DefectDojo · rossops · Jul 14, 2025 · Jul 7, 2025 · Jul 7, 2025 · Jul 7, 2025
@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.48.0",
+  "version": "2.48.1",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

@@ -11,6 +11,22 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ## June 2025: v2.47
 
+### July 1, 2025: v2.47.4
+
+- **(Pro UI)** Products, Engagements, Tests, Findings and Endpoints can be edited directly from their respective tables via a modal.
+- **(Pro UI)** Calendar view now supports additional query parameters for filtering Tests or Engagements.
+- **(Pro UI)** Engagements, Tests and the entire Calendar can be exported as .ics files.
+
+![image](images/pro_ics_export.png)
+
+### June 23, 2025: v2.47.3
+
+- **(Pro UI)** Finding Templates can now be added in the Pro UI, from **Findings > Finding Templates** on the sidebar.
+- **(Pro UI)** A better error message is displayed when Jira Instance deletion is unsuccessful.
+- **(Pro UI)** Product Types can now be edited through a modal: **"⋮" > Edit Product Type** will open a pop-up modal window instead of taking a user to a new page.
+
+![image](images/pro_product_type_modal.png)
+
 ### June 16, 2025: v2.47.2
 
 - **(Pro UI)** Endpoint Metadata can now be uploaded to Products.  You can now import a .csv list of all endpoints associated with a Product, from **View Product > Endpoints > Import Endpoint Metadata**
@@ -27,7 +43,6 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ![image](images/pro_login.png)
 
-
 ### June 9, 2025: v2.47.1
 
 - **(Pro UI)** Vulnerable Endpoints table has now been added to Finding pages.
@@ -71,7 +86,7 @@ This update improves consistency, enhances DefectDojo's search capabilities, and
 
 We recommend reviewing your current tags to ensure they align with the new format.  Following the deployment of these new behaviors, requests sent to the API or through the UI with any of the violations listed above will result in an error, with the details of the error raised in the response.
 
-### May 26, 2025: v2.46.4
+#### May 26, 2025: v2.46.4
 
 - **(Pro Metrics)** Rework of filter menu within insights dashboards to remove cross Product Type and Product filtering capabilities.
 - **(Pro UI)** Clickable links within insights dashboards.
@@ -87,7 +102,7 @@ The Priority Insights dashboard can quickly render a list of all SOC or AppSec F
 
 - **(Pro UI)** More detailed messages in Bulk Edit provide a better explanation of why some Findings may have been skipped.
 
-### May 19, 2025: v2.46.3
+#### May 19, 2025: v2.46.3
 
 - **(Calendar)** New filters have been added to Calendar view: Unassigned Lead, and Engagement/Test Type.
 - **(Dashboard)** Added Finding Status filter for Dashboard tiles.
@@ -97,17 +112,17 @@ The Priority Insights dashboard can quickly render a list of all SOC or AppSec F
 ![image](images/pro_dashboard_priority.png)
 - **(Universal Parser)** Added a 'SOC Alerts' flag to Universal Parser, to indicate whether the Findings from the parser originate from a Security Operations Center.
 
-### May 12, 2025: v2.46.2
+#### May 12, 2025: v2.46.2
 
 - **(Findings)** Component Name and Version have been added to the metadata table on a Finding View.
 - **(Metrics)** Pro Insights Dashboards can now be filtered by Tag.
 - **(Users)** The Users table can now be exported as a .csv file.
 
-### May 7, 2025: v2.46.1
+#### May 7, 2025: v2.46.1
 
 Hotfix release - no significant feature changes.
 
-### May 5, 2025: v2.46.0
+#### May 5, 2025: v2.46.0
 
 
 - **(Import)** Mitigated timestamp in reports are no longer ignored/overwritten on Reimport.

@@ -5,4 +5,10 @@ toc_hide: true
 This parser imports the Acunetix Scanner with xml output or Acunetix 360 Scanner with JSON output.
 
 ### Sample Scan Data
-Sample Acunetix Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/acunetix).
+Sample Acunetix Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/acunetix).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- description
@@ -41,3 +41,12 @@ All properties are strings and are required by the parser. As the parser evolved
 
 ### Sample Scan Data
 Sample Anchore-Engine scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_engine)
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- severity
+- component name
+- component version
+- file path
@@ -5,4 +5,12 @@ toc_hide: true
 Anchore-CLI JSON policy check report format.
 
 ### Sample Scan Data
-Sample Anchore Enterprise Policy Check scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_enterprise).
+Sample Anchore Enterprise Policy Check scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_enterprise).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- severity
+- component name
+- file path
@@ -189,4 +189,12 @@ All properties are expected as strings and are required by the parser.
 ~~~
 
 ### Sample Scan Data
-Sample Grype scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_grype).
+Sample Grype scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_grype).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- severity
+- component name
+- component version
@@ -14,4 +14,12 @@ anchorectl policy evaluate -o json > policy_report.json
 ```
 
 ### Sample Scan Data
-Sample AnchoreCTL Policies Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchorectl_policies).
+Sample AnchoreCTL Policies Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchorectl_policies).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- severity
+- component name
+- file path
@@ -5,4 +5,13 @@ toc_hide: true
 AnchoreCTLs JSON vulnerability report format
 
 ### Sample Scan Data
-Sample AnchoreCTL Vuln Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchorectl_vulns).
+Sample AnchoreCTL Vuln Report scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchorectl_vulns).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- severity
+- component name
+- component version
+- file path
@@ -5,4 +5,10 @@ toc_hide: true
 Accepts AppCheck Web Application Scanner output in .json format.
 
