2.31.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.30.0

• Update and rename whitesource.md to mend.md @paulOsinski (#9348)
• Add parser for Sonarqube JSON result. @biennd279 (#9366)
• ✨ add kubescape, #7060 @manuel-sommer (#9424)
• ✨ advance unittest for parser docs @manuel-sommer (#9372)
• 🐛 fix missing recommendation for cyclonedx @manuel-sommer (#9365)
• advance notifications.md with expanded slack guide @paulOsinski (#9420)
• add product grading documentation, fixes #6125 @manuel-sommer (#9376)
• 🐛 fix npm audit, issue #7897 @manuel-sommer (#9374)
• 🎉 advance sysdig to also parse json @manuel-sommer (#9377)
• ✨ add kubeaudit, #9384 @manuel-sommer (#9392)
• ✨ add redhatsatellite parser @manuel-sommer (#9401)
• remove duplicated risk accepted @FelixHernandez (#9419)
• Fixing "'WSGIRequest' object has no attribute 'user'" errors @cneill (#9373)
• Resolve new Ruff issues @Maffooch (#9364)
• ✨ advance parser docs to provide sample scan data @manuel-sommer (#9347)
• Enhancements to Govulncheck parser @a-ruff (#9339)
• Update to Node 20.x in all the places @Maffooch (#9349)
• Update ASFF parser to create endpoints @manuel-sommer (#9346)
• Restructure Release Drafter Flow @Maffooch (#9345)
• ✨ implement google cloud artifact scan @manuel-sommer (#9338)
• Trivy Parser: Expand Unit Tests @manuel-sommer (#9334)
• ✨ Implement Chef InSpec Parser @manuel-sommer (#9329)
• 🐛 Qualys Parser: Support for Monthly PCI Scan @manuel-sommer (#9328)
• 🐛 MicroFocus WebInspect: Add better error handling @manuel-sommer (#9327)
• Improve kiuwan import parser @flmarkus (#9316)
• 🐛 Semgrep: Accommodate description snippets @manuel-sommer (#9323)
• 🎉 merge OpenVAS XML and CSV parsers @manuel-sommer (#9322)
• Update jfrog_xray_api_summary_artifact.md @paulOsinski (#9326)
• advance snyk to support snykcode and snykcontainer #9270 @manuel-sommer (#9289)
• 🐛 fix kiuwan @manuel-sommer (#9309)
• Fix for vulns not included in host/endpoint views after reopening @WojTecH94 (#9246)
• 🐛 Nikto: Support v2.5.0 format @manuel-sommer (#9275)
• Parser guideline updates @paulOsinski (#9271)
• Release-drafter: Checkout to version @kiblik (#9231)
• ✨ Add option for additional labels on initializer @prempador (#9273)
• QualysParser: add cvss value to finding @MarianG (#9256)
• 🐛 None Type in cvss score in Trivy #9263 @manuel-sommer (#9268)
• 🐛 fix zap, issue #9242 @manuel-sommer (#9243)
• Update checkov.md with corrected typo @paulOsinski (#9247)

🚩 Changes to settings.dist.py / local_settings.py

• Changing name of WhiteSource to Mend @grendel513 (#9359)
• 🐛 HCL AppScan: Improve Robustness @manuel-sommer (#9282)
• Add "First Seen" Parser Flag @Maffooch (#9361)
• Fix shellcheck @kiblik (#9147)
• Unittests for REMOTE_USER @kiblik (#9021)
• Support "_FILE" environmental variables @kiblik (#9069)
• 🐛 fix deduplication for trivy, #9290 @manuel-sommer (#9292)
• Add bitbucket support to finding view SCM urls @drJabber (#9262)
• 🐛CycloneDX: Add default for description @manuel-sommer (#9280)
• Feature: Add Auditlog Retention and Cleanup @MarianG (#9208)

🚩 Database migration

• finding sla expiration date field (part one) @blakeaowens (#9473)
• 🐛 fix migration @manuel-sommer (#9467)
• Changing name of WhiteSource to Mend @grendel513 (#9359)
• fix deduplication tooltip @manuel-sommer (#9454)
• ✨ merge clair and clair klar together @manuel-sommer (#9355)
• Fix shellcheck @kiblik (#9147)
• Fix db migration 0195/0196 @kiblik (#9312)
• Add bitbucket support to finding view SCM urls @drJabber (#9262)
• 🐛CycloneDX: Add default for description @manuel-sommer (#9280)
• new notifications type: SLA breach combined (per product) @pna-nca (#8659)
• API: Add Announcements @kiblik (#9112)

