Open
Conversation
….56.0-2.57.0-dev Release: Merge back 2.56.0 into dev from: master-into-dev/2.56.0-2.57.0-dev
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.15.2 to 0.15.4. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.15.2...0.15.4) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.15.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….21.0 (docker-compose.override.dev.yml) (DefectDojo#14415) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…mpose.yml) (DefectDojo#14399) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…idator action from v2.0.0 to v2.1.0 (.github/workflows/renovate.yaml) (DefectDojo#14407) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…v1.35.2 (.github/workflows/k8s-tests.yml) (DefectDojo#14417) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…ithub/workflows/k8s-tests.yml) (DefectDojo#14418) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…43.51.2 (.github/workflows/renovate.yaml) (DefectDojo#14419) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…3.12 to v (dockerfile.integration-tests-debian) (DefectDojo#14420) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps vulners from 3.1.6 to 3.1.7. --- updated-dependencies: - dependency-name: vulners dependency-version: 3.1.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…efectDojo#14318) * feature: quick verify finding * keyboard shortcuts to verify/close finding * address feedback * sync to JIRA in verify_finding * lint --------- Co-authored-by: Filipe Pina <63779195+fopinappb@users.noreply.github.com>
* helpful error message rather than crash when trying to view non-URL in URL view * Update dojo/url/ui/views.py --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-version: 2.0.48 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…efectDojo#14423) Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2026.1.1 to 2026.3.1. - [Commits](tfranzel/drf-spectacular-sidecar@2026.1.1...2026.3.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-version: 2026.3.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….github/workflows/validate_docs_build.yml) (DefectDojo#14437) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…thub/workflows/release-x-manual-tag-as-latest.yml) (DefectDojo#14438) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
….56.1-2.57.0-dev Release: Merge back 2.56.1 into dev from: master-into-dev/2.56.1-2.57.0-dev
Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 8.0.0 to 8.1.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](python-gitlab/python-gitlab@v8.0.0...v8.1.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….56.1-2.57.0-dev Release: Merge back 2.56.1 into dev from: master-into-dev/2.56.1-2.57.0-dev
…43.60.4 (.github/workflows/renovate.yaml) (DefectDojo#14463) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
… v4 (.github/workflows/release-x-manual-tag-as-latest.yml) (DefectDojo#14447) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…0 to v6.4.0 (.github/workflows/release-drafter.yml) (DefectDojo#14455) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [setuptools](https://github.com/pypa/setuptools) from 82.0.0 to 82.0.1. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v82.0.0...v82.0.1) --- updated-dependencies: - dependency-name: setuptools dependency-version: 82.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…2.12 to v (docker-compose.yml) (DefectDojo#14480) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…Dojo#14434) * minor changes: django.conf.settings over dojo.settings * missed bit * auditlog not used anymore
Co-authored-by: valentijnscholten <4426050+valentijnscholten@users.noreply.github.com> Co-authored-by: valentijnscholten <valentijnscholten@gmail.com>
…tDojo#14446) Co-authored-by: vishnuclawd-007 <vishnuclawd-007@users.noreply.github.com>
* test: add IriusRisk parser sample scan files Authored by T. Walker - DefectDojo * feat: add IriusRisk parser stub for auto-discovery Authored by T. Walker - DefectDojo * test: add IriusRisk parser unit tests (failing, TDD) Authored by T. Walker - DefectDojo * feat: implement IriusRisk CSV threat parser Authored by T. Walker - DefectDojo * docs: add IriusRisk parser documentation Authored by T. Walker - DefectDojo * fix: address gap analysis findings for IriusRisk parser - Update test CSVs from 12 to 14 columns (add MITRE reference, STRIDE-LM) - Parse MITRE reference: CWE-NNN extracts to cwe field, other values to references - Include STRIDE-LM in description when populated - Add Critical to severity mapping - Change static_finding to False per connector spec - Update documentation to reflect all changes - Add tests for CWE extraction, references, STRIDE-LM, and Critical severity Authored by T. Walker - DefectDojo * fix: remove computed unique_id_from_tool from IriusRisk parser Per PR review feedback, parsers must not compute unique_id_from_tool. Removed SHA-256 hash generation and related tests. Deduplication now relies on DefectDojo's default hashcode algorithm. Updated docs to reflect the change. Authored by T. Walker - DefectDojo * docs: remove parser line numbers from IriusRisk documentation Per PR review feedback, removed line number references from field mapping tables and prose sections to reduce maintenance burden when parser code changes. Authored by T. Walker - DefectDojo * fix: increase title truncation threshold from 150 to 500 characters Per PR review feedback, expanded title field to use more of the available 511 characters. Added test data with 627-char threat to verify truncation behavior. Updated docs accordingly. Authored by T. Walker - DefectDojo * feat: add hashcode deduplication config for IriusRisk parser Register IriusRisk Threats Scan in HASHCODE_FIELDS_PER_SCANNER and DEDUPLICATION_ALGORITHM_PER_PARSER so deduplication uses title and component_name rather than the legacy algorithm. These stable fields ensure reimports match existing findings even when risk levels or countermeasure progress change between scans. Update docs to match. Authored by T. Walker - DefectDojo * chore: retrigger CI checks Authored by T. Walker - DefectDojo --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
