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.27...3.1.28)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Fix] API - Tool Product Settings (#6170) (#6904)

* Made the product editable on Tool_Product_Settings

* Reverted the model change and modified the Tool_Product_Settings serializer to support specifying the product.

* dojo: tool: introduce NeuVector compliance scans import support (#6947)

This commit makes DefectDojo to support compliance scans performed by
NeuVector. Such scan results can only be fetched via REST API using
endpoints like /v1/scan/workload/{id} and /v1/host/{id}/compliance. The
latter one returns the results in a slightly different format. Both of
them are supported.

* Bump nginx from `082f8c1` to `b87c350` (#6961)

Bumps nginx from `082f8c1` to `b87c350`.

---
updated-dependencies:
- dependency-name: nginx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pdfmake from 0.2.5 to 0.2.6 in /components (#6960)

Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.2.5 to 0.2.6.
- [Release notes](https://github.com/bpampuch/pdfmake/releases)
- [Changelog](https://github.com/bpampuch/pdfmake/blob/0.2.6/CHANGELOG.md)
- [Commits](https://github.com/bpampuch/pdfmake/compare/0.2.5...0.2.6)

---
updated-dependencies:
- dependency-name: pdfmake
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* dojo: jira_link: improve error reporting when fetching Jira metadata (#6962)

get_jira_meta() function in did not check if jira.createmeta() raises an
exception. In case an exception was raised, it was not logged anyhow, the logs
contained only "invalid JIRA Project Config.." message in DEBUG stream.

This commit stores an error triggered by jira.createmeata() in logs and displays
it to a user. The commit also slightly improves quotes formatting for
debug-level error message.

* Add the ability to specify the Epic name and priority in JIRA (#6768)

* Update stefanzweifel/git-auto-commit-action action from v4.15.0 to v4.15.1 (.github/workflows/release-3-master-into-dev.yml) (#6964)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Use DEDUPE_ALGO_HASH_CODE for Acunetix360 (#6968)

* Update mysql Docker tag from 5.7.39 to v5.7.40 (docker-compose.yml) (#6969)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update versions in application files

* Fixed 500 error for GitHub finding links (#6981)

* Typo on auto_create_context (#6291)

* Fixed 500 error for GitHub finding links

Co-authored-by: Bastian Hodapp <[email protected]>

* Update versions in application files

* Add Rubocop to parser documentation (#6978)

* Update styfle/cancel-workflow-action action from 0.10.1 to v0.11.0 (.github/workflows/cancel-outdated-workflow-runs.yml) (#6977)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency postcss from 8.4.17 to v8.4.18 (docs/package.json) (#6979)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump cryptography from 38.0.1 to 38.0.2 (#6976)

Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.1 to 38.0.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/38.0.1...38.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pygithub from 1.55 to 1.56 (#6986)

Bumps [pygithub](https://github.com/pygithub/pygithub) from 1.55 to 1.56.
- [Release notes](https://github.com/pygithub/pygithub/releases)
- [Changelog](https://github.com/PyGithub/PyGithub/blob/master/doc/changes.rst)
- [Commits](https://github.com/pygithub/pygithub/compare/v1.55...v1.56)

---
updated-dependencies:
- dependency-name: pygithub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update postgres:14.5-alpine Docker digest from 14.5 to 14.5-alpine (docker-compose.yml) (#6952)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Fix errors with risk acceptance filter (#6984)

* Fix issues with Bugcrowd API parser not marking not_applicable/not_reproducible as inactive (#6974)

* Update rabbitmq:3.11.0-alpine Docker digest from 3.11.0 to v (docker-compose.yml) (#6988)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update rabbitmq Docker tag from 3.11.0 to v3.11.1 (docker-compose.yml) (#6989)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump packageurl-python from 0.10.3 to 0.10.4 (#6997)

Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.10.3 to 0.10.4.
- [Release notes](https://github.com/package-url/packageurl-python/releases)
- [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/package-url/packageurl-python/compare/v0.10.3...v0.10.4)

---
updated-dependencies:
- dependency-name: packageurl-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump sqlalchemy from 1.4.41 to 1.4.42 (#6996)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.41 to 1.4.42.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update rabbitmq:3.11.1-alpine Docker digest from 3.11.1 to 3.11.1-alpine (docker-compose.yml) (#6993)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update release-drafter/release-drafter action from v5.21.0 to v5.21.1 (.github/workflows/release-drafter.yml) (#7000)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Parse Veracode library_id for SCA to get the maven component name (#6995)

* Enable filtering Findings on steps_to_reproduce (#6970)

* Bump python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye (#6998)

Bumps python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update asset and findings retrieval for Cobalt API parser (#7005)

Update the Cobalt API parser's `CobaltAPI` client to fetch the maximum
allowed number of findings and assets.

* Update tj-actions/changed-files action from v32 to v33 (.github/workflows/submodule-update.yml) (#7014)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update rabbitmq Docker tag from 3.11.1 to v3.11.2 (docker-compose.yml) (#7008)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* [FIX] Issues on disconnection and connection using Social Auth (#6066)

* [FIX] Issues on disconnection and connection using OAuth

Fix two issues:
    - When disconnecting using OAuth and "SHOW_LOGIN_FORM = False", as return URL is not /login and does not contains next parameter, an error 500 is trigerred.
    - When connecing using OAuth and "SHOW_LOGIN_FORM = False", message "You have logged out" is displayed after logging in.