🚀 API features and enhancements

• finding sla expiration date field (part one) @blakeaowens (#9473)
• Fix shellcheck @kiblik (#9147)
• Adds ruff linter, fixes unused variables errors @Maffooch (#9123)
• Add bitbucket support to finding view SCM urls @drJabber (#9262)
• 🐛CycloneDX: Add default for description @manuel-sommer (#9280)
• new notifications type: SLA breach combined (per product) @pna-nca (#8659)
• Add a "tag findings" parameter to the import-scan and reimport-scan API endpoints @FelixHernandez (#8707)
• API: Add Announcements @kiblik (#9112)

🐛 Bug Fixes

• Update static finding favicon @Maffooch (#9431)
• Add CVSS vector string to JIRA description @Maffooch (#9403)
• Open attached files as bytes @Maffooch (#9402)
• Endpoint Status: Accommodate Risk Exceptions @Maffooch (#9360)
• Veracode: Update license mapping @Maffooch (#9325)

🖌 Updates in UI

• Merge Bugfix Into Dev: 2.31.0 @Maffooch (#9482)
• finding sla expiration date field (part one) @blakeaowens (#9473)
• API: Remove v2 OpenAPI2 Docs from menu @kiblik (#9469)
• Update static finding favicon @Maffooch (#9431)
• Add CVSS vector string to JIRA description @Maffooch (#9403)
• 🐛 fix view engagement @manuel-sommer (#9410)
• Fix shellcheck @kiblik (#9147)
• Adds ruff linter, fixes unused variables errors @Maffooch (#9123)
• Update finding templates to use test_type rather then found_by @FelixHernandez (#9287)
• new notifications type: SLA breach combined (per product) @pna-nca (#8659)

