Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Qualys Hacker Guardian: Set Dedupe Config #11442

Merged
merged 1 commit into from
Dec 19, 2024
Merged

Qualys Hacker Guardian: Set Dedupe Config #11442

merged 1 commit into from
Dec 19, 2024

Conversation

Maffooch
Copy link
Contributor

@Maffooch Maffooch commented Dec 19, 2024
edited
Loading

[sc-9498]

@Maffooch Maffooch marked this pull request as ready for review December 19, 2024 17:20
@github-actions github-actions bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Dec 19, 2024
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request adds support for the Qualys Hacker Guardian security scanning tool to DefectDojo by updating the saml2_attrib_map_format function and DEDUPLICATION_ALGORITHM_PER_PARSER dictionary to properly process and deduplicate findings from this new scanner.

Expand for full summary

Summary:

The code change in this pull request is adding support for a new security scanning tool, Qualys Hacker Guardian, to the DefectDojo application. The key changes include updating the saml2_attrib_map_format function to include the necessary attributes for the "Qualys Hacker Guardian Scan" parser, and updating the DEDUPLICATION_ALGORITHM_PER_PARSER dictionary to set the deduplication algorithm for this parser to DEDUPE_ALGO_HASH_CODE. This ensures that findings from the Qualys Hacker Guardian scanner are properly processed and deduplicated within the DefectDojo application.

From an application security perspective, this change is a positive addition, as it allows the DefectDojo application to ingest and manage findings from a new security scanning tool, which can provide valuable information about security vulnerabilities in the application. The deduplication settings are also important, as they help maintain the integrity of the vulnerability data within the DefectDojo application.

Files Changed:

  • dojo/settings/settings.dist.py: This file has been updated to add support for the "Qualys Hacker Guardian Scan" parser. Specifically, the saml2_attrib_map_format function has been updated to include the necessary attributes for this parser, and the DEDUPLICATION_ALGORITHM_PER_PARSER dictionary has been updated to set the deduplication algorithm for this parser to DEDUPE_ALGO_HASH_CODE.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Dec 19, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 7f7803a into bugfix Dec 19, 2024
74 checks passed
@Maffooch Maffooch deleted the hacker-guardian branch December 19, 2024 21:43
paulOsinski pushed a commit to paulOsinski/django-DefectDojo that referenced this pull request Dec 23, 2024
@Maffooch
Qualys Hacker Guardian: Set Dedupe Config (DefectDojo#11442)
b899e2e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blakeaowens blakeaowens blakeaowens approved these changes

@hblankenship hblankenship hblankenship approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

Assignees
No one assigned
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Maffooch @cneill @mtesauro @hblankenship @blakeaowens