…7 (.github/workflows/release-x-manual-docker-containers.yml) (DefectDojo#14451) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…ojo#14482) Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.3.5 to 0.3.6. - [Release notes](https://github.com/bpampuch/pdfmake/releases) - [Changelog](https://github.com/bpampuch/pdfmake/blob/master/CHANGELOG.md) - [Commits](bpampuch/pdfmake@0.3.5...0.3.6) --- updated-dependencies: - dependency-name: pdfmake dependency-version: 0.3.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…r-compose.yml) (DefectDojo#13582) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* perf: batch duplicate marking in batch deduplication Instead of saving each duplicate finding individually, collect all modified findings during a batch deduplication run and flush them in a single bulk_update call. Original (existing) findings are still saved individually to preserve auto_now timestamp updates and post_save signal behavior, but are deduplicated by id so each is saved at most once per batch. Reduces DB writes from O(2N) individual saves to 1 bulk_update + O(unique originals) saves for a batch of N duplicates. Performance test shows -23 queries on a second import with duplicates. * perf: restrict SELECT columns for batch deduplication via only() Add Finding.DEDUPLICATION_FIELDS — the union of all Finding fields needed across every deduplication algorithm — and apply it as an only() clause in get_finding_models_for_deduplication. This avoids loading large text columns (description, mitigation, impact, references, steps_to_reproduce, severity_justification, etc.) when loading findings for the batch deduplication task, reducing data transferred from the database without affecting query count. build_candidate_scope_queryset is intentionally excluded: it is also used for reimport matching (which accesses severity, numerical_severity and other fields outside this set) and applying only() there would cause deferred-field extra queries. * perf(dedup): defer large text fields on candidate queryset - Add Finding.DEDUPLICATION_DEFERRED_FIELDS constant listing large text columns (description, mitigation, impact, references, etc.) that are never read during deduplication or candidate matching. - Apply .defer(*Finding.DEDUPLICATION_DEFERRED_FIELDS) in build_candidate_scope_queryset to avoid loading those columns for the potentially large candidate pool fetched per dedup batch. Reduces deduplication second-import query count from 213 to 183 (-30). --------- Co-authored-by: Matt Tesauro <mtesauro@gmail.com>
…#14449) * perf(fp-history): batch false positive history processing Replaces the N+1 query pattern in false positive history with a single product-scoped DB query per batch, and switches per-finding save() calls to QuerySet.update() to eliminate redundant signal overhead. Changes: - Extract _fp_candidates_qs() as the single algorithm-dispatch helper shared by both single-finding and batch lookup paths - Add do_false_positive_history_batch() which fetches all FP candidates in one query and marks findings with a single UPDATE - do_false_positive_history() now delegates to the batch function - post_process_findings_batch (import/reimport) calls the batch function instead of a per-finding loop - _bulk_update_finding_status_and_severity (bulk edit) groups findings by (product, dedup_alg) and calls the batch function once per group; retroactive reactivation also batched the same way - Fix dead-code bug in process_false_positive_history: the condition finding.false_p and not finding.false_p was always False because form.save(commit=False) mutates the finding in place; fixed by capturing old_false_p before the form save - Replace all per-finding save()/save_no_options() in FP history paths with QuerySet.update() (bypasses signals identically to the old calls) - Move all FP history helpers from dojo/utils.py to dojo/finding/deduplication.py alongside the matching dedupe helpers All update() calls carry a comment explaining the signal-bypass equivalence with the previous save(skip_validation=True) calls. Adds 4 unit tests covering: batch single-query behaviour, retroactive batch FP marking, retroactive reactivation (previously dead code), and the no-reactivation guard. * perf(fp-history): add .only() to candidate fetch, fix update() comments Limit _fetch_fp_candidates_for_batch to only the fields actually read from candidate objects (id, false_p, active, hash_code, unique_id_from_tool, title, severity), avoiding loading unused columns. Correct update() comments to clarify that .only() does not constrain QuerySet.update() — Django generates UPDATE SQL independently — so the sync requirement is only for fields *read* from candidate objects. * test(fp-history): assert exact query count in batch tests assertNumQueries(7) on both batch tests covers: System_Settings, 4 lazy-load chain (test/engagement/product/test_type from findings[0]), candidates SELECT with .only(), and the bulk UPDATE — fixed regardless of batch size or number of retroactively marked findings. * test(fp-history): assert query count stays flat with N affected findings New test creates 5 pre-existing findings and asserts the batch still uses exactly 7 queries regardless — proving the old O(N) per-finding save loop is gone and a single bulk UPDATE covers all affected rows.
…8.0.1 (.github/workflows/rest-framework-tests.yml) (DefectDojo#14490) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…to v0.13.1 (.github/workflows/cancel-outdated-workflow-runs.yml) (DefectDojo#14491) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
tejas0077
added
enhancement
tejas0077
force-pushed
the
feature/add-missing-regulations
branch
2 times, most recently
from
f7b6264 to
f97e936
Compare
github-actions
Bot
added
docs
docker
helm
unittests
apiv2
ui
parser
and removed
New Migration
labels
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When running frequent reimports, the
dojo_test_import_finding_actiontable grows infinitely causing significant database bloat (reported cases of 19GB+). This PR adds a configurablemax_import_historysetting similar to the existingmax_dupesfeature to automatically clean up old import history records.Changes made:
max_import_historyfield toSystem_SettingsmodelDD_IMPORT_HISTORY_MAX_PER_OBJECTsetting tosettings.dist.pyasync_import_history_cleanupcelery task intasks.pyto delete oldestTest_Importrecords when a test exceeds the configured limit0262_system_settings_max_import_history.pyCloses DefectDojo#13776
Test results
Manually verified the new field appears correctly in the System_Settings model. The cleanup task follows the same pattern as the existing
async_dupe_deletetask. Unit tests to be added in a follow-up if requested by maintainers.Documentation
No documentation changes needed. The setting is self-explanatory via the help_text in the model field, consistent with how
max_dupesis documented.Checklist
dev.dev.bugfixbranch.