update branch (#3)

* Update versions in application files * Update jira-description.tpl (DefectDojo#9403) * Update and rename whitesource.md to mend.md (DefectDojo#9348) * Update and rename whitesource.md to mend.md * Update docs/content/en/integrations/parsers/file/mend.md Co-authored-by: Charles Neill <[email protected]> --------- Co-authored-by: Charles Neill <[email protected]> * API: Remote v2 OpenAPI2 Docs from menu (DefectDojo#9469) * 🐛 fix migration (DefectDojo#9467) * finding sla expiration date field (part one) (DefectDojo#9473) * addition of sla expiration date field on the finding model * add migration and fix indentation issue * fix mitigated finding remaining sla days calculation * fix sla violation filter to return only active, sla violating findings * migration system settings fix * fix mitigation date vs datetime discrepancy * fix breaking unit test * move product save check to signal * fix unit test failure * make signal operations async, fix sla config delete 500 error * add unit tests to test sla expiration date functionality * restarting without signals * add async updating flags, redo migration * move signal logic to overriden save * fix errors for non-existing objects at creation * clean up comments and a few logical expressions * fix flake8 error * addition of new unit tests * fix unit test error * add message to form fields when async updating flag is true * fix save location, reword form messages, reword redirect messages * remove commented lines from unit tests * add a bit more description to API validation errors * migration fix * migration performance improvements * fix datetime - str comparison issue * clean up for part one of sla expiration date field * fix flake8 * Update dojo/db_migrations/0200_finding_sla_expiration_date_product_async_updating_and_more.py Co-authored-by: Charles Neill <[email protected]> * Update dojo/models.py Co-authored-by: Charles Neill <[email protected]> --------- Co-authored-by: Charles Neill <[email protected]> * Update versions in application files * Update versions in application files * Update release-drafter/release-drafter action from v5.25.0 to v6 (.github/workflows/release-drafter.yml) (DefectDojo#9460) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump pytz from 2023.4 to 2024.1 (DefectDojo#9465) Bumps [pytz](https://github.com/stub42/pytz) from 2023.4 to 2024.1. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](stub42/pytz@release_2023.4...release_2024.1) --- updated-dependencies: - dependency-name: pytz dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump django-debug-toolbar from 4.2.0 to 4.3.0 (DefectDojo#9466) Bumps [django-debug-toolbar](https://github.com/jazzband/django-debug-toolbar) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/jazzband/django-debug-toolbar/releases) - [Changelog](https://github.com/jazzband/django-debug-toolbar/blob/main/docs/changes.rst) - [Commits](django-commons/django-debug-toolbar@4.2...4.3) --- updated-dependencies: - dependency-name: django-debug-toolbar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump nginx from `d12e6f7` to `f2802c2` (DefectDojo#9477) Bumps nginx from `d12e6f7` to `f2802c2`. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependency postcss from 8.4.33 to v8.4.34 (docs/package.json) (DefectDojo#9481) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) (DefectDojo#9458) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * ⬆️ Bump boto3 from 1.34.32 to 1.34.35 (DefectDojo#9489) Bumps [boto3](https://github.com/boto/boto3) from 1.34.32 to 1.34.35. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.34.32...1.34.35) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update dependency ruff from 0.1.15 to v0.2.1 (requirements-lint.txt) (DefectDojo#9459) * Update dependency ruff from 0.1.15 to v0.2.1 (requirements-lint.txt) * Fix ruff warning (DefectDojo#9461) * Update dependency ruff from 0.1.15 to v0.2.0 (requirements-lint.txt) * fix ruff warning --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Charles Neill <[email protected]> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: kiblik <[email protected]> Co-authored-by: Charles Neill <[email protected]> * 🐛 fix defaulting severity, see last comments in DefectDojo#8778 (DefectDojo#9370) Co-authored-by: Cody Maffucci <[email protected]> * Add ruff for *tests (DefectDojo#9406) * Revert ":bug: fix dependencytrack deduplication (DefectDojo#9117)" (DefectDojo#9371) This reverts commit 0f55a7f. Co-authored-by: Cody Maffucci <[email protected]> * dojo/importers/importer/importer.py - Change "None" string to "Info" from cvss module when a CVSS vector string should evaluate to "Info" (DefectDojo#9453) * dojo/importers/importer/importer.py - Change "None" string to "Info" from cvss module when a CVSS vector string evaluates to "Info" * dojo/importers/importer/importer.py - Change "None" string to "Info" from cvss module when a CVSS vector string evaluates to "Info" #flake8_fix * Trivy Operator VulnerabilityReport Parser tweaks (DefectDojo#9452) * API: Check missing endpoints (DefectDojo#7618) * Rename unittest * Define exceptions for now * Announcement was implemented * Fix unittests with assertRaises + replace assertTrue/False with better checks (DefectDojo#9435) * Fix unittests with assertRaises * Replace assertTrue/False with better checks * Fixes * Optimize list of Maintenance in relase notes (DefectDojo#9492) * fix typo in docs (DefectDojo#9487) * 🐛 WFuzz: Add additional severity mappings (DefectDojo#9486) * 🐛 fix wfuzz, issue DefectDojo#7863 * add 302 * update docs * Be strict about Warnings during testing (DefectDojo#9490) * Set PYTHONWARNINGS=error * Add basic filterwarnings * Mute some warnings * Mute one more warning * 🐛 fix trufflehog3, issue DefectDojo#6999 (DefectDojo#9470) * 🐛 fix yarn_audit, DefectDojo#6495 (DefectDojo#9478) * Bump vulners from 2.1.2 to 2.1.5 (DefectDojo#9391) Bumps [vulners]() from 2.1.2 to 2.1.5. --- updated-dependencies: - dependency-name: vulners dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add support for DD_APPEND_SLASH (DefectDojo#9385) * Override default Django APPEND_SLASH * Update dojo/settings/settings.dist.py * 🎉 Improvements for wazuh importer (DefectDojo#9248) * improvement for wazuh importer * 🔧 change on dedupe for Wazuh * 🔧 change on dedupe for Wazuh * 📝 * ✏️ * 📝 * 📝 * flake8 * 🎉 recoded wazuh importer to support endpoints * ✅ adjusted unittests * 📝 * ✏️ * ✏️ --------- Co-authored-by: Cody Maffucci <[email protected]> * Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) (DefectDojo#9501) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency postcss from 8.4.34 to v8.4.35 (docs/package.json) (DefectDojo#9502) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Improve API endpoints for Risk Acceptances (DefectDojo#9415) * Modifying Bugcrowd API Parser to align to vendor documentation on wha… (DefectDojo#9517) * Modifying Bugcrowd API Parser to align to vendor documentation on what the not_applicable state means. It is now active == False and severity == 'Info'. [sc-4217] * fixing Flake8 errors * fixing Flake8 errors, part deux --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: DefectDojo release bot <[email protected]> Co-authored-by: Cody Maffucci <[email protected]> Co-authored-by: Paul Osinski <[email protected]> Co-authored-by: Charles Neill <[email protected]> Co-authored-by: kiblik <[email protected]> Co-authored-by: manuelsommer <[email protected]> Co-authored-by: Blake Owens <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Robert Kiss <[email protected]> Co-authored-by: ninp0 <[email protected]> Co-authored-by: Raouf HADDADA <[email protected]> Co-authored-by: Felix Hernandez <[email protected]> Co-authored-by: Jay Paz <[email protected]>
quirinziessler · Feb 10, 2024 · f51330d · f51330d
1 parent e2e0255
commit f51330d
Show file tree

