HCL AppScan on Cloud SAST results parser

[xpert98]

⚠️ Note on feature completeness ⚠️

We are narrowing the scope of acceptable enhancements to DefectDojo in preparation for v3. Learn more here:
https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md

Description
New parser for HCL AppScan on Cloud SAST results.

Test results
Unit tests (and samples) added. Tests pass.

Documentation
Documentation file added

Checklist

This checklist is for your information.

• Make sure to rebase your PR against the very latest dev.
• Features/Changes should be submitted against the dev.
• Bugfixes should be submitted against the bugfix branch.
• Give a meaningful name to your PR, as it may end up being used in the release notes.
• Your code is flake8 compliant.
• Your code is python 3.11 compliant.
• If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
• Model changes must include the necessary migrations in the dojo/db_migrations folder.
• Add applicable tests to the unit tests.
• Add the proper label to categorize your PR.

Extra information

[dryrunsecurity]

DryRun Security Summary

The text indicates that there are no code changes or files provided, so the application security engineer cannot review or summarize any specific code changes, but is ready to provide a security-focused assessment on any future pull requests that contain code changes.

Expand for full summary

Summary:

There are no code changes provided in the input, so I do not have any specific code changes to review or summarize. As an application security engineer, I would typically review any code changes in a pull request to ensure they do not introduce any security vulnerabilities or unintended consequences. Without any code changes to analyze, I cannot provide a meaningful summary. However, I am ready to review any future pull requests that contain code changes and provide my security-focused assessment.

Files Changed:

There are no files changed in the provided input.

Code Analysis

We ran 9 analyzers against 0 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[manuel-sommer]

#11162

[mtesauro]

@xpert98 Thanks for the parser contribution.

I've kicked off the GH action tests to see how those go but you'll definitely need to fix the ruff linter issues before we'll start reviewing this PR.

[xpert98]

Updates implemented based on the linter results.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[mtesauro]

@xpert98 Thanks for fixing the ruff issues.

I just re-kicked off the tests - wait till those finish and, assuming they're green, you'll just need to fix the merge conflicts.

Nice work so far... 👍

[xpert98]

Should settings.dist.py be left out of the commit in order to pass the test?

[xpert98]

@mtesauro Any advice on how to proceed? It appears to me like the rest framework unit test failure is unrelated to my parser (but happy to make any adjustments if it is related)

[kiblik]

Hi @xpert98

• Regarding unit test, can you try to rebase (or merge from dev)? It really looks irrelevant but you never know.
• Regarding settings.dist.py. The edit of this file is correct and it can be performed in PR. But the hash needs to be recalculated with every edit of this file (merge/rebase from dev might require recalculation as well - if the file was edited in the meantime)