Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge bugfix into dev for release 2.27.0 #8772

Merged
merged 13 commits into from
Oct 2, 2023
Merged

Merge bugfix into dev for release 2.27.0 #8772

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
75bfe26
Update versions in application files
Sep 25, 2023
87a0ba5
Merge pull request #8727 from DefectDojo/master-into-bugfix/2.26.4-2.…
Maffooch Sep 25, 2023
44c3367
add parser documentation template to aws_prowler_v3.md (#8729)
paulOsinski Sep 27, 2023
ccba07c
setEnv: Fix symlink processing (#8736)
kiblik Sep 27, 2023
a24c8cc
add parser template to anchore_grype.md (#8718)
paulOsinski Sep 27, 2023
7f609ba
Excel Export throws 500 error code (#8735)
FelixHernandez Sep 28, 2023
2d3cf0b
Temporarily pin versions of chrome and chrome webdriver (#8755)
dwalleck Sep 29, 2023
34e271a
update govulncheck parser to new format (#8743)
FelixHernandez Sep 29, 2023
9ec3124
add parser documentation for burp scan & burp-enterprise (#8764)
paulOsinski Oct 2, 2023
985034b
add parser formatting to bandit.md (#8757)
paulOsinski Oct 2, 2023
d94aeb6
update acceptable json on awssecurityhub.md (#8756)
paulOsinski Oct 2, 2023
df7e4c2
Fix "data model" link in Features (#8744)
kiblik Oct 2, 2023
54e9f91
Correct product revenue value on the product details page (#8741)
Maffooch Oct 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Dockerfile.integration-tests-debian
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ RUN \
echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list && \
apt-get -y update && \
apt-get -y install \
google-chrome-stable \
google-chrome-stable=117.0.5938.132-1 \
&& \
apt-get clean && \
rm -rf /var/lib/apt/lists && \
Expand All @@ -38,7 +38,7 @@ WORKDIR /opt/chrome-driver
RUN \
chrome_version=$(apt-cache show google-chrome-stable | grep Version | awk '{print $2}' | cut -d '-' -f 1) && \
chrome_version_blob=$(curl -k https://googlechromelabs.github.io/chrome-for-testing/known-good-versions-with-downloads.json | jq ".versions[] | select(.version==\"$chrome_version\")") && \
chromedriver_url=$(echo $chrome_version_blob | jq -r ".downloads.chromedriver[] | select(.platform==\"linux64\") | .url") && \
chromedriver_url=https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/117.0.5938.92/linux64/chromedriver-linux64.zip && \
wget $chromedriver_url && \
unzip -j chromedriver-linux64.zip chromedriver-linux64/chromedriver && \
rm -rf chromedriver-linux64.zip && \
Expand Down
2 changes: 1 addition & 1 deletion components/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "defectdojo",
"version": "2.26.4",
"version": "2.27.0-dev",
"license" : "BSD-3-Clause",
"private": true,
"dependencies": {
Expand Down
4 changes: 2 additions & 2 deletions docker/setEnv.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,15 @@ function show_current {
function get_current {
if [ -L ${override_link} ]
then
# Check for Mac OSX
# Check for Mac OSX
if [[ "$OSTYPE" == "darwin"* ]]; then
# readlink is not native to mac, so this will work in it's place.
symlink=$(python3 -c "import os; print(os.path.realpath('docker-compose.override.yml'))")
else
# Maintain the cleaner way
symlink=$(readlink -f docker-compose.override.yml)
fi
current_env=$(expr $(basename symlink) : "^docker-compose.override.\(.*\).yml$")
current_env=$(expr $(basename $symlink) : "^docker-compose.override.\(.*\).yml$")
else
current_env=release
fi
Expand Down
190 changes: 187 additions & 3 deletions docs/content/en/integrations/parsers/file/anchore_grype.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,192 @@
title: "Anchore Grype"
toc_hide: true
---
Anchore Grype JSON report format generated with `-o json` option.
### File Types
DefectDojo parser accepts a .json file.

Anchore Grype JSON files are created using the Grype CLI, using the '-o json' option. See: https://github.com/anchore/grype

**Example:**
{{< highlight bash >}}
grype defectdojo/defectdojo-django:1.13.1 -o json > many_vulns.json
{{< /highlight >}}
grype yourApp/example-page -o json > example_vulns.json
{{< /highlight >}}