Hide file tree

Showing 124 changed files with 1,783 additions and 586 deletions.
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
@@ -42,16 +42,17 @@ categories:
   - title: '🗣 Updates in localization'
     label: 'localization'
   - title: '🧰 Maintenance'
+    collapse-after: 3
     labels:
       - 'dependencies'
       - 'maintenance'
 exclude-labels:
-  - 'skip-changelog'    
-  
+  - 'skip-changelog'
+
 change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
 template: |
   Please consult the [Upgrade notes in the documentation ](https://documentation.defectdojo.com/getting_started/upgrading/) for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
-  
+
   ## Changes since $PREVIOUS_TAG
   $CHANGES
 
@@ -65,4 +66,4 @@ version-resolver:
   patch:
     labels:
       - 'patch'
-  default: patch
+  default: patch
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -27,7 +27,7 @@ jobs:
     steps:
       - name: Create Release
         id: create_release
-        uses: release-drafter/release-drafter@v5.25.0
+        uses: release-drafter/release-drafter@v6.0.0
         with:
           version: ${{ github.event.inputs.version }}  
         env:

diff --git a/.github/workflows/ruff.yml b/.github/workflows/ruff.yml
@@ -33,4 +33,4 @@ jobs:
         run: pip install -r requirements-lint.txt
 
       - name: Run Ruff Linter
-        run: ruff dojo
+        run: ruff .
diff --git a/Dockerfile.nginx-alpine b/Dockerfile.nginx-alpine
@@ -140,7 +140,7 @@ COPY manage.py ./
 COPY dojo/ ./dojo/
 RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true
 
