diff --git a/docs/assets/images/cvssv4_vector_builder.png b/docs/assets/images/cvssv4_vector_builder.png new file mode 100644 index 00000000000..57106ba4688 Binary files /dev/null and b/docs/assets/images/cvssv4_vector_builder.png differ diff --git a/docs/assets/images/pro_cvss_vector_and_score.png b/docs/assets/images/pro_cvss_vector_and_score.png new file mode 100644 index 00000000000..e8121c5f15a Binary files /dev/null and b/docs/assets/images/pro_cvss_vector_and_score.png differ diff --git a/docs/assets/images/quick_report.png b/docs/assets/images/quick_report.png new file mode 100644 index 00000000000..54682e1fb4a Binary files /dev/null and b/docs/assets/images/quick_report.png differ diff --git a/docs/content/en/changelog/changelog.md b/docs/content/en/changelog/changelog.md index 5cdd06d0262..e978214f0ac 100644 --- a/docs/content/en/changelog/changelog.md +++ b/docs/content/en/changelog/changelog.md @@ -8,28 +8,53 @@ Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](/en/open_source/upgrading/upgrading_guide/). +## Oct 2025: v2.51 + +### Oct 14, 2025: v2.51.1 + +* **(Pro UI)** Added Finding Quick Report feature. Quick report allows users to quickly render an HTML report with the currently displayed Findings on a Finding table. + +![image](images/quick_report.png) + +* **(Pro UI)** Added vector builder and calculator to the Edit Finding form, for CVSSv3 and CVSSv4. You can build vector strings using the 🛠️ button next to the CVSSv3 / CVSSv4 string entry on the Edit Finding form. + +Click the calculator button to render a score based on the vector string. + +![image](images/pro_cvss_vector_and_score.png) +![image](images/cvssv4_vector_builder.png) + +* **(Pro UI)** Added Similar Findings view on Findings when enabled in System Settings. +* **(Pro UI)** File names (for attached artifacts) can now be edited directly in the UI. +* **(Pro UI)** Redirect user to Home after a successful Support Inquiry submission. + +### Oct 6, 2025: v2.51.0 + +No significant Pro changes are present in this release. + ## Sept 2025: v2.50 -### Sept 22, 2025: v2.50.4 +#### Sept 29, 2025: v2.50.4 -* **(Pro UI)** Changes Engagement Deduplication form label and help text -* **(Pro UI)** Adds toggle for MCP (for superusers only) +* **(MCP)** Added MCP toggle for Superusers only. +* **(Pro UI)** Bypassed endpoint validation on Edit Finding form when Endpoints have not changed. +* **(Pro UI)** Collapsed additional fields in the Universal Parser preview for cleaner display. +* **(Pro UI)** Updated Engagement Deduplication form label and help text for clarity. -### Sept 15, 2025: v2.50.3 +#### Sept 22, 2025: v2.50.3 * **(Pro UI)** Added support for [CVSSv4.0](https://www.first.org/cvss/v4-0/) vector strings. -### Sept 15, 2025: v2.50.2 +#### Sept 15, 2025: v2.50.2 * **(Pro UI)** Added Any/All status filtering. Filtering by status allows you to apply either AND (inner join) logic, or OR (outer join) logic to the filter. * **(Pro UI)** Added Contact Support form for On-Premise installs. -### Sept 9, 2025: v2.50.1 +#### Sept 9, 2025: v2.50.1 * **(Tools)** Removed CSV limit for Qualys HackerGuardian * **(SSO)** Removed Force Password Reset for users created via SSO -### Sept 2, 2025: v2.50.0 +#### Sept 2, 2025: v2.50.0 * **(Pro UI)** "Date During" filter has been added to the UI, allowing users to filter by a range of dates * **(Pro UI)** Vulnerability ID column can now be sorted, however the sorting only considers the **first** vulnerability ID. @@ -40,7 +65,7 @@ For Open Source release notes, please see the [Releases page on GitHub](https:// The Pro UI has been significantly reorganized, with changes to page organization. ![image](images/pro_ui_249.png) -### August 25: 2.49.3 +#### August 25: 2.49.3 [Integrations](/en/share_your_findings/integrations/) has been added to DefectDojo Pro, adding an Jira-style integrations for Azure DevOps, GitHub and GitLab boards. diff --git a/docs/content/en/connecting_your_tools/parsers/file/wiz.md b/docs/content/en/connecting_your_tools/parsers/file/wiz.md index 64f589a54a2..771d316d062 100644 --- a/docs/content/en/connecting_your_tools/parsers/file/wiz.md +++ b/docs/content/en/connecting_your_tools/parsers/file/wiz.md @@ -1,14 +1,16 @@ --- title: "Wiz