v1.0.3

• Manage Users
  • Add - By default all users are created with an unusable password. If a password is needed it can be set using the Admin interface .
  • Edit - Update the user data to allow for active, staff, username, first name, last name, email and a multi-select of authorized products.
  • Delete - Deleting this User will remove any related objects associated with it. These relationships are listed in confirmation page.
• Added "history" to models to track/log changes over time. Using django-auditlog (https://github.com/jjkester/django-auditlog) for logging purposes.
  • Changes to models.py to register models for automatic logging
  • Changes to settings.dist.py:
  • Add auditlog to list of INSTALLED_APPS
• Added additional block in side navigation to allow apps to append to menu list - {% block sidebar-items %}
• Fixed metrics monthly interval to start on first day of month and end on last day of month.
• Fixed view add_temp_finding to correctly include the product id to be able to add endpoints correctly. This fixes #42
• Added icons to pulldown menus.
• Minor html, css, and content updates to provide consistency across pages.

This release requires database table updates if upgrading from previous version. This can be accomplished with:

./manage.py makemigrations
./manage.py migrate

v1.0.2

• Added Endpoint as a model with add, edit, delete, report, and metrics.
  • A Django management script has been added to aid in the migration from text based endpoints to model based ones.
  • You can run ./manage.py migrate_endpoints
  • The script will look for endpoints in the endpoint and description fields and convert them to and instance of the Endpoint model.
  • Before you run the script you can add host names, ip addresses, domains, etc that should be excluded to the exclude list on line 24.
  • The legacy endpoint field will be removed in version 1.0.3
• Added ability to delete Products and Engagements
• Improved functionality for Product Authorized Users (non staff users), can now:
  • View Products
  • View Endpoints
  • View Findings
  • Generate reports for endpoints, products
  • Set up port scan for product
    • View scan results
    • Kickoff on demand scans
    • Edit scan settings
  • View Metrics
  • Add finding notes
• Finding reports now use the finding id as a reference rather than the foor loop counter.
• Improved Ansible install script.
  • More fault-tolerant, and provides better information on failures.
• tastypie_swagger fixes
• Minor CSS and HTML updates
• New BSD License

This release requires database table updates if upgrading from previous version. This can be accomplished with:
./manage.py makemigrations dojo
./manage.py migrate

Reporting Improvements

• Added finding reports at the Product_Type, Product, Engagement and Test level. Reports can be generated in Asciidoc and PDF formats.
  • Since models.py changed makemigrations/migrate is needed.
  • For PDF reports the following must be installed via pip:
  • django-easy-pdf
  • xhtml2pdf>=0.0.6
  • reportlab
• Added ability to upload Veracode XML export.
• Added ability to upload Burp XML reports from Scanner.
• For Nessus, Veracode and Burp uploads added the ability to select minimum severity level to import.
• For Change Password form, added csrf tokend and autocomplete off.
• Added Content-Type to download views download_risk and view_threatmodel.
• Added CSRF_COOKIE_HTTPONLY = True, SESSION_COOKIE_SECURE = True and CSRF_COOKIE_SECURE = True to settings.dist.py and instructions on these in the setup.bash script.
• Minor css tweaks, and corrected typos.