feat(helm): Add support for staticName for initializer

[kiblik]

This PR

• enables a static name for the Initializer job
• do not change the default behavior
• was already mentioned here as enabled
• might be useful for systems that use HELM only to generate templates (like ArgoCD).

[dryrunsecurity]

DryRun Security Summary

The provided code changes focus on the Helm chart for the DefectDojo application, introducing a new option to control the naming of the initializer job, updating the allowed hosts configuration, and implementing a database migration checker, all of which are security enhancements.

Expand for full summary

Summary:

The provided code changes are related to the Helm chart for the DefectDojo application, specifically focusing on the initialization job for the application. The changes introduce a new option to control the naming of the initializer job, which can be set to use a static or dynamic name. Additionally, the changes include updates to the allowed hosts configuration and the implementation of a database migration checker, both of which are good security practices.

From an application security perspective, the changes look reasonable and do not introduce any obvious security concerns. The static initializer job name option and the database migration check are both positive security enhancements. However, it's important to thoroughly review the entire codebase and configuration to ensure there are no other security vulnerabilities or misconfigurations. Additionally, regular security audits and penetration testing are recommended to identify and address any potential security issues.

Files Changed:

1. helm/defectdojo/templates/_helpers.tpl:

   • The changes introduce a new option initializer.staticName that controls the naming of the initializer job. When set to true, it will use a static name, and when set to false, it will use a dynamic name with the current timestamp.
   • The changes also include updates to the DD_ALLOWED_HOSTS configuration, which is a common security practice to prevent host header injection attacks.
   • The code includes a dbMigrationChecker template that runs a database migration check before the application starts, which is a good security practice to ensure the database is in a consistent state.

2. helm/defectdojo/values.yaml:

   • The changes introduce a new configuration option called staticName in the initializer section of the values.yaml file.
   • This option allows controlling the naming of the initializer job, either using a static name or a dynamic name based on the current time.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved