django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard

Published 20 hours ago verified publisher icon DefectDojo

Notification for new findings

Open Gby56 opened this issue 2 years ago • 5 comments

Is your feature request related to a problem? Please describe This is a very simple idea, but sometimes, when you manage a mix of tools that are cloud-hosted, and DIY scanners, and lots more, it is hard to keep track of new findings that might be found daily/weekly. Having a dashboard might help, but still requires you to connect daily and check the numbers.

Describe the solution you'd like A simple notification when a new finding has been created, for a given filter like:

  • is SAST
  • is severity Critical
  • of CWE CWE-94
  • in product X
  • OR in product of team Y

Having that kind of notification system, both per-user and for the whole DefectDojo instance (especially for Security Engineering teams that manage the instance, it would be cool to get slack notifications about anything new critical appearing)

Describe alternatives you've considered I guess querying and filtering the API daily/hourly and sending a webhook myself to Slack ?

Gby56 avatar Jan 10 '23 13:01 Gby56

I would add that these notification settings should not necessarily be tied to specific users. I need to set up various notifications, each sent to a different Slack channel, and all DefectDojo admins should be able to add/update/remove them.

(Alternatively, these notifications could be tied to new users which I would create, but currently I can't even set up notifications for other users without manually editing the database. Solution for this is enabling superusers to log in as others, looks like this could be used: https://pypi.org/project/django-impersonate/ )

tomaszn avatar Aug 31 '23 18:08 tomaszn

We also need this in our organization.

We want to be able to notify security champions of teams about new high/critical findings in their recent engagements of their own products, therefore it would be a really handy enhancement to add the ability to send email notifications per product type, per severity for the latest engagement.

farsheedify avatar Oct 15 '23 08:10 farsheedify

As a workaround, there are findings_new, findings_mitigated, findings_reactivated and findings_untouched lists are transferred to template renderer here https://github.com/DefectDojo/django-DefectDojo/blob/1f450c2e737df8e9331590f633a2961562b35429/dojo/notifications/helper.py#L401 You can iterate them inside https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/templates/notifications/slack/scan_added.tpl template, for example add new findings title to the notification :

New findings:
{% for finding in findings_new %}
  {{ finding.title }}
{% endfor %}

P.S. you need to remove blocktranslate block if you want to add new for or if blocks

ansereb avatar Mar 20 '24 12:03 ansereb

@ansereb thanks for the workaround, unfortunately I'm finding that with this method the deduplication has not necessarily finished when the notification is sent. For large scan files, many issues still get sent to Slack, any thoughts on handling this?

jonhall54 avatar May 08 '24 14:05 jonhall54

@jonhall54 i think it may happen if you upload a scan into new test. Try re-upload into existing test instead, for me it's resolved the issue

ansereb avatar Jun 28 '24 16:06 ansereb