Scanner Parser" toc_hide: true -weight: 1 --- -# Wiz Scanner Parser Documentation +The [Wiz](https://www.wiz.io/) parser for DefectDojo supports imports from both Wiz Scanner Standard and SCA (Software Composition Analysis) .csv output from Wiz.io. This document details the parsing of both formats into DefectDojo field mappings, unmapped fields, and location of each field's parsing code for easier troubleshooting and analysis. -## Overview +⚠️ **DefectDojo Pro** Users can also automatically create Findings directly from Wiz using the Wiz Connector. See our [Connectors documentation](/en/connecting_your_tools/connectors/about_connectors/) for more details. -The [Wiz](https://www.wiz.io/) parser for DefectDojo supports imports from both Wiz Scanner Standard and SCA (Software Composition Analysis) .csv output from Wiz.io. This document details the parsing of both formats into DefectDojo field mappings, unmapped fields, and location of each field's parsing code for easier troubleshooting and analysis. +## Link To Tool + +- [Wiz.io](https://www.wiz.io/) +- [Wiz Documentation](https://docs.wiz.io/) ## Supported File Types @@ -22,59 +24,76 @@ To generate these files, export the findings from the Wiz platform by: - Standard Format: Select "Export to CSV" option from the Issues view in the Wiz.io platform - SCA Format: Select "Export to CSV" option from the Vulnerability view in the Wiz.io platform -## Standard Format CSV (WizParserByTitle) +### Sample Scan Data + +Sample Wiz Scanner scans can be found in the [sample scan data folder](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/wiz). + +### Default Deduplication Hashcode Fields +By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/): + +- title +- description +- severity + +## Mapped Fields Dictionary + +### Standard Format CSV -### Total Fields in Standard Format CSV +This format applies the `WizParserByTitle` parser class. + +#### Total Fields in Standard Format CSV - Total data fields: 32 - Total data fields parsed: 32 - Total data fields NOT parsed: 0 -### Standard Format Field Mapping Details - -| CSV Field # | CSV Field | Finding Field | Parser Line # | Notes | -| ----------- | -------------------------- | ------------------------------- | ------------- | -------------------------------------------------------------------------------------------------------- | -| 1 | Created At | date | 68 | Parsed using the parse_wiz_datetime function to convert to datetime object | -| 2 | Title | title | 67 | Direct mapping to Finding title | -| 3 | Severity | severity | 69 | Converted to lowercase then capitalized to match DefectDojo's severity format | -| 4 | Status | active, is_mitigated, mitigated | 65 | Converted through WizcliParsers.convert_status function to determine active status and mitigation status | -| 5 | Description | description (partial) | 79-81 | Added to description with "Description:" prefix | -| 6 | Resource Type | description (partial) | 79-81 | Added to description with "Resource Type:" prefix | -| 7 | Resource external ID | description (partial) | 79-81 | Added to description with "Resource external ID:" prefix | -| 8 | Subscription ID | description (partial) | 79-81 | Added to description with "Subscription ID:" prefix | -| 9 | Project IDs | description (partial) | 79-81 | Added to description with "Project IDs:" prefix | -| 10 | Project Names | description (partial) | 79-81 | Added to description with "Project Names:" prefix | -| 11 | Resolved Time | mitigated | 71-74 | Used to set mitigated timestamp if finding is marked as mitigated | -| 12 | Resolution | mitigation (partial) | 62-63 | Added to mitigation text with "Resolution:" prefix | -| 13 | Control ID | description (partial) | 79-81 | Added to description with "Control ID:" prefix | -| 14 | Resource Name | description (partial) | 79-81 | Added to description with "Resource Name:" prefix | -| 15 | Resource Region | description (partial) | 79-81 | Added to description with "Resource Region:" prefix | -| 16 | Resource Status | description (partial) | 79-81 | Added to description with "Resource Status:" prefix | -| 17 | Resource Platform | description (partial) | 79-81 | Added to description with "Resource Platform:" prefix | -| 18 | Resource OS | description (partial) | 79-81 | Added to description with "Resource OS:" prefix | -| 19 | Resource original JSON | description (partial) | 79-81 | Added to description with "Resource original JSON:" prefix | -| 20 | Issue ID | unique_id_from_tool | 85 | Used as unique identifier for the finding | -| 21 | Resource vertex ID | description (partial) | 79-81 | Added to description with "Resource vertex ID:" prefix | -| 22 | Ticket URLs | description (partial) | 79-81 | Added to description with "Ticket URLs:" prefix | -| 23 | Note | description (partial) | 79-81 | Added to description with "Note:" prefix | -| 24 | Due At | description (partial) | 79-81 | Added to description with "Due At:" prefix | -| 25 | Remediation Recommendation | mitigation | 61 | Direct mapping to mitigation field | -| 26 | Subscription Name | description (partial) | 79-81 | Added to description with "Subscription Name:" prefix | -| 27 | Wiz URL | description (partial) | 79-81 | Added to description with "Wiz URL:" prefix | -| 28 | Cloud Provider URL | description (partial) | 79-81 | Added to description with "Cloud Provider URL:" prefix | -| 29 | Resource Tags | description (partial) | 79-81 | Added to description with "Resource Tags:" prefix | -| 30 | Kubernetes Cluster | description (partial) | 79-81 | Added to description with "Kubernetes Cluster:" prefix | -| 31 | Kubernetes Namespace | description (partial) | 79-81 | Added to description with "Kubernetes Namespace:" prefix | -| 32 | Container Service | description (partial) | 79-81 | Added to description with "Container Service:" prefix | - -### Additional Finding Field Settings (Standard Format) +#### Standard Format Field Mapping Details + +| CSV Field | Finding Field | Parser Line # | Notes | +| ---------------------------- | ------------------------------- | ------------- | -------------------------------------------------------------------------------------------------------- | +| `Created At` | date | 68 | Parsed using the parse_wiz_datetime function to convert to datetime object | +| `Title` | title | 67 | Direct mapping to Finding title | +| `Severity` | severity | 69 | Converted to lowercase then capitalized to match DefectDojo's severity format | +| `Status` | active, is_mitigated, mitigated | 65 | Converted through WizcliParsers.convert_status function to determine active status and mitigation status | +| `Description` | description (partial) | 79-81 | Added to description with "Description:" prefix | +| `Resource Type` | description (partial) | 79-81 | Added to description with "Resource Type:" prefix | +| `Resource external ID` | description (partial) | 79-81 | Added to description with "Resource external ID:" prefix | +| `Subscription ID` | description (partial) | 79-81 | Added to description with "Subscription ID:" prefix | +| `Project IDs` | description (partial) | 79-81 | Added to description with "Project IDs:" prefix | +| `Project Names` | description (partial) | 79-81 | Added to description with "Project Names:" prefix | +| `Resolved Time` | mitigated | 71-74 | Used to set mitigated timestamp if finding is marked as mitigated | +| `Resolution` | mitigation (partial) | 62-63 | Added to mitigation text with "Resolution:" prefix | +| `Control ID` | description (partial) | 79-81 | Added to description with "Control ID:" prefix | +| `Resource Name` | description (partial) | 79-81 | Added to description with "Resource Name:" prefix | +| `Resource Region` | description (partial) | 79-81 | Added to description with "Resource Region:" prefix | +| `Resource Status` | description (partial) | 79-81 | Added to description with "Resource Status:" prefix | +| `Resource Platform` | description (partial) | 79-81 | Added to description with "Resource Platform:" prefix | +| `Resource OS` | description (partial) | 79-81 | Added to description with "Resource OS:" prefix | +| `Resource original JSON` | description (partial) | 79-81 | Added to description with "Resource original JSON:" prefix | +| `Issue ID` | unique_id_from_tool | 85 | Used as unique identifier for the finding | +| `Resource vertex ID` | description (partial) | 79-81 | Added to description with "Resource vertex ID:" prefix | +| `Ticket URLs` | description (partial) | 79-81 | Added to description with "Ticket URLs:" prefix | +| `Note` | description (partial) | 79-81 | Added to description with "Note:" prefix | +| `Due At` | description (partial) | 79-81 | Added to description with "Due At:" prefix | +| `Remediation Recommendation` | mitigation | 61 | Direct mapping to mitigation field | +| `Subscription Name` | description (partial) | 79-81 | Added to description with "Subscription Name:" prefix | +| `Wiz URL` | description (partial) | 79-81 | Added to description with "Wiz URL:" prefix | +| `Cloud Provider URL` | description (partial) | 79-81 | Added to description with "Cloud Provider URL:" prefix | +| `Resource Tags` | description (partial) | 79-81 | Added to description with "Resource Tags:" prefix | +| `Kubernetes Cluster` | description (partial) | 79-81 | Added to description with "Kubernetes Cluster:" prefix | +| `Kubernetes Namespace` | description (partial) | 79-81 | Added to description with "Kubernetes Namespace:" prefix | +| `Container Service` | description (partial) | 79-81 | Added to description with "Container Service:" prefix | + +#### Additional Finding Field Settings (Standard Format) | Finding Field | Default Value | Parser Line # | Notes | | --------------- | ------------- | ------------- | ----------------------------- | | static_finding | False | 84 | Set to False for all findings | | dynamic_finding | True | 84 | Set to True for all findings | -## SCA Format (WizParserByDetailedName) +### SCA Format + +This format applies the `WizParserByDetailedName` parser class. ### Total Fields in SCA CSV @@ -82,53 +101,53 @@ To generate these files, export the findings from the Wiz platform by: - Total data fields parsed: 36 - Total data fields NOT parsed: 5 -### SCA Format Field Mapping Details - -| CSV Field # | CSV Field | Finding Field | Parser Line # | Notes | -| ----------- | ------------------------------------------- | ------------------------------ | ------------- | ---------------------------------------------------------------------------------- | -| 1 | ID | unique_id_from_tool | 182 | Used as unique identifier for the finding | -| 2 | WizURL | description | 150-154 | Added to description with "Wiz URL" prefix | -| 3 | Name | title, vulnerability_ids | 169, 182-184 | Used in title format as vulnerability ID and added to vulnerability_ids list | -| 4 | CVSSSeverity | Not parsed | - | Not used in mapping | -| 5 | HasExploit | description | 150-154 | Added to description with "Has Exploit" prefix | -| 6 | HasCisaKevExploit | description | 150-154 | Added to description with "Has Cisa Kev Exploit" prefix | -| 7 | FindingStatus | active, is_mitigated | 180 | Mapped through convert_status function to determine active state | -| 8 | VendorSeverity | severity | 181 | Mapped through \_validate_severities to convert to DefectDojo severity format | -| 9 | FirstDetected | date | 185 | Parsed into date object using date_parser | -| 10 | LastDetected | Not parsed | - | Not used in mapping | -| 11 | ResolvedAt | Not parsed | - | Not used in mapping | -| 12 | ResolutionReason | Not parsed | - | Not used in mapping | -| 13 | Remediation | mitigation | 155-159 | Added to mitigation with "Remediation" prefix | -| 14 | LocationPath | description, mitigation | 150-159 | Added to both description and mitigation with "Location Path" prefix | -| 15 | DetailedName | title, component_name | 169, 183 | Used in title format and mapped to component_name | -| 16 | Version | description, component_version | 150-154, 184 | Added to description with "Version" prefix and mapped to component_version | -| 17 | FixedVersion | mitigation | 155-159 | Added to mitigation with "Fixed Version" prefix | -| 18 | DetectionMethod | description | 150-154 | Added to description with "Detection Method" prefix | -| 19 | Link | description | 150-154 | Added to description with "Link" prefix | -| 20 | Projects | description | 150-154 | Added to description with "Projects" prefix | -| 21 | AssetID | description | 150-154 | Added to description with "Asset ID" prefix | -| 22 | AssetName | description | 150-154 | Added to description with "Asset Name" prefix | -| 23 | AssetRegion | description | 150-154 | Added to description with "Asset