### Acceptable JSON Format
All properties are expected as strings and are required by the parser.

~~~
{
"matches": [
{
"vulnerability": {
"id": "example-id",
"dataSource": "https://example.org/.../example-id",
"namespace": "exampleName",
"severity": "exampleSeverity",
"urls": [
"https://example.org/.../example-id",
...
],
"cvss": [],
"fix": {
"versions": [],
"state": "not-fixed"
},
"advisories": []
},
"relatedVulnerabilities": [
{
"id": "first-related-example-id",
"dataSource": "https://example.org/.../related-example-id",
"namespace": "first-related-exampleName",
"severity": "first-related-exampleSeverity",
"urls": [
"https://example.org/.../related-example-id",
...
],
"description": "first-example-description",
"cvss": [
{
"version": "2.0",
"vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"metrics": {
"baseScore": 2.1,
"exploitabilityScore": 3.9,
"impactScore": 2.9
},
"vendorMetadata": {}
}
]
},
...
],
"matchDetails": [
{
"matcher": "example-matcher",
"searchedBy": {
"distro": {
"type": "example-distrotype",
"version": "10"
},
"namespace": "exampleName",
"package": {
"name": "example-package",
"version": "1.17-3+deb10u3"
}
},
"found": {
"versionConstraint": "none (deb)"
}
}
],
"artifact": {
"name": "example-artifact",
"version": "example-artifact-version",
"type": "example-type",
"locations": [
{
"path": ".../examplePath/",
"layerID": "exampleLayerID"
},
{
"path": ".../examplePath-2/",
"layerID": "exampleLayerID"
},
...
],
"language": "",
"licenses": [
"GPL-2"
],
"cpes": [
"example-cpe",
...
],
"purl": "pkg:deb/debian/[email protected]+deb10u3?arch=amd64",
"metadata": {
"Source": "krb5"
}
}
},
...
],
"source": {
"type": "image",
"target": {
"userInput": "vulnerable-image:latest",
"imageID": "sha256:ce9898fd214aef9c994a42624b09056bdce3ff4a8e3f68dc242d967b80fcbeee",
"manifestDigest": "sha256:9d8825ab20ac86b40eb71495bece1608a302fb180384740697a28c2b0a5a0fc6",
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"tags": [
"vulnerable-image:latest"
],
"imageSize": 707381791,
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"digest": "sha256:d000633a56813933cb0ac5ee3246cf7a4c0205db6290018a169d7cb096581046",
"size": 69238554
},
...
],
"manifest": "exampleManifestString==",
"config": "exampleConfigString",
"repoDigests": []
}
},
"distro": {
"name": "debian",
"version": "10",
"idLike": ""
},
"descriptor": {
"name": "grype",
"version": "0.28.0",
"configuration": {
"configPath": "",
"output": "json",
"file": "",
"output-template-file": "",
"quiet": false,
"check-for-app-update": true,
"only-fixed": false,
"scope": "Squashed",
"log": {
"structured": false,
"level": "",
"file": ""
},
"db": {
"cache-dir": "/home/user/.cache/grype/db",
"update-url": "https://toolbox-data.anchore.io/grype/databases/listing.json",
"ca-cert": "",
"auto-update": true,
"validate-by-hash-on-start": false
},
"dev": {
"profile-cpu": false,
"profile-mem": false
},
"fail-on-severity": "",
"registry": {
"insecure-skip-tls-verify": false,
"insecure-use-http": false,
"auth": []
},
"ignore": null,
"exclude": []
},
"db": {
"built": "2021-12-24T08:14:02Z",
"schemaVersion": 3,
"location": "/home/user/.cache/grype/db/3",
"checksum": "sha256:6c4777e1acea787e5335ccee6b5e4562cd1767b9cca138c07e0802efb2a74162",
"error": null
}
}
}
~~~

### Sample Scan Data
Sample Grype scans can be found at https://github.com/DefectDojo/sample-scan-files/tree/master/anchore_grype .
70 changes: 69 additions & 1 deletion docs/content/en/integrations/parsers/file/aws_prowler_v3.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,72 @@
title: "AWS Prowler V3"
toc_hide: true
---
AWS Prowler V3 file can be imported as JSON (`-M json`) file.

### File Types
DefectDojo parser accepts a .json file. Please note: earlier versions of AWS Prowler create output data in a different format. See our other documentation if you are using an earlier version of AWS Prowler: https://documentation.defectdojo.com/integrations/parsers/file/aws_prowler/

JSON reports can be created from the [AWS Prowler V3 CLI](https://docs.prowler.cloud/en/latest/tutorials/reporting/#json) using the following command: `prowler <provider> -M json`


### Acceptable JSON Format
Parser expects an array of assessments. All properties are strings and are required by the parser.

~~~

[
{
"AssessmentStartTime": "example_timestamp",
"FindingUniqueId": "example_uniqueIdFromTool",
"Provider": "example_provider",
"CheckID": "acm_certificates_expiration_check",
"CheckTitle": "Check if ACM Certificates are about to expire in specific days or less",
"CheckType": [
"Example ASFF-Compliant Finding Type"
],
"ServiceName": "example_awsServiceName",
"SubServiceName": "",
"Status": "FAIL",
"StatusExtended": "Example status description",
"Severity": "example_severity",
"ResourceType": "AwsCertificateManagerCertificate",
"ResourceDetails": "",
"Description": "Example general test description.",
"Risk": "Example test impact description.",
"RelatedUrl": "https://docs.aws.amazon.com/config/latest/developerguide/acm-certificate-expiration-check.html",
"Remediation": {
"Code": {
"NativeIaC": "",
"Terraform": "",
"CLI": "",
"Other": ""
},
"Recommendation": {
"Text": "Example recommendation.",
"Url": "https://docs.aws.amazon.com/config/latest/developerguide/example_related_documentation.html"
}
},
"Compliance": {
"GDPR": [
"article_32"
],
...
},
"Categories": [],
"DependsOn": [],
"RelatedTo": [],
"Notes": "",
"Profile": null,
"AccountId": "example_accountId",
"OrganizationsInfo": null,
"Region": "example_region",
"ResourceId": "example.resource.id.com",
"ResourceArn": "arn:aws:acm:us-east-1:999999999999:certificate/ffffffff-0000-0000-0000-000000000000",
"ResourceTags": {}
}
...
]

~~~

### Sample Scan Data
Unit tests of AWS Prowler V3 JSON can be found at https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aws_prowler_v3.
Loading