* Fixing Flake8 issues

* Update package.json

* Update __init__.py

* Update views.py

* Update pipeline.py

* Update Chart.yaml

* Update __init__.py

* Update views.py

* Update pipeline.py

* Update pipeline.py

* Update pipeline.py

* Fix out of SLA time (#7017)

* Add a HTML link in the references back to the Bugcrowd finding (#7018)

* Bump boto3 from 1.24.55 to 1.25.0 (#7022)

Bumps [boto3](https://github.com/boto/boto3) from 1.24.55 to 1.25.0.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.24.55...1.25.0)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update tj-actions/changed-files action from v33 to v34 (.github/workflows/submodule-update.yml) (#7026)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.32.0 to v1.33.0 (helm/defectdojo/values.yaml) (#7025)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump uwsgi from 2.0.20 to 2.0.21 (#7023)

Bumps [uwsgi](https://github.com/unbit/uwsgi-docs) from 2.0.20 to 2.0.21.
- [Release notes](https://github.com/unbit/uwsgi-docs/releases)
- [Commits](https://github.com/unbit/uwsgi-docs/commits)

---
updated-dependencies:
- dependency-name: uwsgi
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update postgres:14.5-alpine Docker digest from 14.5 to v (docker-compose.yml) (#7024)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump google-auth-oauthlib from 0.5.3 to 0.6.0 (#7021)

Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.5.3 to 0.6.0.
- [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/compare/v0.5.3...v0.6.0)

---
updated-dependencies:
- dependency-name: google-auth-oauthlib
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update rabbitmq:3.11.2-alpine Docker digest from 3.11.2 to 3.11.2-alpine (docker-compose.yml) (#7020)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump nginx from 1.23.1-alpine to 1.23.2-alpine (#7019)

Bumps nginx from 1.23.1-alpine to 1.23.2-alpine.

---
updated-dependencies:
- dependency-name: nginx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update stefanzweifel/git-auto-commit-action action from v4.15.1 to v4.15.2 (.github/workflows/release-3-master-into-dev.yml) (#7016)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Add support for ZAP "XML with requests and responses" format (#7013)

* Support ZAP XML with requests and responses

Signed-off-by: Max Maass <[email protected]>

* Update ZAP parser with final XMLplus format

Signed-off-by: Max Maass <[email protected]>

* Update ZAP parser docs

Signed-off-by: Max Maass <[email protected]>

Signed-off-by: Max Maass <[email protected]>

* Bump pyjwt from 2.5.0 to 2.6.0 (#7010)

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/commits)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update mysql:5.7.40 Docker digest from 5.7.40 to v (docker-compose.yml) (#7007)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump pytz from 2022.4 to 2022.5 (#7003)

Bumps [pytz](https://github.com/stub42/pytz) from 2022.4 to 2022.5.
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](https://github.com/stub42/pytz/compare/release_2022.4...release_2022.5)

---
updated-dependencies:
- dependency-name: pytz
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Don't save vulnerability Ids on a re-import if they're already defined for the finding (#7012)

* Bump gitpython from 3.1.28 to 3.1.29 (#6966)

Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.28 to 3.1.29.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.28...3.1.29)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add the ability to only create finding groups when you have more than one finding in the group (#6916)

* Bump google-auth from 2.12.0 to 2.13.0 (#7004)

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.12.0 to 2.13.0.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.12.0...v2.13.0)

---
updated-dependencies:
- dependency-name: google-auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update postgres Docker tag from 14.5 to v15 (docker-compose.yml) (#6994)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump google-api-python-client from 2.64.0 to 2.65.0 (#7006)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.64.0 to 2.65.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.64.0...v2.65.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Endpoint_Status: Optimize DB (remove redundancy) (#6193)

* Endpoint_Status: Optimize DB (remove redundancy)

* small changes in comments

* Fix importers, add TODOs

* Fix migrations - rebase

* Fix fixtures

* add findings to Endpoint

* consolidate models.py

* fix alternative names for endpoint_status

diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py
index 592b6bb16..83c5fc5bc 100644
--- a/dojo/api_v2/views.py
+++ b/dojo/api_v2/views.py
@@ -507,7 +507,7 @@ class FindingViewSet(prefetch.PrefetchListMixin,
                                                     'finding_group_set',
                                                     'files',
                                                     'burprawrequestresponse_set',
-                                                    'endpoint_status',
+                                                    'status_finding',
                                                     'finding_meta',
                                                     'test__test_type',
                                                     'test__engagement',
@@ -1757,7 +1757,7 @@ class TestImportViewSet(prefetch.PrefetchListMixin,
                                         'test_import_finding_action_set',
                                         'findings_affected',
                                         'findings_affected__endpoints',
-                                        'findings_affected__endpoint_status',
+                                        'findings_affected__status_finding',
                                         'findings_affected__finding_meta',
                                         'findings_affected__jira_issue',
                                         'findings_affected__burprawrequestresponse_set',
diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py
index 4bfb0805e..dd239751a 100644
--- a/dojo/endpoint/views.py
+++ b/dojo/endpoint/views.py
@@ -32,10 +32,17 @@ logger = logging.getLogger(__name__)
 def process_endpoints_view(request, host_view=False, vulnerable=False):

     if vulnerable:
-        endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__fals…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
docs parser settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR ui unittests
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants