Merge branch 'dev' into fix--helm-chart

Author: fernandezcuesta

docker-compose.yml

@@ -120,7 +120,7 @@ services:
           source: ./docker/extra_settings
           target: /app/docker/extra_settings
   postgres:
-    image: postgres:18.0-alpine@sha256:9636ae7feacd8d630303eede7f95cd0f472d514e7864422c6aa8ea07b2171df8
+    image: postgres:18.0-alpine@sha256:70b32afe0c274b4d93098fd724fcdaab3aba47270a4f1e63cbf9cc69d7bf1be4
     environment:
       POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo}
       POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo}

docs/content/en/connecting_your_tools/parsers/file/snyk_issue_api.md

@@ -2,7 +2,11 @@
 title: "Snyk Issue API"
 toc_hide: true
 ---
-The Snyk Issue API parser supports importing vulnerability data from the Snyk Issue API in JSON format. Currently only parsing issues of type `code` is supported. Samples of ther issue types are welcome.
+The Snyk Issue API parser supports importing vulnerability data from the Snyk Issue API in JSON format.
+
+Currently parsing issues of type `code` (SAST) and `package_vulnerability` (SCA) are supported.
+
+Samples of ther issue types are welcome.
 
 For more information about the Snyk Issue API, refer to the [official Snyk API documentation](https://docs.snyk.io/snyk-api/reference/issues#get-orgs-org_id-issues).
 

docs/package-lock.json

@@ -23,7 +23,7 @@
   },
   "devDependencies": {
     "prettier": "3.6.2",
-    "vite": "7.1.7"
+    "vite": "7.1.9"
   },
   "engines": {
     "node": "22.20.0"

docs/package.json

@@ -2104,8 +2104,14 @@ class CommonImportScanSerializer(serializers.Serializer):
         required=False,
         validators=[ImporterFileExtensionValidator()],
     )
-    product_type_name = serializers.CharField(required=False)
-    product_name = serializers.CharField(required=False)
+    product_type_name = serializers.CharField(
+        required=False,
+        help_text=_("Also referred to as 'Organization' name."),
+    )
+    product_name = serializers.CharField(
+        required=False,
+        help_text=_("Also referred to as 'Asset' name."),
+    )
     engagement_name = serializers.CharField(required=False)
     engagement_end_date = serializers.DateField(
         required=False,
@@ -2160,8 +2166,14 @@ class CommonImportScanSerializer(serializers.Serializer):
     # confused
     test_id = serializers.IntegerField(read_only=True)
     engagement_id = serializers.IntegerField(read_only=True)
-    product_id = serializers.IntegerField(read_only=True)
-    product_type_id = serializers.IntegerField(read_only=True)
+    product_id = serializers.IntegerField(
+        read_only=True,
+        help_text=_("Also referred to as 'Asset' ID."),
+    )
+    product_type_id = serializers.IntegerField(
+        read_only=True,
+        help_text=_("Also referred to as 'Organization' ID."),
+    )
     statistics = ImportStatisticsSerializer(read_only=True, required=False)
     pro = serializers.ListField(read_only=True, required=False)
     apply_tags_to_findings = serializers.BooleanField(

dojo/api_v2/serializers.py

@@ -85,6 +85,7 @@
     get_authorized_jira_issues,
     get_authorized_jira_projects,
 )
+from dojo.labels import get_labels
 from dojo.models import (
     Announcement,
     Answer,
@@ -179,6 +180,9 @@
 logger = logging.getLogger(__name__)
 
 
+labels = get_labels()
+
+
 def schema_with_prefetch() -> dict:
     return {
         "list": extend_schema(
@@ -2725,7 +2729,7 @@ def report_generate(request, obj, options):
     if type(obj).__name__ == "Product_Type":
         product_type = obj
 
-        report_name = "Product Type Report: " + str(product_type)
+        report_name = labels.ORG_REPORT_WITH_NAME_TITLE % {"name": str(product_type)}
 
         findings = report_finding_filter_class(
             request.GET,
@@ -2754,7 +2758,7 @@ def report_generate(request, obj, options):
     elif type(obj).__name__ == "Product":
         product = obj
 
-        report_name = "Product Report: " + str(product)
+        report_name = labels.ASSET_REPORT_WITH_NAME_TITLE % {"name": str(product)}
 
         findings = report_finding_filter_class(
             request.GET,

dojo/api_v2/views.py

@@ -0,0 +1,121 @@
+from django_filters import BooleanFilter, CharFilter, NumberFilter, OrderingFilter
+from django_filters.rest_framework import FilterSet
+from drf_spectacular.types import OpenApiTypes
+from drf_spectacular.utils import extend_schema_field
+
+from dojo.filters import (
+    CharFieldFilterANDExpression,
+    CharFieldInFilter,
+    DateRangeFilter,
+    DojoFilter,
+    NumberInFilter,
+    ProductSLAFilter,
+    custom_filter,
+)
+from dojo.labels import get_labels
+from dojo.models import (
+    Product_API_Scan_Configuration,
+    Product_Group,
+    Product_Member,
+)
+
+labels = get_labels()
+
+
+class AssetAPIScanConfigurationFilterSet(FilterSet):
+    asset = NumberFilter(field_name="product")
+
+    class Meta:
+        model = Product_API_Scan_Configuration
+        fields = ("id", "tool_configuration", "service_key_1", "service_key_2", "service_key_3")
+
+
+class ApiAssetFilter(DojoFilter):
+    # BooleanFilter
+    external_audience = BooleanFilter(field_name="external_audience")
+    internet_accessible = BooleanFilter(field_name="internet_accessible")
+    # CharFilter
+    name = CharFilter(lookup_expr="icontains")
+    name_exact = CharFilter(field_name="name", lookup_expr="iexact")
+    description = CharFilter(lookup_expr="icontains")
+    business_criticality = CharFilter(method=custom_filter, field_name="business_criticality")
+    platform = CharFilter(method=custom_filter, field_name="platform")
+    lifecycle = CharFilter(method=custom_filter, field_name="lifecycle")
+    origin = CharFilter(method=custom_filter, field_name="origin")
+    # NumberInFilter
+    id = NumberInFilter(field_name="id", lookup_expr="in")
+    asset_manager = NumberInFilter(field_name="product_manager", lookup_expr="in")
+    technical_contact = NumberInFilter(field_name="technical_contact", lookup_expr="in")
+    team_manager = NumberInFilter(field_name="team_manager", lookup_expr="in")
+    prod_type = NumberInFilter(field_name="prod_type", lookup_expr="in")
+    tid = NumberInFilter(field_name="tid", lookup_expr="in")
+    prod_numeric_grade = NumberInFilter(field_name="prod_numeric_grade", lookup_expr="in")
+    user_records = NumberInFilter(field_name="user_records", lookup_expr="in")
+    regulations = NumberInFilter(field_name="regulations", lookup_expr="in")
+
+    tag = CharFilter(field_name="tags__name", lookup_expr="icontains", label="Tag name contains")
+    tags = CharFieldInFilter(
+        field_name="tags__name",
+        lookup_expr="in",
+        help_text="Comma separated list of exact tags (uses OR for multiple values)")
+    tags__and = CharFieldFilterANDExpression(
+        field_name="tags__name",
+        help_text="Comma separated list of exact tags to match with an AND expression")
+    not_tag = CharFilter(field_name="tags__name", lookup_expr="icontains", help_text="Not Tag name contains", exclude="True")
+    not_tags = CharFieldInFilter(field_name="tags__name", lookup_expr="in",
+                                 help_text=labels.ASSET_FILTERS_CSV_TAGS_NOT_HELP, exclude="True")
+    has_tags = BooleanFilter(field_name="tags", lookup_expr="isnull", exclude=True, label="Has tags")
+    outside_of_sla = extend_schema_field(OpenApiTypes.NUMBER)(ProductSLAFilter())
+
+    # DateRangeFilter
+    created = DateRangeFilter()
+    updated = DateRangeFilter()
+    # NumberFilter
+    revenue = NumberFilter()
+
+    o = OrderingFilter(
+        # tuple-mapping retains order
+        fields=(
+            ("id", "id"),
+            ("tid", "tid"),
+            ("name", "name"),
+            ("created", "created"),
+            ("prod_numeric_grade", "prod_numeric_grade"),
+            ("business_criticality", "business_criticality"),
+            ("platform", "platform"),
+            ("lifecycle", "lifecycle"),
+            ("origin", "origin"),
+            ("revenue", "revenue"),
+            ("external_audience", "external_audience"),
+            ("internet_accessible", "internet_accessible"),
+            ("product_manager", "asset_manager"),
+            ("product_manager__first_name", "asset_manager__first_name"),
+            ("product_manager__last_name", "asset_manager__last_name"),
+            ("technical_contact", "technical_contact"),
+            ("technical_contact__first_name", "technical_contact__first_name"),
+            ("technical_contact__last_name", "technical_contact__last_name"),
+            ("team_manager", "team_manager"),
+            ("team_manager__first_name", "team_manager__first_name"),
+            ("team_manager__last_name", "team_manager__last_name"),
+            ("prod_type", "prod_type"),
+            ("prod_type__name", "prod_type__name"),
+            ("updated", "updated"),
+            ("user_records", "user_records"),
+        ),
+    )
+
+
+class AssetMemberFilterSet(FilterSet):
+    asset_id = NumberFilter(field_name="product_id")
+
+    class Meta:
+        model = Product_Member
+        fields = ("id", "user_id")
+
+
+class AssetGroupFilterSet(FilterSet):
+    asset_id = NumberFilter(field_name="product_id")
+
+    class Meta:
+        model = Product_Group
+        fields = ("id", "group_id")