🧰 Maintenance

• Bump drf-spectacular-sidecar from 2024.1.1 to 2024.2.1 @dependabot (#9456)
• Bump boto3 from 1.34.31 to 1.34.32 @dependabot (#9455)
• Update dependency postcss-cli from 10.1.0 to v11 (docs/package.json) @renovate (#9116)
• Update postgres:16.1-alpine Docker digest from 16.1 to 16.1-alpine (docker-compose.yml) @renovate (#9446)
• Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) @renovate (#9447)
• Bump boto3 from 1.34.30 to 1.34.31 @dependabot (#9448)
• Bump cryptography from 42.0.1 to 42.0.2 @dependabot (#9449)
• Update redis:7.2.4-alpine Docker digest from 7.2.4 to 7.2.4-alpine (docker-compose.yml) @renovate (#9444)
• Bump netaddr from 0.8.0 to 0.10.1 @dependabot (#9264)
• Bump coverage from 7.4.0 to 7.4.1 @dependabot (#9439)
• Bump boto3 from 1.34.29 to 1.34.30 @dependabot (#9437)
• Bump ruff from 0.1.14 to 0.1.15 @dependabot (#9436)
• Bump vcrpy from 6.0.0 to 6.0.1 @dependabot (#9417)
• Update postgres:16.1-alpine Docker digest from 16.1 to 16.1-alpine (docker-compose.yml) @renovate (#9421)
• Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) @renovate (#9422)
• Update redis:7.2.4-alpine Docker digest from 7.2.4 to 7.2.4-alpine (docker-compose.yml) @renovate (#9423)
• Bump nginx from a59278f to d12e6f7 @dependabot (#9426)
• Bump pytz from 2023.3.post1 to 2023.4 @dependabot (#9427)
• Bump social-auth-core from 4.5.1 to 4.5.2 @dependabot (#9429)
• Bump boto3 from 1.34.27 to 1.34.29 @dependabot (#9428)
• Update styfle/cancel-workflow-action action from 0.12.0 to v0.12.1 (.github/workflows/cancel-outdated-workflow-runs.yml) @renovate (#9411)
• Bump cryptography from 42.0.0 to 42.0.1 @dependabot (#9409)
• Bump cvss from 2.6 to 3.0 @dependabot (#9407)
• Bump boto3 from 1.34.26 to 1.34.27 @dependabot (#9408)
• Bump cryptography from 41.0.7 to 42.0.0 @dependabot (#9396)
• Bump vcrpy from 5.1.0 to 6.0.0 @dependabot (#9400)
• Bump boto3 from 1.34.25 to 1.34.26 @dependabot (#9399)
• Bump djangosaml2 from 1.9.0 to 1.9.1 @dependabot (#9397)
• Bump boto3 from 1.34.23 to 1.34.25 @dependabot (#9395)
• Update dependency ruff from 0.1.13 to v0.1.14 (requirements-lint.txt) @renovate (#9363)
• Bump boto3 from 1.34.22 to 1.34.23 @dependabot (#9383)
• Bump ruff from 0.1.7 to 0.1.13 @dependabot (#9367)
• Bump boto3 from 1.34.21 to 1.34.22 @dependabot (#9368)
• Bump drf-spectacular from 0.27.0 to 0.27.1 @dependabot (#9369)
• Bump boto3 from 1.34.20 to 1.34.21 @dependabot (#9357)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.15 to v1.33.16 (helm/defectdojo/values.yaml) @renovate (#9354)
• Update dependency autoprefixer from 10.4.16 to v10.4.17 (docs/package.json) @renovate (#9353)
• Update actions/cache action from v3 to v4 (.github/workflows/release-x-manual-docker-containers.yml) @renovate (#9352)
• Bump boto3 from 1.34.19 to 1.34.20 @dependabot (#9350)
• Bump python-gitlab from 4.3.0 to 4.4.0 @dependabot (#9330)
• Bump django-dbbackup from 4.0.2 to 4.1.0 @dependabot (#9331)
• Bump boto3 from 1.34.17 to 1.34.19 @dependabot (#9332)
• Bump boto3 from 1.34.16 to 1.34.17 @dependabot (#9324)
• Bump vulners from 2.1.1 to 2.1.2 @dependabot (#9317)
• Bump markdown from 3.5.1 to 3.5.2 @dependabot (#9318)
• Bump boto3 from 1.34.15 to 1.34.16 @dependabot (#9319)
• Update nginx/nginx-prometheus-exporter Docker tag from 1.0.0 to v1.1.0 (helm/defectdojo/values.yaml) @renovate (#9304)
• Bump gitpython from 3.1.40 to 3.1.41 @dependabot (#9310)
• Update redis Docker tag from 7.2.3 to v7.2.4 (docker-compose.yml) @renovate (#9305)
• Bump packageurl-python from 0.13.3 to 0.13.4 @dependabot (#9303)
• Bump boto3 from 1.34.14 to 1.34.15 @dependabot (#9302)
• Update rabbitmq:3.12.12-alpine Docker digest from 3.12.12 to 3.12.12-alpine (docker-compose.yml) @renovate (#9301)
• Bump lxml from 5.0.0 to 5.1.0 @dependabot (#9293)
• Update postgres:16.1-alpine Docker digest from 16.1 to 16.1-alpine (docker-compose.yml) @renovate (#9291)
• Bump boto3 from 1.34.13 to 1.34.14 @dependabot (#9294)
• Bump jira from 3.5.2 to 3.6.0 @dependabot (#9296)
• Bump packageurl-python from 0.13.2 to 0.13.3 @dependabot (#9295)
• Update rabbitmq Docker tag from 3.12.11 to v3.12.12 (docker-compose.yml) @renovate (#92...

2.30.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

🐛 Bug Fixes

• Open attached files as bytes @Maffooch (#9402)

2.30.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.30.2

• Fixing "'WSGIRequest' object has no attribute 'user'" errors @cneill (#9373)
• Restructure Release Drafter Flow @Maffooch (#9345)

🚩 Changes to settings.dist.py / local_settings.py

• Add "First Seen" Parser Flag @Maffooch (#9361)
• Fix shellcheck @kiblik (#9147)

🚩 Database migration

• Fix shellcheck @kiblik (#9147)

🚀 API features and enhancements

• Fix shellcheck @kiblik (#9147)

🐛 Bug Fixes

• Endpoint Status: Accommodate Risk Exceptions @Maffooch (#9360)

🖌 Updates in UI

• Fix shellcheck @kiblik (#9147)

2.30.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.30.1

• Update jfrog_xray_api_summary_artifact.md @paulOsinski (#9326)
• Fix for vulns not included in host/endpoint views after reopening @WojTecH94 (#9246)
• Parser guideline updates @paulOsinski (#9271)
• Release-drafter: Checkout to version @kiblik (#9231)

🐛 Bug Fixes

• Veracode: Update license mapping @Maffooch (#9325)

