Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow disabling of SSL certificate verification; Adds Branch-Tag description to engagement test #77

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Allow disabling of SSL certificate verification; Adds Branch-Tag description to engagement test #77

wants to merge 2 commits into from

Conversation

rgcouto
Copy link

@rgcouto rgcouto commented Sep 4, 2024

Identified Problems

  1. The send_to_dojo method that publishes findings to an engagement on Defect Dojo fails on networks where Defect Dojo doesn't have a verifiable SSL certificate.
  2. It's difficult to identify the version of the resource where the finding is preesnt at.

Proposed Solutions

  1. Add a field in the configuration to disable the SSL verification on the send_to_dojo method. If nothing is specified the validation should be enabled.
  2. Add a field in the configuration similar to the Product Name/Engagement Name ones, that will allow the definition of the Branch/Tag field in the Defect Dojo Engagement Test.

szEvEz
szEvEz requested changes Nov 24, 2024
View reviewed changes
Copy link
Collaborator

@szEvEz szEvEz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @rgcouto,

thank you for your contribution. I like the possiblity to specify if ssl should be verified. Can you check the other comment I left? Once this is resolved, I will make sure to test and merge your PR :)

README.md
| `defectDojoEvalTestTitle` | `"false"` | Specifies whether the test title should be evaluated as a python function. |
| `defectDojoMinimumSeverity` | `Info` | The minimum severity level for findings in DefectDojo. |
| `defectDojoProductName` | `product` | The name of the product in DefectDojo. |
| `defectDojoProductTypeName` | `Research and Development` | The type of the product in DefectDojo. |
| `defectDojoEnvName` | `Development` | The type of the env in DefectDojo. |
| `defectDojoBranchTag` | `branch-tag` | The name of the Branch/Tag to be specified in DefectDojo. |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be better to name this something like defectDojoGitRef, with specific examples on what can be handed over here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@szEvEz szEvEz szEvEz requested changes

@rndmh3ro rndmh3ro Awaiting requested review from rndmh3ro rndmh3ro is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rgcouto @szEvEz