Added Github Enterprise Support #14324
Open
ArnaavSinghSandhu wants to merge 10000 commits intoDefectDojo:devfrom
Open
Added Github Enterprise Support #14324ArnaavSinghSandhu wants to merge 10000 commits intoDefectDojo:devfrom
ArnaavSinghSandhu wants to merge 10000 commits intoDefectDojo:devfrom
Conversation
Add permission classes and refine queryset in BurpRawRequestResponseViewSet
docs: add new page on custom trust
[docs] Pro changelog: Dec 30
[docs] create sitemap at root on Hugo deploy
Release 2.54.0: Merge Bugfix into Dev
Release: Merge release into master from: release/2.54.0
…x/2.54.0-2.55.0-dev Release: Merge back 2.54.0 into bugfix from: master-into-bugfix/2.54.0-2.55.0-dev
….54.0-2.55.0-dev Release: Merge back 2.54.0 into dev from: master-into-dev/2.54.0-2.55.0-dev
…14030) Bumps [django-polymorphic](https://github.com/jazzband/django-polymorphic) from 4.5.2 to 4.6.0. - [Release notes](https://github.com/jazzband/django-polymorphic/releases) - [Changelog](https://github.com/jazzband/django-polymorphic/blob/master/docs/changelog.rst) - [Commits](jazzband/django-polymorphic@v4.5.2...v4.6.0) --- updated-dependencies: - dependency-name: django-polymorphic dependency-version: 4.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Clarify the migration process for django-pghistory tables.
* remove dojo_model_to/from_id decorator * remove dojo_model_from/to_id * remove dojo_model_from/to_id * remove dojo_model_from/to_id * remove dojo_model_from/to_id * fix tests * remove leftover signature methods * fix test counts * fix test counts * fix test counts * Update dojo/settings/settings.dist.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * fix test --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
* Revise README for Docker Compose V2 updates Updated README to reflect changes for Docker Compose V2 and removed outdated V1 instructions. * Revise demo links and installation options in README Updated demo environment description and installation options. * Fix Slack community link and improve wording Updated Slack community link and adjusted text for clarity. * Revise social media links and Slack community invitation Updated social media links and community invitation text. * Add files via upload * Update Slack logo link and Twitter image source * Update image sources in README.md * Fix image height in Community section of README * Add files via upload * Update image height in README.md * Revise community portal and Pro edition details Updated community engagement links and enhanced Pro edition description. * Fix formatting in installation options section * Update README.md * Update README.md --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
Bumps [django-dbbackup](https://github.com/Archmonger/django-dbbackup) from 5.1.0 to 5.1.1. - [Release notes](https://github.com/Archmonger/django-dbbackup/releases) - [Changelog](https://github.com/Archmonger/django-dbbackup/blob/master/CHANGELOG.md) - [Commits](Archmonger/django-dbbackup@5.1.0...5.1.1) --- updated-dependencies: - dependency-name: django-dbbackup dependency-version: 5.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…14060) Bumps [django-polymorphic](https://github.com/jazzband/django-polymorphic) from 4.6.0 to 4.8.0. - [Release notes](https://github.com/jazzband/django-polymorphic/releases) - [Changelog](https://github.com/jazzband/django-polymorphic/blob/master/docs/changelog.rst) - [Commits](jazzband/django-polymorphic@v4.6.0...v4.8.0) --- updated-dependencies: - dependency-name: django-polymorphic dependency-version: 4.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.2 to 2.6.3. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.6.2...2.6.3) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.6.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….20.0 (docker-compose.override.dev.yml) (DefectDojo#14057) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…ojo#14055) Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.3.0 to 0.3.1. - [Release notes](https://github.com/bpampuch/pdfmake/releases) - [Changelog](https://github.com/bpampuch/pdfmake/blob/master/CHANGELOG.md) - [Commits](bpampuch/pdfmake@0.3.0...0.3.1) --- updated-dependencies: - dependency-name: pdfmake dependency-version: 0.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* 🐛 Fix multiple google cloud artifact scan bugs * udpate
Bumps [celery[sqs]](https://github.com/celery/celery) from 5.6.1 to 5.6.2. - [Release notes](https://github.com/celery/celery/releases) - [Changelog](https://github.com/celery/celery/blob/main/Changelog.rst) - [Commits](celery/celery@v5.6.1...v5.6.2) --- updated-dependencies: - dependency-name: celery[sqs] dependency-version: 5.6.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…t.yaml) (DefectDojo#14304) * Update valkey Docker tag from 0.15.3 to v0.15.4 (helm/defectdojo/Chart.yaml) * update Helm documentation --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Bumps vulners from 3.1.5 to 3.1.6. --- updated-dependencies: - dependency-name: vulners dependency-version: 3.1.