Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: Merge back 2.42.2 into bugfix from: master-into-bugfix/2.42.2-2.43.0-dev #11608

Merged
merged 6 commits into from
Jan 21, 2025
Merged

Release: Merge back 2.42.2 into bugfix from: master-into-bugfix/2.42.2-2.43.0-dev #11608

merged 6 commits into from
Jan 21, 2025

Conversation

github-actions[bot]
Copy link
Contributor

Release triggered by rossops

paulOsinski and others added 6 commits January 14, 2025 13:48
@paulOsinski
update Pro changelog 2.42.0 (#11518)
65d3bc2 
* update Pro changelog 2.42.0

* qa 'share your Findings'

* changelog 2.42.2

* fix typo working_with_generated_reports.md

---------

Co-authored-by: Paul Osinski <[email protected]>
@paulOsinski @cneill
Docs updates and QA - Jan 2025 (#11568)
6be30ce 
* qa 'share your Findings'

* add vue-ui article to docs

* replace SVGs with PNG

* add info on disconnecting Jira instances

* update configure_system_notifs

* Fix Typo #1

Co-authored-by: Charles Neill <[email protected]>

* fix typo #3

Co-authored-by: Charles Neill <[email protected]>

* Update docs/content/en/about_defectdojo/ui_pro_vs_os.md

Co-authored-by: Charles Neill <[email protected]>

* Update docs/content/en/about_defectdojo/ui_pro_vs_os.md

Co-authored-by: Charles Neill <[email protected]>

---------

Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: Charles Neill <[email protected]>
Update versions in application files
c00b67d
@rossops
Merge branch 'master' into release/2.42.2
4887f1c
@rossops
Merge pull request #11605 from DefectDojo/release/2.42.2
01a86ad 
Release: Merge release into master from: release/2.42.2
Update versions in application files
f379874
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 21, 2025
edited
Loading

DryRun Security Summary

The pull request focuses on improving DefectDojo's documentation across various aspects, including Pro version features, system notifications, API details, and Jira integration, with an emphasis on enhancing usability and providing security-related guidance without introducing significant security vulnerabilities.

Expand for full summary

Summary:

The provided code changes include several updates to the documentation for the DefectDojo application, an open-source application security and vulnerability management platform. The changes cover a range of topics, including updates to the core data models, new features in the DefectDojo Pro version, configuration of system-wide notifications, the DefectDojo API, and integration with external tools like Jira.

From an application security perspective, the changes do not introduce any obvious security vulnerabilities. The documentation updates focus on improving the understanding and usability of the DefectDojo platform, which can indirectly contribute to the overall security of the application by helping users and administrators configure and use the tool effectively.

However, there are a few security-related considerations that should be kept in mind:

  1. Secure Configuration and Access Control: The documentation highlights the importance of properly configuring and securing the system-wide communication channels (email, Slack, Teams) used for notifications, as well as the need to carefully manage access to these channels.
  2. API Security: The updates to the API documentation emphasize the need to properly secure and monitor the use of the API, including the potential risks associated with disabling API token authentication.
  3. Integration Security: The documentation for the Jira integration provides guidance on managing the connection and ensuring that sensitive information is not inadvertently exposed through the integration.

Overall, the changes in this pull request appear to be focused on improving the documentation and usability of the DefectDojo platform, which is a positive step for the project's security and integration capabilities. As an application security engineer, I would recommend closely reviewing any new functionality or changes to ensure that they are implemented securely and in alignment with best practices.

Files Changed:

  1. docs/content/en/open_source/archived_docs/usage/models.md: This file has been updated to replace an SVG image with a PNG image and add an exclude_search parameter to the front matter. These changes do not introduce any security concerns.
  2. docs/content/en/about_defectdojo/ui_pro_vs_os.md: This file has been updated to provide information about the new Beta UI features available in the DefectDojo Pro version, including potential security considerations around API connectors, dashboards, and enterprise-level configurations.
  3. docs/content/en/customize_dojo/notifications/configure_system_notifs.md: This file has been updated to provide guidance on configuring system-wide notifications, including the potential security risks associated with the system-wide communication channels.
  4. docs/content/en/api/api-v2-docs.md: This file has been updated to provide more detailed information about the DefectDojo API v2, including security-related considerations such as authentication, API usage monitoring, and the availability of client libraries.
  5. docs/content/en/open_source/installation/architecture.md: This file has been updated to replace an inline SVG image with a reference to a PNG image, which does not introduce any significant security concerns.
  6. docs/content/en/share_your_findings/jira_integration/connect_to_jira.md: This file has been updated to provide guidance on disconnecting a Jira integration from DefectDojo, which is an important security consideration.
  7. docs/content/en/share_your_findings/pro_reports/working_with_generated_reports.md: This file has been updated to provide additional information about re-running and deleting reports, which does not introduce any security concerns.
  8. docs/content/en/share_your_findings/jira_integration/add_jira_to_product.md: This file has been updated to provide more detailed instructions and configuration options for setting up a Jira integration with a DefectDojo product, including several security-related considerations.
  9. docs/content/en/share_your_findings/jira_integration/troubleshooting_jira.md: This file has been updated to provide guidance on troubleshooting issues with the Jira integration, which can indirectly contribute to the overall security of the application.
  10. dojo/__init__.py: This file has been updated to increment the version number from "2.42.1" to "2.42.2", which is a routine change and does not introduce any security concerns.
  11. helm/defectdojo/Chart.yaml: This file has been updated to increment the Helm chart version from 1.6.169-dev to 1.6.170-dev, which is a minor version update

Code Analysis

We ran 9 analyzers against 18 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

@rossops rossops closed this Jan 21, 2025
@rossops rossops reopened this Jan 21, 2025
@rossops rossops merged commit 9472297 into bugfix Jan 21, 2025
71 checks passed
@rossops rossops deleted the master-into-bugfix/2.42.2-2.43.0-dev branch January 21, 2025 16:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
docs helm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rossops @paulOsinski