Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge bugfix -> dev for release 2.42.0 #11511

Merged
merged 3 commits into from
Jan 6, 2025
Merged

Merge bugfix -> dev for release 2.42.0 #11511

merged 3 commits into from
Jan 6, 2025

Conversation

Maffooch
Copy link
Contributor

@Maffooch Maffooch commented Jan 6, 2025

No description provided.

DefectDojo release bot and others added 3 commits December 30, 2024 15:57
Update versions in application files
c0f2ba8
@rossops
Merge pull request #11479 from DefectDojo/master-into-bugfix/2.41.4-2…
1dfce36 
….42.0-dev

Release: Merge back 2.41.4 into bugfix from: master-into-bugfix/2.41.4-2.42.0-dev
@hblankenship
Update JIRA for Finding Group When Risk Acceptance Expires (#11401)
9e14120 
* update group jira RA, use helper for UI

* ruff it up

* return endpoint update

* move func to jira_helper, update calls

* the endpoints fail the test?

* rearrange risk changes

* fix for minor e.text error, minor grammar issue

* added test for changing jira group status

* remove newline at end of file
@Maffooch Maffooch marked this pull request as ready for review January 6, 2025 14:20
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 6, 2025

DryRun Security Summary

The pull request enhances the Defect Dojo application by improving JIRA integration, risk acceptance management, and introducing comprehensive unit testing for version 2.42.0-dev.

Expand for full summary

Summary:

The changes in this pull request cover a range of updates and improvements to the Defect Dojo application, with a focus on the integration with the JIRA issue tracking system. The key changes include:

  1. Version Updates: The project version is being updated from 2.41.4 to 2.42.0-dev, which is a development version. It's important to review the release notes and thoroughly test the changes before deploying the development version to a production environment.

  2. JIRA Integration Enhancements: The changes introduce new functions and improvements to the JIRA integration, including handling JIRA connection and authentication, managing JIRA projects and issues, synchronizing status between the application and JIRA, and handling attachments and notifications.

  3. Risk Acceptance Management: The changes enhance the risk acceptance management functionality, including handling the expiration and reactivation of risk acceptances, updating JIRA issues, and creating notifications.

  4. Unit Testing: The pull request includes a set of unit tests for the JIRA import and pushing functionality, ensuring the robustness and security of the integration between the Defect Dojo application and JIRA.

Overall, these changes aim to improve the security management capabilities of the Defect Dojo application by providing a more robust integration with the JIRA issue tracking system, enhancing the risk acceptance management, and introducing comprehensive testing to ensure the reliability and security of the application.

Files Changed:

  1. components/package.json: The version of the defectdojo project is being updated from 2.41.4 to 2.42.0-dev, a development version. It's important to review the release notes and thoroughly test the changes before deployment.
  2. dojo/fixtures/dojo_testdata.json: The JIRA instance configuration is being updated to use placeholder values for the username and password, which is a good security practice.
  3. dojo/finding/views.py: The "reopen_finding" function is being updated to properly handle the reopening of a finding, including clearing any associated risk acceptance and updating the JIRA and external issue tracking systems.
  4. dojo/jira_link/helper.py: The changes focus on enhancing the JIRA integration, including handling JIRA connection and authentication, managing JIRA projects and issues, synchronizing status, and handling attachments and notifications.
  5. helm/defectdojo/Chart.yaml: The Helm chart version is being updated from 1.6.166 to 1.6.167-dev, reflecting the development version of the application.
  6. dojo/risk_acceptance/helper.py: The changes improve the risk acceptance management functionality, including handling the expiration and reactivation of risk acceptances and updating the JIRA integration.
  7. unittests/test_jira_import_and_pushing_api.py: This file contains a set of unit tests for the JIRA import and pushing functionality, ensuring the reliability and security of the integration between Defect Dojo and JIRA.

Code Analysis

We ran 9 analyzers against 8 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

View PR in the DryRun Dashboard.

@Maffooch Maffooch changed the title Merge dev -> bugfix for release 2.42.0 Merge bugfix -> dev for release 2.42.0 Jan 6, 2025
@Maffooch Maffooch merged commit ebcd590 into dev Jan 6, 2025
74 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
helm unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Maffooch @rossops @hblankenship