Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add DLA security advisory #11058

Merged
merged 3 commits into from
Oct 15, 2024
Merged

add DLA security advisory #11058

merged 3 commits into from
Oct 15, 2024

Conversation

manuel-sommer
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Oct 14, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Oct 14, 2024
edited
Loading

DryRun Security Summary

The pull request enhances the vulnerability detection capabilities of the DefectDojo application by adding support for the Debian Security Tracker (DLA) and updating the SHA-256 checksum file for the configuration file, improving the overall security of the application.

Expand for full summary

Summary:

The changes in this pull request are focused on enhancing the vulnerability detection capabilities of the DefectDojo application by adding support for a new vulnerability source, the Debian Security Tracker (DLA). This change is a positive security improvement, as it will allow DefectDojo to provide users with more comprehensive vulnerability data, including details specific to Debian-based Linux distributions.

Additionally, the pull request includes an update to the SHA-256 checksum file for the dojo/settings/.settings.dist.py configuration file. This change ensures that the integrity of the configuration file can be verified, which is a common security practice. While the checksum update itself does not introduce any obvious security concerns, it is important to review the actual changes made to the configuration file to ensure that no security-sensitive settings have been modified in a way that could introduce vulnerabilities or security risks.

Files Changed:

  1. dojo/settings/settings.dist.py:

    • This file has been updated to include a new entry in the VULNERABILITY_URLS dictionary, which maps vulnerability IDs to their corresponding URLs from the Debian Security Tracker (DLA).
    • This change is a positive security improvement, as it expands the coverage of vulnerability information available to DefectDojo users.

  2. dojo/settings/.settings.dist.py.sha256sum:

    • The SHA-256 checksum for the dojo/settings/.settings.dist.py file has been updated from 6cd4cfc4ae1dc8f89a2d28122705df499b12efae6993c60aa205661cffea2220 to 4d3e91f176b73278750dc2f46d27cd4fe2b47d24682ad06d6267880bbdec599c.
    • This change confirms that the contents of the dojo/settings/.settings.dist.py file have been modified, and the checksum has been updated to reflect the changes.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Oct 14, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 728ab1e into DefectDojo:bugfix Oct 15, 2024
73 checks passed
pedrohdjs pushed a commit to pedrohdjs/django-DefectDojo-sorting that referenced this pull request Oct 21, 2024
@manuel-sommer
add DLA security advisory (DefectDojo#11058)
e2b5b4f 
* add DLA security advisory

* ruff linter

* ruff linter
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@rossops rossops rossops approved these changes

@mtesauro mtesauro mtesauro approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @grendel513 @mtesauro @rossops @Maffooch