-FROM nginx:1.25.3-alpine@sha256:d12e6f7153fae36843aaeed8144c39956698e084e2e898891fa0cc8fe8f6c95c
+FROM nginx:1.25.3-alpine@sha256:f2802c2a9d09c7aa3ace27445dfc5656ff24355da28e7b958074a0111e3fc076
 ARG uid=1001
 ARG appuser=defectdojo
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/

diff --git a/Dockerfile.nginx-debian b/Dockerfile.nginx-debian
@@ -75,7 +75,7 @@ COPY dojo/ ./dojo/
 
 RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true
 
-FROM nginx:1.25.3-alpine@sha256:d12e6f7153fae36843aaeed8144c39956698e084e2e898891fa0cc8fe8f6c95c
+FROM nginx:1.25.3-alpine@sha256:f2802c2a9d09c7aa3ace27445dfc5656ff24355da28e7b958074a0111e3fc076
 ARG uid=1001
 ARG appuser=defectdojo
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/

diff --git a/components/package.json b/components/package.json
@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.31.0-dev",
+  "version": "2.32.0-dev",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -149,7 +149,7 @@ services:
     volumes:
       - defectdojo_postgres:/var/lib/postgresql/data
   rabbitmq:
-    image: rabbitmq:3.12.12-alpine@sha256:614857f02c0f150a0b1d29b2a03700d34c14dff7d19c85398e968a58ac7517c1
+    image: rabbitmq:3.12.12-alpine@sha256:fcd6a66524be55c15c81011dc87cc4b6e4405130fbb950c21ad1d31e8f6322dd
     profiles: 
       - mysql-rabbitmq
       - postgres-rabbitmq

diff --git a/docker/entrypoint-integration-tests.sh b/docker/entrypoint-integration-tests.sh
@@ -29,6 +29,9 @@ export CHROMEDRIVER
 CHROME_PATH=/opt/chrome/chrome
 export CHROME_PATH
 
+# We are strict about Warnings during testing
+export PYTHONWARNINGS=error
+
 # Run available unittests with a simple setup
 # All available Integrationtest Scripts are activated below
 # If successsful, A successs message is printed and the script continues

diff --git a/docker/entrypoint-unit-tests-devDocker.sh b/docker/entrypoint-unit-tests-devDocker.sh
@@ -15,6 +15,9 @@ unset DD_DATABASE_URL
 # Unset the celery broker URL so that we can force the other DD_CELERY_BROKER settings
 unset DD_CELERY_BROKER_URL
 
+# We are strict about Warnings during testing
+export PYTHONWARNINGS=error
+
 python3 manage.py makemigrations dojo
 python3 manage.py migrate
 

diff --git a/docker/entrypoint-unit-tests.sh b/docker/entrypoint-unit-tests.sh
@@ -16,6 +16,9 @@ unset DD_DATABASE_URL
 # Unset the celery broker URL so that we can force the other DD_CELERY_BROKER settings
 unset DD_CELERY_BROKER_URL
 
+# We are strict about Warnings during testing
+export PYTHONWARNINGS=error
+
 # TARGET_SETTINGS_FILE=dojo/settings/settings.py
 # if [ ! -f ${TARGET_SETTINGS_FILE} ]; then
 #   echo "Creating settings.py"

diff --git a/docs/content/en/getting_started/upgrading/2.32.md b/docs/content/en/getting_started/upgrading/2.32.md
@@ -0,0 +1,7 @@
+---
+title: 'Upgrading to DefectDojo Version 2.32.x'
+toc_hide: true
+weight: -20240205
+description: No special instructions.
+---
+There are no special instructions for upgrading to 2.32.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.32.0) for the contents of the release.
diff --git a/docs/content/en/integrations/parsers/file/hcl_appscan.md b/docs/content/en/integrations/parsers/file/hcl_appscan.md
@@ -2,7 +2,7 @@
 title: "HCL Appscan"
 toc_hide: true
 ---
-The HCL Appscan has the possibiilty to export the results in PDF, XML and CSV formats within the portal. However, this parser only supports the import of XML generated from HCL Appscan on cloud.
+The HCL Appscan has the possibility to export the results in PDF, XML and CSV formats within the portal. However, this parser only supports the import of XML generated from HCL Appscan on cloud.
 