🖌 Updates in UI

• Update finding templates to use test_type rather then found_by @FelixHernandez (#9287)

2.30.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.30.0

• Update checkov.md with corrected typo @paulOsinski (#9247)

2.30.0 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.29.0

• Trivy: Improve package path parsing behavior @manuel-sommer (#9235)
• Drop DEV branch from release-drafter @kiblik (#9230)
• 🐛 fix error 500 for ssh-audit @manuel-sommer (#9228)
• fix typos in importing documentation @manuel-sommer (#9093)
• Trivy: Add k8 cluster resource objects @manuel-sommer (#9215)
• Use port names in Helm chart @sebastien-prudhomme (#9190)
• Fix DeprecationWarnings @kiblik (#9113)
• 🐛 fix issue #9201 @manuel-sommer (#9202)
• 🐛 fix mobsf parser #9132 @manuel-sommer (#9139)
• add component to blackduckimporter #9145 @manuel-sommer (#9148)
• 🐛 Handle when Burp Rest API Json file contains binary @manuel-sommer (#9131)
• 🐛 fix trivy parser cvss score severity discrepance #9092 @manuel-sommer (#9114)
• Django Admin pages for editing Notifications @tomaszn (#9193)
• 🎉 added component_name to AWSSecurityHub @manuel-sommer (#9161)
• Revert "Fix for vulns not included in host/endpoint views after reopening" @Maffooch (#9181)
• Docs: "Create upgrade notes to documentation" only once @kiblik (#9146)
• Add OpenAPI Specification to Release Assets @kiblik (#9054)
• Fix for vulns not included in host/endpoint views after reopening @WojTecH94 (#9077)
• Clean dojo.settings imports @kiblik (#9031)
• Debug: Avoid useless error in logs @kiblik (#9058)
• [ENHANCEMENT] Allow filtering Products and Engagements on unset properties @tomaszn (#9079)
• Store CVSS score and vector in Whitesource imports @twwd (#9019)
• [ED-308] Modify api_client to import all vulnerabilities when no asset IDs given and update documentation. @Dylan-OB (#8859)
• add unittest for .read() and utf-8 #9024 @manuel-sommer (#9026)
• Update helper.py to fix #8785 @devsecopsale (#8786)
• README typo @kiblik (#9091)
• Shellcheck workflow @cneill (#9119)
• Updated actions/labeler version, labeler.yml format @cneill (#9126)
• Revert Docker Compose version guidance @cneill (#9125)
• Correct SLA filter for Finding API @Maffooch (#9101)

🚩 Changes to settings.dist.py / local_settings.py

• 🐛 fix typo for MSDefender in settings.dist.py @manuel-sommer (#9249)
• Parser - Black Duck Binary Analysis @ninp0 (#9163)
• 🎉 implement ms defender parser #8908 @manuel-sommer (#9232)
• 🎉 remove unnecessary unique_id_from_tool in settings.dist.py @manuel-sommer (#9188)
• 🐛 fix dependencytrack deduplication @manuel-sommer (#9117)
• API: replace local swagger (drf-yasg -> sidecar) @kiblik (#9118)
• Parser - PWN_SAST Duplication Detection Change @ninp0 (#9185)
• Fix incorrect implementation of auditlog managment @kiblik (#9002)
• Trufflehog deduplication fix @Demaz93 (#9047)

🚩 Database migration

• 🐛 fix component_name max_length for ProwlerV3 #9221 @manuel-sommer (#9222)
• Fix incorrect implementation of auditlog managment @kiblik (#9002)

🚀 API features and enhancements

• API: drop unusable PATCHes from schema @kiblik (#9059)
• API: Use more readable ViewSets @kiblik (#9060)

🐛 Bug Fixes

• Update Finding/Product SLA filters @Maffooch (#9115)

🖌 Updates in UI

• Improve Request Review Notifications @Maffooch (#9227)