Region" prefix | -| 24 | ProviderUniqueId | description | 150-154 | Added to description with "Provider Unique Id" prefix | -| 25 | CloudProviderURL | description | 150-154 | Added to description with "Cloud Provider URL" prefix | -| 26 | CloudPlatform | description | 150-154 | Added to description with "Cloud Platform" prefix | -| 27 | Status | Not parsed | - | Not directly used (FindingStatus is used instead) | -| 28 | SubscriptionExternalId | description | 150-154 | Added to description with "Subscription External Id" prefix | -| 29 | SubscriptionId | description | 150-154 | Added to description with "Subscription Id" prefix | -| 30 | SubscriptionName | description | 150-154 | Added to description with "Subscription Name" prefix | -| 31 | Tags | unsaved_tags | 186 | Parsed into tags list using \_parse_tags function | -| 32 | ExecutionControllers | description | 150-154 | Added to description with "Execution Controllers" prefix | -| 33 | ExecutionControllersSubscriptionExternalIds | description | 150-154 | Added to description with "Execution Controllers Subscription External Ids" prefix | -| 34 | ExecutionControllersSubscriptionNames | description | 150-154 | Added to description with "Execution Controllers Subscription Names" prefix | -| 35 | CriticalRelatedIssuesCount | Not parsed | - | Not used in mapping | -| 36 | HighRelatedIssuesCount | Not parsed | - | Not used in mapping | -| 37 | MediumRelatedIssuesCount | Not parsed | - | Not used in mapping | -| 38 | LowRelatedIssuesCount | Not parsed | - | Not used in mapping | -| 39 | InfoRelatedIssuesCount | Not parsed | - | Not used in mapping | -| 40 | OperatingSystem | description | 150-154 | Added to description with "Operating System" prefix | -| 41 | IpAddresses | description | 150-154 | Added to description with "Ip Addresses" prefix | - -### Additional Finding Field Settings (SCA Format) +#### SCA Format Field Mapping Details + +| CSV Field | Finding Field | Parser Line # | Notes | +| --------------------------------------------- | ------------------------------ | ------------- | ---------------------------------------------------------------------------------- | +| `ID` | unique_id_from_tool | 182 | Used as unique identifier for the finding | +| `WizURL` | description | 150-154 | Added to description with "Wiz URL" prefix | +| `Name` | title, vulnerability_ids | 169, 182-184 | Used in title format as vulnerability ID and added to vulnerability_ids list | +| `CVSSSeverity` | Not parsed | - | Not used in mapping | +| `HasExploit` | description | 150-154 | Added to description with "Has Exploit" prefix | +| `HasCisaKevExploit` | description | 150-154 | Added to description with "Has Cisa Kev Exploit" prefix | +| `FindingStatus` | active, is_mitigated | 180 | Mapped through convert_status function to determine active state | +| `VendorSeverity` | severity | 181 | Mapped through _validate_severities to convert to DefectDojo severity format | +| `FirstDetected` | date | 185 | Parsed into date object using date_parser | +| `LastDetected` | Not parsed | - | Not used in mapping | +| `ResolvedAt` | Not parsed | - | Not used in mapping | +| `ResolutionReason` | Not parsed | - | Not used in mapping | +| `Remediation` | mitigation | 155-159 | Added to mitigation with "Remediation" prefix | +| `LocationPath` | description, mitigation | 150-159 | Added to both description and mitigation with "Location Path" prefix | +| `DetailedName` | title, component_name | 169, 183 | Used in title format and mapped to component_name | +| `Version` | description, component_version | 150-154, 184 | Added to description with "Version" prefix and mapped to component_version | +| `FixedVersion` | mitigation | 155-159 | Added to mitigation with "Fixed Version" prefix | +| `DetectionMethod` | description | 150-154 | Added to description with "Detection Method" prefix | +| `Link` | description | 150-154 | Added to description with "Link" prefix | +| `Projects` | description | 150-154 | Added to description with "Projects" prefix | +| `AssetID` | description | 150-154 | Added to description with "Asset ID" prefix | +| `AssetName` | description | 150-154 | Added to description with "Asset Name" prefix | +| `AssetRegion` | description | 