-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🔨 rework kubescape parser #11229
🔨 rework kubescape parser #11229
Conversation
DryRun Security SummaryThe pull request covers various updates to the DefectDojo application, including improvements to the Kubescape parser, security-related enhancements to the settings configuration, and associated unit test updates, all aimed at enhancing the security and functionality of the application. Expand for full summarySummary: The code changes in this pull request cover various aspects of the DefectDojo application, including updates to the Kubescape parser, the settings configuration, and the associated unit tests. The changes aim to enhance the security and functionality of the application. The key highlights from the changes are:
Overall, the code changes in this pull request appear to be focused on improving the security, usability, and configurability of the DefectDojo application, which is an important tool for vulnerability management and application security. Files Changed:
Code AnalysisWe ran
Riskiness🔴 Risk threshold exceeded. We've notified @mtesauro, @grendel513. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
bc3c10b
to
4c5765e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding a link for the C-
prefix is fine, but the link should still be included in references
.
@@ -1744,6 +1744,7 @@ def saml2_attrib_map_format(dict): | |||
"ELSA": "https://linux.oracle.com/errata/&&.html", # e.g. https://linux.oracle.com/errata/ELSA-2024-12714.html | |||
"ELBA": "https://linux.oracle.com/errata/&&.html", # e.g. https://linux.oracle.com/errata/ELBA-2024-7457.html | |||
"RXSA": "https://errata.rockylinux.org/", # e.g. https://errata.rockylinux.org/RXSA-2024:4928 | |||
"C-": "https://hub.armosec.io/docs/", # e.g. https://hub.armosec.io/docs/c-0085 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems somewhat unlikely that a C-
prefix will be completely unique to ARMO... We may need to think in the future about how to better categorize different vulnerability IDs. It's getting increasingly convoluted to handle all these different patterns in this way with display tags.
No action needed on this PR, mostly leaving this as a note for myself and to get others' feedback.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, you are right. This C-
prefix is used to not mix C
with CVE
.
Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
5965c66
to
1acc2fc
Compare
Fix multiple Kubescape parser issues: