django-DefectDojo

django-DefectDojo copied to clipboard

Anchore introduced AnchoreCTL as new CLI Tool (https://docs.anchore.com/current/docs/deployment/anchorectl/) - this also brought some new / adjusted report formats with it. This will render the existing parser for "Anchore Engine Scan"...

fhoeborn

This PR changes DefectDojo to use the `psycopg2` package instead of `psycopg2-binary`. This fixes a [problem](https://github.com/psycopg/psycopg2/issues/1360) with running DefectDojo on `aarch64` machines, with the main motivation here being able to...

Ayrx

PR #6149 only fixed the keys for redis but not for rabbitmq. This PR fixes this problem and additionally removed unnecessary ifs, which was already discussed in #6054.

italvi

Removed get_full_name from accepted_by in two templates, as accepted_by doesn't get set to a user, it's free text entry. Prior to this fix, "Accepted By" value was blank on these...

JoshBrodieTM

The report builder doesn't work properly when multiple severities are selected for filtration. During a report generation, if multiple severity selected, the report builder only generates a report for single...

jakealbasan

These commits is the attempt to resolve groups handling when underlying authentication backend manages them ahead of DefectDojo. Such case can appear when LDAP authentication is used with AUTH_LDAP_MIRROR_GROUPS set...

pna-nca

Components without vulnerabilities are not imported from SBOM or scan results

2

**Bug description** After I import trivy dependency scan with all pkgs, in Dojo Components tab I can see only packages that have at least 1 vulnerability (with Info severity or...

awakenine

I can't change the dashboard to show the general metrics, in all the filters it is in anytime, even so it only shows the last 7 days clear all cache,...

saheredelgadom

Trufflehog v3+ JSON format not supported

1

DefectDojo currently has two parsers for "Trufflehog": * [`dojo/tools/trufflehog`](https://github.com/DefectDojo/django-DefectDojo/tree/master/dojo/tools/trufflehog) * [`dojo/tools/trufflehog3`](https://github.com/DefectDojo/django-DefectDojo/tree/master/dojo/tools/trufflehog3) The first parser works for the **old** JSON format for [Trufflehog](https://github.com/trufflesecurity/trufflehog). This output format can be generated by the...

Ayrx

Adding a "component" / "service" data structure below products

2

**Is your feature request related to a problem? Please describe** We have Products with multiple components / services. Each component / service will be built into its own docker container...

fhoeborn