Main

[usd877]

⚠️ Note on feature completeness ⚠️

We are narrowing the scope of acceptable enhancements to DefectDojo in preparation for v3. Learn more here:
https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md

Description

Describe the feature / bug fix implemented by this PR.
If this is a new parser, the parser guide may be worth (re)reading.

Test results

Ideally you extend the test suite in tests/ and dojo/unittests to cover the changed in this PR.
Alternatively, describe what you have and haven't tested.

Documentation

Please update any documentation when needed in the documentation folder)

Checklist

This checklist is for your information.

• Make sure to rebase your PR against the very latest dev.
• Features/Changes should be submitted against the dev.
• Bugfixes should be submitted against the bugfix branch.
• Give a meaningful name to your PR, as it may end up being used in the release notes.
• Your code is flake8 compliant.
• Your code is python 3.11 compliant.
• If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
• Model changes must include the necessary migrations in the dojo/db_migrations folder.
• Add applicable tests to the unit tests.
• Add the proper label to categorize your PR.

Extra information

Please clear everything below when submitting your pull request, it's here purely for your information.

Moderators: Labels currently accepted for PRs:

• Import Scans (for new scanners/importers)
• enhancement
• performance
• feature
• bugfix
• maintenance (a.k.a chores)
• dependencies
• New Migration (when the PR introduces a DB migration)
• settings_changes (when the PR introduces changes or new settings in settings.dist.py)

Contributors: Git Tips

Rebase on dev branch

If the dev branch has changed since you started working on it, please rebase your work after the current dev.

On your working branch mybranch:

git rebase dev mybranch

In case of conflict:

 git mergetool
 git rebase --continue

When everything's fine on your local branch, force push to your myOrigin remote:

git push myOrigin --force-with-lease

To cancel everything:

git rebase --abort

Squashing commits

git rebase -i origin/dev

• Replace pick by fixup on the commits you want squashed out
• Replace pick by reword on the first commit if you want to change the commit message
• Save the file and quit your editor

Force push to your myOrigin remote:

git push myOrigin --force-with-lease

[dryrunsecurity]

DryRun Security Summary

The pull request addresses multiple security vulnerabilities in GitHub Actions workflows and documentation, including hardcoded credentials, exposed sensitive data, overly permissive configurations, and risky token handling practices.

Expand for full summary

The PR modifies multiple GitHub Actions workflows and the README.md, introducing several security-related changes across CI/CD configuration and documentation. Security findings include: 1) Hardcoded credentials in multiple workflows (e.g., SECRET_KEY, database passwords), 2) Potential sensitive information exposure through artifacts and logs, 3) Broad GitHub Actions permissions in some workflows, 4) Hardcoded testing configurations with DEBUG=True, 5) Potential secret and vulnerability scanning limitations, and 6) Risks associated with token and environment variable handling across different workflow files.

Code Analysis

We ran 9 analyzers against 11 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[mtesauro]

@usd877 Several issues on this one:

1. You didn't update the Finding template at all - no clue why you want to make this PR - strike 1 against you
2. Your PR is against master. We don't take PRs against master - only the dev & bugfix branches. - strike 2 against you
3. Your PR overwrites almost all of the repo's README.md file, changes we're not going to accept - strike 3 against you

So, I'm going to close this PR under the assumption that it was made in error.

Feel free to reopen the PR and fix the issues above if my assumption wasn't correct.