-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support custom fields in DefectDojo findings to fill specific custom fields in Jira #10149
base: dev
Are you sure you want to change the base?
Conversation
merge upstream master into local master
Merge Upstream dev into local dev
# Conflicts: # dojo/api_v2/serializers.py # dojo/engagement/views.py # dojo/importers/importer/importer.py # dojo/importers/reimporter/reimporter.py # dojo/tools/generic/parser.py # unittests/test_importers_closeold.py # unittests/test_importers_importer.py # unittests/tools/test_generic_parser.py
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🔴 Risk threshold exceeded. Adding a reviewer if one is configured in notification list: @mtesauro @grendel513 Change Summary (click to expand)The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective. Summary: The code changes in this pull request focus on improving the functionality and security of the Defect Dojo application, particularly in the areas of Jira integration, custom field handling, and parsing of security scan reports. The key changes include:
Files Changed:
Powered by DryRun Security |
Hi @FallenAtticus thank you for producing this feature! I will discuss it with other moderators of the project to determine how we will proceed with it |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
Description
In this PR I want to enhance the generic report importer of DefectDojo to extract some custom fields/columns from report files in order to send this custom fields to Jira to fill the mapped custom fields with the values from the report.
Let's assume you have a report with all of the required columns but also have some more columns you also want to have in your findings.
If you supply the following custom field mapping during the import / reimport:
{"customfield_12345": "CustomColumnA", "customfield_12346": "CustomColumnB"}
The importer would map the columns into a new json map with the custom field ids as key and the value of each report row as value. For example:
{"customfield_12345": "USD123.00", "customfield_12346": "96%"}
This json is stored in a new field in the finding table called "custom_fields".
Jira will merge the finding custom fields with existing product custom fields and send it to Jira.
Test results
I have added a bunch of unittests for this change.
Documentation
I am not sure if the documentation needs to be updated. Please let me know.
Checklist
This checklist is for your information.
dev
.dev
.bugfix
branch.