Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

changed Oauth to oicd plugin and configured it.... #6

Closed
wants to merge 42 commits into from
Closed

changed Oauth to oicd plugin and configured it.... #6

wants to merge 42 commits into from

Conversation

lme-nca
Copy link

@lme-nca lme-nca commented Mar 8, 2024

⚠️ Note on feature completeness ⚠️

We are narrowing the scope of acceptable enhancements to DefectDojo in preparation for v3. Learn more here:
https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md

Description

Describe the feature / bug fix implemented by this PR.
If this is a new parser, the parser guide may be worth (re)reading.

Test results

Ideally you extend the test suite in tests/ and dojo/unittests to cover the changed in this PR.
Alternatively, describe what you have and haven't tested.

Documentation

Please update any documentation when needed in the documentation folder)

Checklist

This checklist is for your information.

  • Make sure to rebase your PR against the very latest dev.
  • Features/Changes should be submitted against the dev.
  • Bugfixes should be submitted against the bugfix branch.
  • Give a meaningful name to your PR, as it may end up being used in the release notes.
  • Your code is flake8 compliant.
  • Your code is python 3.11 compliant.
  • If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
  • Model changes must include the necessary migrations in the dojo/db_migrations folder.
  • Add applicable tests to the unit tests.
  • Add the proper label to categorize your PR.

Extra information

Please clear everything below when submitting your pull request, it's here purely for your information.

Moderators: Labels currently accepted for PRs:

  • Import Scans (for new scanners/importers)
  • enhancement
  • performance
  • feature
  • bugfix
  • maintenance (a.k.a chores)
  • dependencies
  • New Migration (when the PR introduces a DB migration)
  • settings_changes (when the PR introduces changes or new settings in settings.dist.py)

Contributors: Git Tips

Rebase on dev branch

If the dev branch has changed since you started working on it, please rebase your work after the current dev.

On your working branch mybranch:

git rebase dev mybranch

In case of conflict:

 git mergetool
 git rebase --continue

When everything's fine on your local branch, force push to your myOrigin remote:

git push myOrigin --force-with-lease

To cancel everything:

git rebase --abort

Squashing commits

git rebase -i origin/dev
  • Replace pick by fixup on the commits you want squashed out
  • Replace pick by reword on the first commit if you want to change the commit message
  • Save the file and quit your editor

Force push to your myOrigin remote:

git push myOrigin --force-with-lease

pna-nca and others added 29 commits March 1, 2024 09:12
@pna-nca
indicate that DefectDojo is altered by Netcetera
849c166
@pna-nca
add LDAP support. LDAP is configured via environment variables, see D…
ce0b895 
…D_LDAP_*

Original author: Lars Meijers <[email protected]>
@pna-nca
docker: install globally certificates (*.crt) placed into 'docker/cer…
bdb62df 
…ts' directory
@pna-nca
tools: Tenable: set vuln_id_from_tool property of finding to Nessus p…
e040a26 
…lugin ID on import
@pna-nca
tools: introduce NeuVector API client
81508b7
@pna-nca
trigger NeuVector client API when risk acceptance changed
686f440
@pna-nca
introduce Tenable.SC API client tool
1df1c97
@pna-nca
tools: update accept risk rules in Tenable.SC when the same happens i…
a63e966 
…n DD
@pna-nca
dojo: settings: add DD_DATABASE_OPTIONS env to set DB engine options
e55364c 
Django database engine supports OPTIONS entry in DATABASES setting. This
entry is the only way to configure specific non-standard database
connection settings, for instance: mutual TLS authentication.

This commit adds DD_DATABASE_OPTIONS environment variable support as
dictionary, empty by default.
@pna-nca
helm: configmap: define DD_DATABASE_OPTIONS from Postgres mTLS connec…
cb5deb8 
…tion parameters
@pna-nca
helm: support mounting Postgres mTLS client certs (incluides fix clie…
fc401b9 
…nt key permissions)

Due to kubernetes/kubernetes#57923 we have to
copy the provided client secrets to a temporary writable location and
adjust private key file permissions (to 0600). This has to be done for
all Pods which may connect to the database.
@pna-nca
helm: values: add example for Postgres mTLS connection
3967e5d
@pna-nca
dojo: settings: support configuring LDAP FIND_GROUP_PERMS and MIRROR_…
40f2841 
…GROUPS via environment
@pna-nca
dojo: group: create/delete Dojo_Group when auth backend creates/delet…
cec0d50 
…es one

When using non-DefectDojo native authentication backend, there could be
a case when groups are created by this backend. For instance, when LDAP
module is configured to mirror groups. This commit handles this case and
creates/deletes Dojo_Group instance when "auth_group" is
created/deleted.
@pna-nca
dojo: utils: update Dojo_Group_Member when auth backend updates one
5feed0c 
When using non-DefectDojo native authentication backend, there could be
a case when group membership is updated by this backend. For instance,
when LDAP module is configured to mirror groups it will automatically add
users to groups. This commit handles this case and update Dojo native
group membership according to internal groups configured by auth backend.
@pna-nca
packaging: getting rid of mysql (mariadb)
6e1e7de 
This commit removes mysql requirements from Python and Docker. It also changes
the default database engine in settings to avoid failure during dummy startup.

This commit does not have chances to be merged into upstream.
@pna-nca
packaging: remove unnecessary packages (dnsutils, uuid-runtime)
8e33a0b
@pna-nca
packaging: add libssl-dev as dependency due to pycurl module
81a6af3
@pna-nca
packaging: remove unnecessary python stuff, test scripts and tests th…
f483b6d 
…emselves
@pna-nca
packaging: use only curl when fetching data
799e14b
@pna-nca
packaging: perform yarn autoclean and remove huge bunch of unnecessar…
e374b7c 
…y docs
@pna-nca
packaging: remove setuid/setgid permissions from binaries
ece5ff9
@pna-nca
packaging: upgrade system packages during image preparation
391e62a
@pna-nca
helm: celery-beat: support mounting Postgres mTLS client certs and fi…
1e9df22 
…xing client key permissions
@pna-nca
github: nca-build-docker-image: automate Docker image build and Helm …
7131fa3 
…chart packaging
@lme-nca @pna-nca
reimporter: fix and rewrite
0ea67a4 
See also discussion in DefectDojo#9050
@lme-nca @pna-nca
added healthcheck middleware for ALBs
2ca5f90
@pna-nca
github workflows: sync nca workflow with the current upstream impleme…
fc5d598 
…ntation
@lme-nca
changed Oauth to oicd plugin and configured it....
ee62ae2
@github-actions github-actions bot added the ui label Mar 15, 2024
@lme-nca lme-nca changed the base branch from tag-2.31.5-NCA to tag-2.33.0-NCA April 11, 2024 11:54
@github-actions GitHub Actions
Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@lme-nca lme-nca closed this Apr 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
conflicts-detected New Migration settings_changes ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lme-nca @pna-nca