 ### Sample Scan Data
 Sample HCL Appscan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/hcl_appscan).
diff --git a/docs/content/en/integrations/parsers/file/mend.md b/docs/content/en/integrations/parsers/file/mend.md
@@ -12,4 +12,4 @@ Unit tests for Mend JSON files can be found at https://github.com/DefectDojo/dja
 ### Link To Tool
 See documentation: https://docs.mend.io/bundle/unified_agent/page/example_of_a_unified_agent_json_report.html
 
-*Formerly known as Whitesource.
+*Formerly known as Whitesource.*
diff --git a/docs/content/en/integrations/parsers/file/wazuh.md b/docs/content/en/integrations/parsers/file/wazuh.md
@@ -2,7 +2,51 @@
 title: "Wazuh Scanner"
 toc_hide: true
 ---
-Import JSON report.
+
+### File Types
+DefectDojo parser accepts a .json file from [Wazuh](https://wazuh.com). The export from Wazuh can be done via 2 ways. Choose the one which you prefer.
+
+- export the Wazuh findings from API and upload them to DefectDojo. This method may be the easiest one but does export all known vulnerabilities at once. It is not possible to sort them after clients or any other categories. You will receive all vulnerabilities in one engagement. It also does not output the endpoint of a finding.
+- export the findings via the script [available here](https://github.com/quirinziessler/wazuh-findings-exporter). The script fetches the findings by Wazuh client groups and saves them as json, ready for upload. You will receive one file per group allowing you to separate the clients via engagements in Wazuh. It also exports the endpoints hostname and displays them in DefectDojo UI.
+
+Independent of your above choice: Have in mind to adjust the max file size via "DD_SCAN_FILE_MAX_SIZE" if you see files larger than the default value of 100MB. Depending on the amount and category of integrated devices, the file size jumps rapidly.
+
+### Acceptable JSON Format
+Parser expects a .json file structured as below.
+
+~~~
+{
+  "data": {
+      "affected_items": [
+          {
+            "architecture": "amd64",
+            "condition": "Package less than 4.3.2",
+            "cve": "CVE-1234-123123",
+            "cvss2_score": 0,
+            "cvss3_score": 5.5,
+            "detection_time": "2023-02-08T13:55:10Z",
+            "external_references": [
+                "https://nvd.nist.gov/vuln/detail/CVE-YYYY-XXXXX",
+                "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-YYYY-XXXXX"
+            ],
+            "name": "asdf",
+            "published": "2022-09-01",
+            "severity": "Medium",
+            "status": "VALID",
+            "title": "CVE-YYYY-XXXXX affects asdf",
+            "type": "PACKAGE",
+            "updated": "2022-09-07",
+            "version": "4.3.1"
+        }
+      ],
+      "failed_items": [],
+      "total_affected_items": 1,
+      "total_failed_items": 0
+  },
+  "error": 0,
+  "message": "All selected vulnerabilities were returned"
+}
+~~~
 
 ### Sample Scan Data
 Sample Wazuh Scanner scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/wazuh).
diff --git a/docs/content/en/integrations/parsers/file/wfuzz.md b/docs/content/en/integrations/parsers/file/wfuzz.md
@@ -9,8 +9,10 @@ The return code matching are directly put in Severity as follow(this is hardcode
 HTTP Return Code | Severity
 -----------------|---------
 200              |  High
+302              |  Low
 401              |  Medium
 403              |  Medium
+404              |  Medium
 407              |  Medium
 500              |  Low
 

diff --git a/docs/package-lock.json b/docs/package-lock.json
diff --git a/docs/package.json b/docs/package.json
@@ -1,6 +1,6 @@
 {
   "devDependencies": {
-    "postcss": "8.4.33",
+    "postcss": "8.4.35",
     "autoprefixer": "10.4.17",
     "postcss-cli": "11.0.0"
   }

diff --git a/dojo/__init__.py b/dojo/__init__.py
@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa
 
-__version__ = '2.31.0-dev'
+__version__ = '2.32.0-dev'
 __url__ = 'https://github.com/DefectDojo/django-DefectDojo'
 __docs__ = 'https://documentation.defectdojo.com'
diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py
@@ -1527,6 +1527,16 @@ def get_engagement(self, obj):
             engagement
         )
 
+    def validate(self, data):
+        if self.context["request"].method == "POST":
+            findings = data['accepted_findings']
+            for finding in findings:
+                if not user_has_permission(self.context["request"].user, finding, Permissions.Finding_View):
+                    raise PermissionDenied(
+                        "You are not permitted to add one or more selected findings to this risk acceptance"
+                    )
+        return data
+
     class Meta:
         model = Risk_Acceptance
         fields = "__all__"
@@ -2004,8 +2014,20 @@ class Meta:
         exclude = (
             "tid",
             "updated",
+            "async_updating"
         )
 