🧰 Maintenance

• Pinning of django versions into a helm release @dsever (#9160)
• Bump nginx from 3923f8d to a59278f @dependabot (#9217)
• Bump openapitools/openapi-generator-cli from v7.1.0 to v7.2.0 @dependabot (#9218)
• Update rabbitmq Docker tag from 3.12.10 to v3.12.11 (docker-compose.yml) @renovate (#9233)
• Bump python-gitlab from 4.2.0 to 4.3.0 @dependabot (#9236)
• Bump djangosaml2 from 1.8.0 to 1.9.0 @dependabot (#9238)
• Bump coverage from 7.3.4 to 7.4.0 @dependabot (#9239)
• Bump boto3 from 1.34.8 to 1.34.9 @dependabot (#9237)
• Bump boto3 from 1.34.6 to 1.34.8 @dependabot (#9229)
• Bump boto3 from 1.34.5 to 1.34.6 @dependabot (#9212)
• Bump boto3 from 1.34.4 to 1.34.5 @dependabot (#9206)
• Bump coverage from 7.3.3 to 7.3.4 @dependabot (#9207)
• Bump boto3 from 1.34.3 to 1.34.4 @dependabot (#9197)
• Bump lxml from 4.9.3 to 4.9.4 @dependabot (#9198)
• Update rabbitmq:3.12.10-alpine Docker digest from 3.12.10 to 3.12.10-alpine (docker-compose.yml) @renovate (#9176)
• Update redis:7.2.3-alpine Docker digest from 7.2.3 to 7.2.3-alpine (docker-compose.yml) @renovate (#9177)
• Update postgres:16.1-alpine Docker digest from 16.1 to 16.1-alpine (docker-compose.yml) @renovate (#9178)
• Bump boto3 from 1.34.1 to 1.34.3 @dependabot (#9191)
• Update mysql:5.7.44 Docker digest from 5.7.44 to v (docker-compose.yml) @renovate (#9171)
• Update postgres:16.1-alpine Docker digest from 16.1 to 16.1-alpine (docker-compose.yml) @renovate (#9172)
• Bump boto3 from 1.34.0 to 1.34.1 @dependabot (#9174)
• Bump boto3 from 1.33.13 to 1.34.0 @dependabot (#9167)
• Bump coverage from 7.3.2 to 7.3.3 @dependabot (#9168)
• Update postgres:16.1-alpine Docker digest from 16.1 to 16.1-alpine (docker-compose.yml) @renovate (#9156)
• Update rabbitmq:3.12.10-alpine Docker digest from 3.12.10 to 3.12.10-alpine (docker-compose.yml) @renovate (#9157)
• Bump boto3 from 1.33.12 to 1.33.13 @dependabot (#9158)
• Bump packageurl-python from 0.13.0 to 0.13.1 @dependabot (#9159)
• Bump drf-spectacular from 0.26.5 to 0.27.0 @dependabot (#9149)
• Bump boto3 from 1.33.11 to 1.33.12 @dependabot (#9150)
• Update postgres:16.1-alpine Docker digest from 16.1 to 16.1-alpine (docker-compose.yml) @renovate (#9137)
• Update redis:7.2.3-alpine Docker digest from 7.2.3 to 7.2.3-alpine (docker-compose.yml) @renovate (#9138)
• Bump boto3 from 1.33.10 to 1.33.11 @dependabot (#9140)
• Bump packageurl-python from 0.12.0 to 0.13.0 @dependabot (#9141)
• Update actions/setup-python action from v4 to v5 (.github/workflows/test-helm-chart.yml) @renovate (#9121)
• Update nginx/nginx-prometheus-exporter Docker tag from 0.11.0 to v1 (helm/defectdojo/values.yaml) @renovate (#9124)
• Bump packageurl-python from 0.11.2 to 0.12.0 @dependabot (#9134)
• Bump boto3 from 1.33.7 to 1.33.10 @dependabot (#9135)
• Bump django-filter from 23.4 to 23.5 @dependabot (#9111)
• Bump boto3 from 1.33.6 to 1.33.7 @dependabot (#9110)
• Update dependency postcss from 8.4.31 to v8.4.32 (docs/package.json) @renovate (#9090)
• Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.33.14 to v1.33.15 (helm/defectdojo/values.yaml) @renovate (#9104)
• Bump boto3 from 1.33.5 to 1.33.6 @dependabot (#9095)
• Bump nginx from db353d0 to 3923f8d @dependabot (#9094)

2.29.4 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

No Changes since 2.29.3

2.29.3 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.29.2

• Docs: "Create upgrade notes to documentation" only once @kiblik (#9146)

2.29.2 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.29.1

• README typo @kiblik (#9091)
• Revert Docker Compose version guidance @cneill (#9125)

🐛 Bug Fixes

• Update Finding/Product SLA filters @Maffooch (#9115)

2.29.1 🌈

Please consult the Upgrade notes in the documentation for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.

Changes since 2.29.0

• Correct SLA filter for Finding API @Maffooch (#9101)