150-154 | Added to description with "Asset Region" prefix | +| `ProviderUniqueId` | description | 150-154 | Added to description with "Provider Unique Id" prefix | +| `CloudProviderURL` | description | 150-154 | Added to description with "Cloud Provider URL" prefix | +| `CloudPlatform` | description | 150-154 | Added to description with "Cloud Platform" prefix | +| `Status` | Not parsed | - | Not directly used (FindingStatus is used instead) | +| `SubscriptionExternalId` | description | 150-154 | Added to description with "Subscription External Id" prefix | +| `SubscriptionId` | description | 150-154 | Added to description with "Subscription Id" prefix | +| `SubscriptionName` | description | 150-154 | Added to description with "Subscription Name" prefix | +| `Tags` | unsaved_tags | 186 | Parsed into tags list using _parse_tags function | +| `ExecutionControllers` | description | 150-154 | Added to description with "Execution Controllers" prefix | +| `ExecutionControllersSubscriptionExternalIds` | description | 150-154 | Added to description with "Execution Controllers Subscription External Ids" prefix | +| `ExecutionControllersSubscriptionNames` | description | 150-154 | Added to description with "Execution Controllers Subscription Names" prefix | +| `CriticalRelatedIssuesCount` | Not parsed | - | Not used in mapping | +| `HighRelatedIssuesCount` | Not parsed | - | Not used in mapping | +| `MediumRelatedIssuesCount` | Not parsed | - | Not used in mapping | +| `LowRelatedIssuesCount` | Not parsed | - | Not used in mapping | +| `InfoRelatedIssuesCount` | Not parsed | - | Not used in mapping | +| `OperatingSystem` | description | 150-154 | Added to description with "Operating System" prefix | +| `IpAddresses` | description | 150-154 | Added to description with "Ip Addresses" prefix | + +#### Additional Finding Field Settings (SCA Format) | Finding Field | Default Value | Parser Line # | Notes | | -------------- | ------------- | ------------- | ----------------------------------- | @@ -137,51 +156,38 @@ To generate these files, export the findings from the Wiz platform by: ## Special Processing Notes -### Date Processing +#### Date Processing - Parser uses function `parse_wiz_datetime()` (lines 207-246) to handle different date formats from Wiz - Handles both ISO8601 and custom Wiz timestamp formats -### Status Conversion +#### Status Conversion - Both parser formats use `WizcliParsers.convert_status()` function to determine finding status (active, mitigated, etc.) - Standard format - if a finding is mitigated, the Resolved Time is used as the mitigated timestamp -### Description Construction +#### Description Construction - Most CSV fields maintain field name as a prefix when added to the Finding description - Description generated by iterating through predefined list of fields and adding data if present -### Title Format +#### Title Format - Standard format: Used directly from the "Title" field - SCA format: Combines package name (DetailedName) and vulnerability ID (Name) in format "{package_name}: {vulnerability_id}" -### Mitigation Construction +#### Mitigation Construction - Standard format: Primary source is "Remediation Recommendation" field with optional "Resolution" field - SCA format: Combines "Remediation", "LocationPath", and "FixedVersion" fields -### Deduplication +#### Deduplication - Both formats use the respective ID field as the unique_id_from_tool for deduplication -### Tags Handling (SCA Format) +#### Tags Handling (SCA Format) - "Tags" field is parsed from a JSON string format into a list of tag strings in format "key: value" (lines 186, 193-201) -### Sample Scan Data - -Sample Wiz Scanner scans can be found in the [sample scan data folder](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/wiz). - -## Link To Tool - -- [Wiz.io](https://www.wiz.io/) -- [Wiz Documentation](https://docs.wiz.io/) - -### Default Deduplication Hashcode Fields -By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/): - -- title -- description -- severity +### Source Code +Source code for the Wiz parser can be found on [GitHub](https://github.com/DefectDojo/django-DefectDojo/tree/cba7d81c98e040dc0a16032e82fd92f786b1dbd9/dojo/tools/wiz). \ No newline at end of file