 ### Sample Scan Data
-Sample AppCheck Web Application Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/appcheck_web_application_scanner).
+Sample AppCheck Web Application Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/appcheck_web_application_scanner).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- severity
@@ -6,4 +6,13 @@ Use the VulnerabilitiesSummary.xml file found in the zipped report
 download.
 
 ### Sample Scan Data
-Sample AppSpider (Rapid7) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/appspider).
+Sample AppSpider (Rapid7) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/appspider).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- cwe
+- line
+- file path
+- description
@@ -36,3 +36,11 @@ Those JSON files will only list vulnerabilities. Thus, DefectDojo parser will no
 
 ### Sample Scan Data
 Sample Aqua scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aqua).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- severity
+- vulnerability ids
+- component name
+- component version
@@ -11,4 +11,12 @@ arachni_reporter --reporter 'json' js.com.afr
 {{< /highlight >}}
 
 ### Sample Scan Data
-Sample Arachni Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/arachni).
+Sample Arachni Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/arachni).
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- cwe
+- line
+- file path
+- description
@@ -10,4 +10,13 @@ Reference: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-
 Prowler tool can generate this format with option `-M json-asff`.
 
 ### Sample Scan Data
-Sample AWS Security Finding Format (ASFF) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/asff).
+Sample AWS Security Finding Format (ASFF) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/asff).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- cwe
+- line
+- file path
+- description
@@ -9,4 +9,13 @@ auditjs ossi --json > auditjs_report.json
 {{< /highlight >}}
 
 ### Sample Scan Data
-Sample AuditJS (OSSIndex) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/auditjs).
+Sample AuditJS (OSSIndex) scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/auditjs).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- cwe
+- line
+- file path
+- description
@@ -22,3 +22,10 @@ Detailed API response format can be obtained [here](https://docs.aws.amazon.com/
 
 ### Sample Scan Data
 Sample AWS Inspector2 findings can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_inspector2).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- severity
+- description
@@ -5,4 +5,13 @@ toc_hide: true
 Prowler file can be imported as a CSV (`-M csv`) or JSON (`-M json`) file.
 
 ### Sample Scan Data
-Sample AWS Prowler Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_prowler).
+Sample AWS Prowler Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_prowler).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- cwe
+- line
+- file path
+- description
@@ -160,4 +160,13 @@ The parser expects an array of assessments. All properties are strings and are r
 ~~~
 
 ### Sample Scan Data
-Unit tests of AWS Prowler v3 JSON and Prowler v4 JSON-OCSF can be found at https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_prowler_v3.
+Unit tests of AWS Prowler v3 JSON and Prowler v4 JSON-OCSF can be found at https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_prowler_v3.
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- cwe
+- line
+- file path
+- description
@@ -19,4 +19,13 @@ AWS Security Hub integrates with multiple AWS Tools. Thus, you can retrieve find
 AWS Security Hub Parser does import the affected service ARNs as hosts to DefectDojo. However, as ARNs contain invalid digits for hosts, the ARN is changed slightly. ":", " " & "/" are replaced by "_".
 
 ### Sample Scan Data
-Sample scan data for testing purposes can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/awssecurityhub).
+Sample scan data for testing purposes can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/awssecurityhub).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- cwe
+- line
+- file path
+- description
@@ -5,4 +5,13 @@ toc_hide: true
 Azure Security Center recommendations can be exported from the user interface in CSV format.
 
 ### Sample Scan Data
-Sample Azure Security Center Recommendations Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/azure_security_center_recommendations).
+Sample Azure Security Center Recommendations Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/azure_security_center_recommendations).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- cwe
+- line
+- file path
+- description
@@ -64,4 +64,11 @@ All properties are expected as strings, except "metrics" properties, which are e
 ~~~
 
 ### Sample Scan Data
-Sample Bandit scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/bandit).
+Sample Bandit scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/bandit).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- file path
+- line
+- vuln id from tool
@@ -10,4 +10,10 @@ To export a .json file from Bearer CLI, pass "-f json" to your Bearer command
 See Bearer documentation: https://docs.bearer.com/reference/commands/
 
 ### Sample Scan Data
-Sample Bearer scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/bearer)
+Sample Bearer scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/bearer).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- severity
@@ -11,4 +11,12 @@ produce findings that bear file locations information.
 information.
 
 ### Sample Scan Data
-Sample Blackduck Hub scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/blackduck).
+Sample Blackduck Hub scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/blackduck).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- vulnerability ids
+- component name
+- component version
@@ -20,4 +20,13 @@ Black Duck Binary Analysis can also detect if sensitive information like email a
 * Import a single BDBA vulnerabilty csv results file into DefectDojo leveraging the UI, REST API, or drivers such as [pwn_defectdojo_importscan](https://github.com/0dayInc/pwn/blob/master/bin/pwn_defectdojo_importscan) or [pwn_defectdojo_reimportscan](https://github.com/0dayInc/pwn/blob/master/bin/pwn_defectdojo_reimportscan).
 
 ### Sample Scan Data
-Sample Blackduck Binary Analysis scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/blackduck_binary_analysis).
+Sample Blackduck Binary Analysis scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/blackduck_binary_analysis).
+
+### Default Deduplication Hashcode Fields
+By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/):
+
+- title
+- cwe
+- line
+- file path
+- description