From 3247d110af3536675cc40c0c27ef41f99b3c18d3 Mon Sep 17 00:00:00 2001 From: Max Maass Date: Fri, 22 Oct 2021 16:09:14 +0200 Subject: [PATCH 1/4] Add a warning about DefectDojo deduplication issue Signed-off-by: Max Maass --- hooks/persistence-defectdojo/.helm-docs.gotmpl | 11 +++++++++++ .../persistence-defectdojo/docs/README.ArtifactHub.md | 11 +++++++++++ .../docs/README.DockerHub-Hook.md | 11 +++++++++++ 3 files changed, 33 insertions(+) diff --git a/hooks/persistence-defectdojo/.helm-docs.gotmpl b/hooks/persistence-defectdojo/.helm-docs.gotmpl index 423102c47f..3f3cf049ce 100644 --- a/hooks/persistence-defectdojo/.helm-docs.gotmpl +++ b/hooks/persistence-defectdojo/.helm-docs.gotmpl @@ -50,6 +50,17 @@ run ReadAndWrite hooks. ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks. ::: +:::caution + +The DefectDojo hook will send all scan results to DefectDojo, including those for which DefectDojo does not +have native support. In this case, DefectDojo may deduplicate findings, which can in some cases [lead to incomplete imports and even data loss](https://github.com/DefectDojo/django-DefectDojo/issues/5312) +if the hook is configured to replace the findings inside secureCodeBox with those imported into DefectDojo. We are +working on a feature to [enable or disable specific hooks on a per-scan basis](https://github.com/secureCodeBox/secureCodeBox/issues/728). +Until this is implemented, we recommend using the DefectDojo hook in its read-only configuration (`--set defectdojo.syncFindingsBack=false` +during installation of the hook) if you want to rule out any issues, and to test any scanner that does not have native +DefectDojo support with known data to see if it is affected by the deduplication issues. +::: + ### Running "Persistence DefectDojo" Hook Locally from Source For development purposes, it can be useful to run this hook locally. You can do so by following these steps: diff --git a/hooks/persistence-defectdojo/docs/README.ArtifactHub.md b/hooks/persistence-defectdojo/docs/README.ArtifactHub.md index 7406cb1c36..bb76a7cbc5 100644 --- a/hooks/persistence-defectdojo/docs/README.ArtifactHub.md +++ b/hooks/persistence-defectdojo/docs/README.ArtifactHub.md @@ -69,6 +69,17 @@ run ReadAndWrite hooks. ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks. ::: +:::caution + +The DefectDojo hook will send all scan results to DefectDojo, including those for which DefectDojo does not +have native support. In this case, DefectDojo may deduplicate findings, which can in some cases [lead to incomplete imports and even data loss](https://github.com/DefectDojo/django-DefectDojo/issues/5312) +if the hook is configured to replace the findings inside secureCodeBox with those imported into DefectDojo. We are +working on a feature to [enable or disable specific hooks on a per-scan basis](https://github.com/secureCodeBox/secureCodeBox/issues/728). +Until this is implemented, we recommend using the DefectDojo hook in its read-only configuration (`--set defectdojo.syncFindingsBack=false` +during installation of the hook) if you want to rule out any issues, and to test any scanner that does not have native +DefectDojo support with known data to see if it is affected by the deduplication issues. +::: + ### Running "Persistence DefectDojo" Hook Locally from Source For development purposes, it can be useful to run this hook locally. You can do so by following these steps: diff --git a/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md b/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md index 7d1879f091..f99615fdc8 100644 --- a/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md +++ b/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md @@ -80,6 +80,17 @@ run ReadAndWrite hooks. ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks. ::: +:::caution + +The DefectDojo hook will send all scan results to DefectDojo, including those for which DefectDojo does not +have native support. In this case, DefectDojo may deduplicate findings, which can in some cases [lead to incomplete imports and even data loss](https://github.com/DefectDojo/django-DefectDojo/issues/5312) +if the hook is configured to replace the findings inside secureCodeBox with those imported into DefectDojo. We are +working on a feature to [enable or disable specific hooks on a per-scan basis](https://github.com/secureCodeBox/secureCodeBox/issues/728). +Until this is implemented, we recommend using the DefectDojo hook in its read-only configuration (`--set defectdojo.syncFindingsBack=false` +during installation of the hook) if you want to rule out any issues, and to test any scanner that does not have native +DefectDojo support with known data to see if it is affected by the deduplication issues. +::: + ### Running "Persistence DefectDojo" Hook Locally from Source For development purposes, it can be useful to run this hook locally. You can do so by following these steps: From 83a1e47fe040f917140a4c9c9f472af60f60465a Mon Sep 17 00:00:00 2001 From: malexmave Date: Fri, 22 Oct 2021 14:09:49 +0000 Subject: [PATCH 2/4] Updating Helm Docs Signed-off-by: GitHub Actions --- hooks/persistence-defectdojo/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md index 60462903b7..e93b3c707d 100644 --- a/hooks/persistence-defectdojo/README.md +++ b/hooks/persistence-defectdojo/README.md @@ -61,6 +61,17 @@ run ReadAndWrite hooks. ReadOnly hooks work fine with the DefectDojo hook as they are always executed after ReadAndWrite Hooks. ::: +:::caution + +The DefectDojo hook will send all scan results to DefectDojo, including those for which DefectDojo does not +have native support. In this case, DefectDojo may deduplicate findings, which can in some cases [lead to incomplete imports and even data loss](https://github.com/DefectDojo/django-DefectDojo/issues/5312) +if the hook is configured to replace the findings inside secureCodeBox with those imported into DefectDojo. We are +working on a feature to [enable or disable specific hooks on a per-scan basis](https://github.com/secureCodeBox/secureCodeBox/issues/728). +Until this is implemented, we recommend using the DefectDojo hook in its read-only configuration (`--set