Skip to content

Releases: DefectDojo/django-DefectDojo

v1.0.2

29 May 18:26
@grendel513 grendel513
v1.0.2
6e70cec
Compare
Choose a tag to compare
v1.0.2
  • Added Endpoint as a model with add, edit, delete, report, and metrics.
    • A Django management script has been added to aid in the migration from text based endpoints to model based ones.
    • You can run ./manage.py migrate_endpoints
    • The script will look for endpoints in the endpoint and description fields and convert them to and instance of the Endpoint model.
    • Before you run the script you can add host names, ip addresses, domains, etc that should be excluded to the exclude list on line 24.
    • The legacy endpoint field will be removed in version 1.0.3
  • Added ability to delete Products and Engagements
  • Improved functionality for Product Authorized Users (non staff users), can now:
    • View Products
    • View Endpoints
    • View Findings
    • Generate reports for endpoints, products
    • Set up port scan for product
      • View scan results
      • Kickoff on demand scans
      • Edit scan settings
    • View Metrics
    • Add finding notes
  • Finding reports now use the finding id as a reference rather than the foor loop counter.
  • Improved Ansible install script.
    • More fault-tolerant, and provides better information on failures.
  • tastypie_swagger fixes
  • Minor CSS and HTML updates
  • New BSD License

This release requires database table updates if upgrading from previous version. This can be accomplished with:
./manage.py makemigrations dojo
./manage.py migrate

Loading

Reporting Improvements

27 Apr 18:53
@grendel513 grendel513
v1.0.1
57ef093
Compare
Choose a tag to compare
Reporting Improvements
  • Added finding reports at the Product_Type, Product, Engagement and Test level. Reports can be generated in Asciidoc and PDF formats.
    • Since models.py changed makemigrations/migrate is needed.
    • For PDF reports the following must be installed via pip:
    • django-easy-pdf
    • xhtml2pdf>=0.0.6
    • reportlab
  • Added ability to upload Veracode XML export.
  • Added ability to upload Burp XML reports from Scanner.
  • For Nessus, Veracode and Burp uploads added the ability to select minimum severity level to import.
  • For Change Password form, added csrf tokend and autocomplete off.
  • Added Content-Type to download views download_risk and view_threatmodel.
  • Added CSRF_COOKIE_HTTPONLY = True, SESSION_COOKIE_SECURE = True and CSRF_COOKIE_SECURE = True to settings.dist.py and instructions on these in the setup.bash script.
  • Minor css tweaks, and corrected typos.
Loading