+    def validate(self, data):
+        async_updating = getattr(self.instance, 'async_updating', None)
+        if async_updating:
+            new_sla_config = data.get('sla_configuration', None)
+            old_sla_config = getattr(self.instance, 'sla_configuration', None)
+            if new_sla_config and old_sla_config and new_sla_config != old_sla_config:
+                raise serializers.ValidationError(
+                    'Finding SLA expiration dates are currently being recalculated. The SLA configuration for this product cannot be changed until the calculation is complete.'
+                )
+        return data
+
     def get_findings_count(self, obj) -> int:
         return obj.findings_count
 
@@ -3031,7 +3053,21 @@ class Meta:
 class SLAConfigurationSerializer(serializers.ModelSerializer):
     class Meta:
         model = SLA_Configuration
-        fields = "__all__"
+        exclude = (
+            "async_updating",
+        )
+
+    def validate(self, data):
+        async_updating = getattr(self.instance, 'async_updating', None)
+        if async_updating:
+            for field in ['critical', 'high', 'medium', 'low']:
+                old_days = getattr(self.instance, field, None)
+                new_days = data.get(field, None)
+                if old_days and new_days and (old_days != new_days):
+                    raise serializers.ValidationError(
+                        'Finding SLA expiration dates are currently being calculated. The SLA days for this SLA configuration cannot be changed until the calculation is complete.'
+                    )
+        return data
 
 
 class UserProfileSerializer(serializers.Serializer):

diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py
@@ -743,12 +743,7 @@ def download_file(self, request, file_id, pk=None):
 
 
 class RiskAcceptanceViewSet(
-    prefetch.PrefetchListMixin,
-    prefetch.PrefetchRetrieveMixin,
-    mixins.DestroyModelMixin,
-    mixins.UpdateModelMixin,
-    viewsets.ReadOnlyModelViewSet,
-    dojo_mixins.DeletePreviewModelMixin,
+    PrefetchDojoModelViewSet
 ):
     serializer_class = serializers.RiskAcceptanceSerializer
     queryset = Risk_Acceptance.objects.none()

diff --git a/dojo/apps.py b/dojo/apps.py
@@ -74,6 +74,7 @@ def ready(self):
         import dojo.announcement.signals  # noqa
         import dojo.product.signals  # noqa
         import dojo.test.signals  # noqa
+        import dojo.sla_config.helpers  # noqa
 
 
 def get_model_fields_with_extra(model, extra_fields=()):

diff --git a/dojo/db_migrations/0197_parser_merge.py b/dojo/db_migrations/0197_parser_merge.py
@@ -76,7 +76,7 @@ def migrate_clairklar_parsers(apps, schema_editor):
     clair_test_type, _ = test_type_model.objects.get_or_create(name="Clair Scan", active=True)
     clairklar_test_type = test_type_model.objects.filter(name="Clair Klar Scan").first()
     # Get all the findings found by Clair Klar Scan
-    findings = finding_model.objects.filter(test__scan_type__in=OPENVAS_REFERENCES)
+    findings = finding_model.objects.filter(test__scan_type__in=CLAIRKLAR_REFERENCES)
     logger.warning(f'We identified {findings.count()} Clair Klar Scan findings to migrate to Clair Scan findings')
     # Iterate over all findings and change
     for finding in findings:

diff --git a/dojo/db_migrations/0200_finding_sla_expiration_date_product_async_updating_and_more.py b/dojo/db_migrations/0200_finding_sla_expiration_date_product_async_updating_and_more.py
@@ -0,0 +1,31 @@
+# Generated by Django 4.1.13 on 2024-01-17 03:07
+
+from django.db import migrations, models
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dojo', '0199_whitesource_to_mend'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='finding',
+            name='sla_expiration_date',
+            field=models.DateField(blank=True, help_text="(readonly)The date SLA expires for this finding. Empty by default, causing a fallback to 'date'.", null=True, verbose_name='SLA Expiration Date'),
+        ),
+        migrations.AddField(
+            model_name='product',
+            name='async_updating',
+            field=models.BooleanField(default=False, help_text='Findings under this Product or SLA configuration are asynchronously being updated'),
+        ),
+        migrations.AddField(
+            model_name='sla_configuration',
+            name='async_updating',
+            field=models.BooleanField(default=False, help_text='Findings under this SLA configuration are asynchronously being updated'),
+        ),
+    ]