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…v1.35.1 (.github/workflows/k8s-tests.yml) (DefectDojo#14310) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.4 to 46.0.5. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@46.0.4...46.0.5) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…mpose.yml) (DefectDojo#14311) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…ojo#14314) Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.3.3 to 0.3.4. - [Release notes](https://github.com/bpampuch/pdfmake/releases) - [Changelog](https://github.com/bpampuch/pdfmake/blob/master/CHANGELOG.md) - [Commits](bpampuch/pdfmake@0.3.3...0.3.4) --- updated-dependencies: - dependency-name: pdfmake dependency-version: 0.3.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ngagement/Product) (DefectDojo#14271) * Fix DefectDojo#10268: Add context-aware filtering to Finding Group filter - Implemented hierarchical context filtering (test > engagement > product > global) - Created get_finding_group_queryset_for_context() helper function to eliminate code duplication - Modified FindingFilter and FindingFilterWithoutObjectLookups to accept eid/tid parameters - Updated filter to show only Finding Groups from current test/engagement/product context - Added query optimization with .only("id", "name") for Finding Groups - Fixed user parameter passing to get_authorized_finding_groups_for_queryset() - Updated finding/views.py and test/views.py to pass context parameters to filters - Created comprehensive unit tests (8 test methods) covering all context levels This ensures users only see relevant Finding Groups in the filter dropdown based on their current page context, preventing confusion from seeing unrelated groups. * Switch to DojoTestCase for better test compatibility Use DojoTestCase instead of plain TestCase to align with DefectDojo testing conventions and ensure proper test setup/teardown.
…fectDojo#14307) The fix_version field exists on the Finding model and is already handled by the reimporter (default_reimporter.py lines 683, 803), but was missing from the Generic Findings Import parser for both JSON and CSV formats. Changes: - json_parser.py: add fix_version to allowed fields set - csv_parser.py: add fix_version field parsing - Add unit tests for both JSON and CSV - Update documentation Co-authored-by: vladimir <stolzyya@gmail.com>
ArnaavSinghSandhu
requested review from
Maffooch and
mtesauro
as code owners
github-actions
bot
added
New Migration
🔴 Risk threshold exceeded.This pull request modifies sensitive files (dojo/forms.py and dojo/models.py), triggering configured codepath edit alerts; review and confirm these changes or update
🔴 Configured Codepaths Edit in
|
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/models.py (623ed41c)
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
We've notified @mtesauro.
All finding details can be found in the DryRun Security Dashboard.
ArnaavSinghSandhu
force-pushed
the
clean-ghe-support
branch
from
196b387 to
2f76660
Compare
ArnaavSinghSandhu
force-pushed
the
clean-ghe-support
branch
from
2f76660 to
61bcf8e
Compare
Contributor
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Contributor
|
Hi @ArnaavSinghSandhu we had to force push our dev branch, so to get your PR in a good place again, please do the following:
|
Contributor
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
Author
|
Hi Team, I've just synced this with the latest dev branch and resolved the conflicts from the recent force-push. I've also verified the migration sequence follows 0259_locations. I have a PR open right now #14288 and I'm keen to get them merged so I can keep contributing. Please let me know if there’s anything specific I can do to make the review easier for you. Thanks! |
Contributor
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Contributor
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds support for GitHub Enterprise (GHE) by allowing a custom API base URL in the GitHub configuration.
Previously, the integration was hardcoded to use api.github.com, which made it impossible for users on self-hosted Enterprise instances to sync findings. I've added a base_url field to the GITHUB_Conf model and updated the API logic to use it if provided.
Changes:
Model: Added base_url to GITHUB_Conf.
Logic: Patched dojo/github.py to pass the base_url variable to the Github client.
UI: Updated dojo/forms.py to include the field in the settings UI.
Database: Included migration 0260_github_conf_base_url.py and updated max_migration.txt.
Test results
Tested via unittests/test_github_issue_sync.py:
GHE Test: Verified that passing a custom URL (e.g., https://ghe.example.com/api/v3) is correctly handled by the client initialization.
Backward Compatibility: Verified that leaving the field blank defaults to the standard GitHub public API without errors.
Manual Check: Verified the field saves correctly in the database via the Django shell and admin panel.
Output:-
Checklist
[x] Submitted against dev.
[x] Meaningful PR name: Add GitHub Enterprise support via custom API base_url
[x] Python 3.13 compliant.
[x] Included migrations in dojo/db_migrations.
[x] Added unit tests.
[x] Labels: enhancement, New Migration