defectdojo.syncFindingsBack=false` +during installation of the hook) if you want to rule out any issues, and to test any scanner that does not have native +DefectDojo support with known data to see if it is affected by the deduplication issues. +::: + ### Running "Persistence DefectDojo" Hook Locally from Source For development purposes, it can be useful to run this hook locally. You can do so by following these steps: From d513043013423b46119594b21376591916f2fe54 Mon Sep 17 00:00:00 2001 From: Max Maass Date: Fri, 22 Oct 2021 16:24:03 +0200 Subject: [PATCH 3/4] Update wording of last sentence Signed-off-by: Max Maass --- hooks/persistence-defectdojo/.helm-docs.gotmpl | 4 ++-- hooks/persistence-defectdojo/docs/README.ArtifactHub.md | 4 ++-- hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/hooks/persistence-defectdojo/.helm-docs.gotmpl b/hooks/persistence-defectdojo/.helm-docs.gotmpl index 3f3cf049ce..01d902fb70 100644 --- a/hooks/persistence-defectdojo/.helm-docs.gotmpl +++ b/hooks/persistence-defectdojo/.helm-docs.gotmpl @@ -57,8 +57,8 @@ have native support. In this case, DefectDojo may deduplicate findings, which ca if the hook is configured to replace the findings inside secureCodeBox with those imported into DefectDojo. We are working on a feature to [enable or disable specific hooks on a per-scan basis](https://github.com/secureCodeBox/secureCodeBox/issues/728). Until this is implemented, we recommend using the DefectDojo hook in its read-only configuration (`--set defectdojo.syncFindingsBack=false` -during installation of the hook) if you want to rule out any issues, and to test any scanner that does not have native -DefectDojo support with known data to see if it is affected by the deduplication issues. +during installation of the hook) if you want to rule out any issues. We also recommend testing any scanner that does not have native +DefectDojo support with known data to see if the data is imported correctly and without deduplication-based data loss. ::: ### Running "Persistence DefectDojo" Hook Locally from Source diff --git a/hooks/persistence-defectdojo/docs/README.ArtifactHub.md b/hooks/persistence-defectdojo/docs/README.ArtifactHub.md index bb76a7cbc5..607a635208 100644 --- a/hooks/persistence-defectdojo/docs/README.ArtifactHub.md +++ b/hooks/persistence-defectdojo/docs/README.ArtifactHub.md @@ -76,8 +76,8 @@ have native support. In this case, DefectDojo may deduplicate findings, which ca if the hook is configured to replace the findings inside secureCodeBox with those imported into DefectDojo. We are working on a feature to [enable or disable specific hooks on a per-scan basis](https://github.com/secureCodeBox/secureCodeBox/issues/728). Until this is implemented, we recommend using the DefectDojo hook in its read-only configuration (`--set defectdojo.syncFindingsBack=false` -during installation of the hook) if you want to rule out any issues, and to test any scanner that does not have native -DefectDojo support with known data to see if it is affected by the deduplication issues. +during installation of the hook) if you want to rule out any issues. We also recommend testing any scanner that does not have native +DefectDojo support with known data to see if the data is imported correctly and without deduplication-based data loss. ::: ### Running "Persistence DefectDojo" Hook Locally from Source diff --git a/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md b/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md index f99615fdc8..cfd69c0db5 100644 --- a/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md +++ b/hooks/persistence-defectdojo/docs/README.DockerHub-Hook.md @@ -87,8 +87,8 @@ have native support. In this case, DefectDojo may deduplicate findings, which ca if the hook is configured to replace the findings inside secureCodeBox with those imported into DefectDojo. We are working on a feature to [enable or disable specific hooks on a per-scan basis](https://github.com/secureCodeBox/secureCodeBox/issues/728). Until this is implemented, we recommend using the DefectDojo hook in its read-only configuration (`--set defectdojo.syncFindingsBack=false` -during installation of the hook) if you want to rule out any issues, and to test any scanner that does not have native -DefectDojo support with known data to see if it is affected by the deduplication issues. +during installation of the hook) if you want to rule out any issues. We also recommend testing any scanner that does not have native +DefectDojo support with known data to see if the data is imported correctly and without deduplication-based data loss. ::: ### Running "Persistence DefectDojo" Hook Locally from Source From 738f12c2184841410877b2dc573e16e83057a3ad Mon Sep 17 00:00:00 2001 From: malexmave Date: Fri, 22 Oct 2021 14:24:44 +0000 Subject: [PATCH 4/4] Updating Helm Docs Signed-off-by: GitHub Actions --- hooks/persistence-defectdojo/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hooks/persistence-defectdojo/README.md b/hooks/persistence-defectdojo/README.md index e93b3c707d..0dc2458cf3 100644 --- a/hooks/persistence-defectdojo/README.md +++ b/hooks/persistence-defectdojo/README.md @@ -68,8 +68,8 @@ have native support. In this case, DefectDojo may deduplicate findings, which ca if the hook is configured to replace the findings inside secureCodeBox with those imported into DefectDojo. We are working on a feature to [enable or disable specific hooks on a per-scan basis](https://github.com/secureCodeBox/secureCodeBox/issues/728). Until this is implemented, we recommend using the DefectDojo hook in its read-only configuration (`--set defectdojo.syncFindingsBack=false` -during installation of the hook) if you want to rule out any issues, and to test any scanner that does not have native -DefectDojo support with known data to see if it is affected by the deduplication issues. +during installation of the hook) if you want to rule out any issues. We also recommend testing any scanner that does not have native +DefectDojo support with known data to see if the data is imported correctly and without deduplication-based data loss. ::: ### Running "Persistence DefectDojo" Hook Locally from Source