1.2.6: Merge pull request #529 from aaronweaver/master

Adding version to docker hub.

1.2.2

Bug fixes, improvement to unit tests, restructuring of settings.

Dedupe and minor bug fixes.

• Improved Deduplication logic and added a Celery task to remove dupes
• Migrated to Yarn from Bower
• Import re-order for tests

1.2.0

Added a credential manager
Scanner de-duplication / consolidation
Health dashboards for critical products
A guide on running DefectDojo in production
Added '@' mention alerts to notifications
Upgraded Django 1.8 to 1.11
Added remote database support to the setup script
Consolidated all documentation to our Read The Docs page
Added support for Qualys, Retire.JS, and the Node Security Platform
Made application settings changeable from the UI
Created the ability to assign tests so that engagements can be split between multiple people
Made the calendar toggleable between engagements and tests
Improved the engagements' interface
Overhauled notifications
Slack integration
HipChat integration
Numerous bug fixes
False positive history

Jira Support

This release includes support for Jira.

Release 1.1.2

This release includes the following:

1. Bugs fixes and improvements.
2. Docker improvements
3. Fix for Travis
4. Readme update, slack integration and docker speed improvements
5. Added Active, Verified, and tags to Reupload Scan form
6. Adds Arachni Scanner JSON upload - takes care of #101.
   Used Json rport found at http://www.arachni-scanner.com/reports/report.json for testing
7. Added tag lookup to all forms, takes care of #135. Tags are now a multiselect field, all
   tags used for same Model type will be presented as options, additionally users can add
   new tags.
8. Able to bulk update severity, active, verified, false_p, duplicate, and out of scope
   status for checked findings. Takes care of #98
9. Takes care of #62. Product now has three new fields: product_manager, team_manager, and
   technical_contact.
   These replace the fields prod_manager, manager, and tech_contact.
   The new fields are foreign keys to User objects.
   User is now extended by UserContactInfo which adds ability to store a title, phone, cell,
   twitter and github for each user.
   Fields prod_manager, manager, and tech_contact are no longer used anywhere, but left in
   Product model for backwards compatibility. They will be removed in future updates.
   References to these in the project have been replaced by new fields product_manager,
   team_manager, and technical_contact.
10. Added functionality to import Visual Code Grepper scan results.
11. Added functionality to import OWASP Dependency Check scan results.
12. Adds model Finding_Template to the API.
13. Fixed #64
14. Added functionality to import findings from a CSV file.

This update requires the following commands:

./manage.py makemigrations dojo
./manage.py migrate
./manage.py collectstatic
./manage.py migrate_product_contacts

1.1.1

Bug fixes from 1.1.0

1.1.0

Version 1.1.0 Released

What's new?

1. Deduplication of Findings
2. Docker Images
3. CI Testing
4. Tags
5. Metadata
6. Images for Findings
7. Improved Controls on Scanner Imports
8. Added AppSpider Support
9. URL Prefix Support

v1.0.5

This new version includes the following fixes and improvements:

1. Metrics view fixes, capturing correct product type from GET and modified the top ten query.
2. Updated bower components as well as some python dependencies. Updated some templates to reflect new bower components.
3. Added vobject for new iCalendar features in tests and engagements.
4. Fixes #45 - Endpoints are missing on findings when form fails to validate
5. Changed they way you add/remove endpoints from findings to address #46
6. Fixes #49 - django-audit log 0.3.2 breaks install
7. Fixes #46 - Can't Remove Endpoints
8. Address enhancement #50: Added ability to sort listing tables by clicking on TH. Added page size pull down to pagination widget.
9. Adds ability to "touch" Findings to clear alerts.
10. Added new upload/import of Nexpose XML 2.0 report. Refactored Burp upload.
11. Addresses #47 - Capture user who closes findings
12. Addresses #50 - Improving Sort for all table listing.
13. Added fundtionality to upload and re-upload Burp XML, Nessus (CSV, XML), Nexpose XML 2.0, Veracode XML, and ZAP XML scan results.
14. New documentation now at http://defectdojo.readthedocs.org
15. Added initial fixtures for Test_Type, Development_Evironment and Product_Type. New DefectDojo installs will have initial stub data.
16. Side menu, List filtering, and menu enhancements.
17. Finding, Product, and Test information is better displayed.
18. Alert item now has a count badge letting you know how many alerts you have pending. It will also disappear when all alerts have been cleared.
19. Breadcrumbs are more intuitive and offer better historical navigation.
20. Easier way to reopen closed findings - no need to fully Edit finding any more.
21. Finding quick add, all that is needed is a title. This will trigger a new alert to remind you to complete the findings details.
22. Endpoints are no longer required to add a finding since not all defects are endpoint related.
23. Finding field Endpoint has been DEPRECATED - makemigrations is needed.
24. Moved all views and urls into corresponding modules: development_environment, endpoint, engagement, finding, home, metrics, product, product_type, reports, scan, search, test, test_type, and user. urls.py now imports from each module to get urls and views defined.
25. Endpoints are now listed by main host only, port, path and other information is now collapsed under the main host.
26. Simple search now using django-watson see: https://github.com/etianen/django-watson/wiki for documenations. Must add watson to your INSTALLED_APPS setting and run ./manage.py migrate , ./manage.py installwatson and ./manage.py buildwatson.
27. Changed term highlighter to jquery-highlight (https://github.com/knownasilya/jquery-highlight) - simple and lightweight. Other js library introduced bug where text could not be selected for copy and paste.
28. Brand new Finding Template CRUD functionality. Listing, Add, Edit, Delete in order to make Finding Templates more effective/efficient.
29. Major Report functionality overhaul. Celery and wkhtmltopdf are now needed to generate PDF reports. See documentation at http://defectdojo.readthedocs.org/en/latest/features.html#reports
30. Other minor fixes and tweaks.

This version requires the following manage.py command to be executed:

./manage.py makemigrations
./manage.py migrate
./manage.py migrate_finding_templates
./manage.py stamp_finding_last_reviewed

v1.0.4

• Increased version to 1.0.4
  • Django 1.8+ is now required
  • Python 2.7+ is now required
• Bower package clean up
  • Removed jquery.tablesorter - no longer used
• Rearranged installed apps for template override purposes
• Now using static from staticfiles for static file references in templates
• Fixed Add Endpoint bug related to pop up
• Optimized Metrics queries and simplified logic
• Simplified Metrics menu items
• Added new metrics page to report on simple Product Type counts
• Updated setup.bash to reflect new Django and Python requirements
• Cleaned up install_requires with updated python packages