release-4.9.2

charts/cdefense/Chart.yaml

@@ -13,9 +13,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 4.9.1
+version: 4.9.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "4.9.1"
+appVersion: "4.9.2"

charts/cdefense/templates/api/deployment.yaml

@@ -47,45 +47,45 @@ spec:
       #     echo waiting for graphql; sleep 10; done; echo connection to graphql ok
       #   terminationMessagePath: /dev/termination-log
       #   terminationMessagePolicy: File
-      - name: check-seed-pod
-        image: cdefense/scandb-seed:latest
-        # imagePullPolicy: IfNotPresent
-        command:
-          - sh
-          - -c
-          - ./seed_db.sh # 'until pg_isready;  do echo waiting for database; sleep 5; done;/seed_db.sh;'
-        env:
-        - name: PGHOST
-          valueFrom:
-            configMapKeyRef:
-              name: cdefense-config
-              key: DB_ADDR
-        - name: PGPORT
-          valueFrom:
-            configMapKeyRef:
-              name: cdefense-config
-              key: DB_PORT
-        - name: PGUSER
-          valueFrom:
-            configMapKeyRef:
-              name: cdefense-config
-              key: DB_USER
-        - name: PGDATABASE
-          valueFrom:
-            configMapKeyRef:
-              name: cdefense-config
-              key: DB_NAME
-        - name: PGPASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: cdefense-secrets
-              key: DB_PASSWORD
-        resources: {}
-        volumeMounts:
-        - mountPath: /bootstrap
-          name: bootstrap
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
+      # - name: check-seed-pod
+      #   image: cdefense/scandb-seed:latest
+      #   # imagePullPolicy: IfNotPresent
+      #   command:
+      #     - sh
+      #     - -c
+      #     - ./seed_db.sh # 'until pg_isready;  do echo waiting for database; sleep 5; done;/seed_db.sh;'
+      #   env:
+      #   - name: PGHOST
+      #     valueFrom:
+      #       configMapKeyRef:
+      #         name: cdefense-config
+      #         key: DB_ADDR
+      #   - name: PGPORT
+      #     valueFrom:
+      #       configMapKeyRef:
+      #         name: cdefense-config
+      #         key: DB_PORT
+      #   - name: PGUSER
+      #     valueFrom:
+      #       configMapKeyRef:
+      #         name: cdefense-config
+      #         key: DB_USER
+      #   - name: PGDATABASE
+      #     valueFrom:
+      #       configMapKeyRef:
+      #         name: cdefense-config
+      #         key: DB_NAME
+      #   - name: PGPASSWORD
+      #     valueFrom:
+      #       secretKeyRef:
+      #         name: cdefense-secrets
+      #         key: DB_PASSWORD
+      #   resources: {}
+      #   volumeMounts:
+      #   - mountPath: /bootstrap
+      #     name: bootstrap
+      #   terminationMessagePath: /dev/termination-log
+      #   terminationMessagePolicy: File
       containers:
       - name: api
         image: {{ .Values.api.image }}:{{ .Values.version }}
@@ -362,6 +362,26 @@ spec:
             configMapKeyRef:
               key: AWS_DAST_UPLOAD_S3_BUCKET
               name: scan-server-config
+        - name: VULNERABILITY_SCRAPER_SERVICE_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: scan-server-config
+              key: VULNERABILITY_SCRAPER_SERVICE_HOST
+        - name: VULNERABILITY_SCRAPER_SERVICE_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: vulnscrape-secrets
+              key: VULNERABILITY_SCRAPER_SERVICE_TOKEN
+        - name: DATAJOB_WEBHOOK_URL
+          valueFrom:
+            configMapKeyRef:
+              name: scan-server-config
+              key: DATAJOB_WEBHOOK_URL
+        - name: NVD_KEY
+          valueFrom:
+            secretKeyRef:
+              name: scan-server-secrets
+              key: NVD_KEY
         ports:
         - containerPort: 8080
         livenessProbe:
@@ -384,73 +404,73 @@ spec:
       #      cpu: "500m"
       #    limits:
       #      memory: "1G"
-      - name: data
-        image: {{ .Values.data.image }}:{{ .Values.version }}
-        imagePullPolicy: Always
-        env:
-        - name: CLOUDDEFENSE_BASE_URL
-          valueFrom:
-            configMapKeyRef:
-              name: cdefense-config
-              key: CLOUDDEFENSE_BASE_URL
-        - name: DB_CONNECTION_STRING
-          valueFrom:
-            configMapKeyRef:
-              name: cdefense-config
-              key: DB_CONNECTION_STRING
-        - name: DB_USER
-          valueFrom:
-            configMapKeyRef:
-              name: cdefense-config
-              key: DB_USER
-        - name: CLOUDDEFENSE_HEROKUAPP_GRAPHQL_URL
-          valueFrom:
-            configMapKeyRef:
-              name: cdefense-config
-              key: CLOUDDEFENSE_GRAPHQL_URL
-        - name: VFEED_SYNC_JOB_CRON_EXPRESSION
-          valueFrom:
-            configMapKeyRef:
-              name: scan-server-config
-              key: DATA_VFEED_SQLITE_FULL_REFRESH_CRON_EXPRESSION
-        - name: DB_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: cdefense-secrets
-              key: DB_PASSWORD
-        - name: HASURA_GRAPHQL_ADMIN_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: graphql-secrets
-              key: HASURA_GRAPHQL_ADMIN_SECRET 
-        - name: PORT
-          value: "8081"
-        - name: VULNERABILITY_SCRAPER_SERVICE_HOST
-          valueFrom:
-            configMapKeyRef:
-              name: scan-server-config
-              key: VULNERABILITY_SCRAPER_SERVICE_HOST
-        - name: VULNERABILITY_SCRAPER_SERVICE_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: vulnscrape-secrets
-              key: VULNERABILITY_SCRAPER_SERVICE_TOKEN
-        - name: DATAJOB_WEBHOOK_URL
-          valueFrom:
-            configMapKeyRef:
-              name: scan-server-config
-              key: DATAJOB_WEBHOOK_URL
-        - name: NVD_KEY
-          valueFrom:
-            secretKeyRef:
-              name: scan-server-secrets
-              key: NVD_KEY
-        # resources:
-        #   requests:
-        #     memory: "1G"
-        #     cpu: "250m"
-        #   limits:
-        #     memory: "1G"
-      volumes:
-      - name: bootstrap
-        emptyDir: {}
+      # - name: data
+      #   image: {{ .Values.data.image }}:{{ .Values.version }}
+      #   imagePullPolicy: Always
+      #   env:
+      #   - name: CLOUDDEFENSE_BASE_URL
+      #     valueFrom:
+      #       configMapKeyRef:
+      #         name: cdefense-config
+      #         key: CLOUDDEFENSE_BASE_URL
+      #   - name: DB_CONNECTION_STRING
+      #     valueFrom:
+      #       configMapKeyRef:
+      #         name: cdefense-config
+      #         key: DB_CONNECTION_STRING
+      #   - name: DB_USER
+      #     valueFrom:
+      #       configMapKeyRef:
+      #         name: cdefense-config
+      #         key: DB_USER
+      #   - name: CLOUDDEFENSE_HEROKUAPP_GRAPHQL_URL
+      #     valueFrom:
+      #       configMapKeyRef:
+      #         name: cdefense-config
+      #         key: CLOUDDEFENSE_GRAPHQL_URL
+      #   - name: VFEED_SYNC_JOB_CRON_EXPRESSION
+      #     valueFrom:
+      #       configMapKeyRef:
+      #         name: scan-server-config
+      #         key: DATA_VFEED_SQLITE_FULL_REFRESH_CRON_EXPRESSION
+      #   - name: DB_PASSWORD
+      #     valueFrom:
+      #       secretKeyRef:
+      #         name: cdefense-secrets
+      #         key: DB_PASSWORD
+      #   - name: HASURA_GRAPHQL_ADMIN_SECRET
+      #     valueFrom:
+      #       secretKeyRef:
+      #         name: graphql-secrets
+      #         key: HASURA_GRAPHQL_ADMIN_SECRET 
+      #   - name: PORT
+      #     value: "8081"
+      #   - name: VULNERABILITY_SCRAPER_SERVICE_HOST
+      #     valueFrom:
+      #       configMapKeyRef:
+      #         name: scan-server-config
+      #         key: VULNERABILITY_SCRAPER_SERVICE_HOST
+      #   - name: VULNERABILITY_SCRAPER_SERVICE_TOKEN
+      #     valueFrom:
+      #       secretKeyRef:
+      #         name: vulnscrape-secrets
+      #         key: VULNERABILITY_SCRAPER_SERVICE_TOKEN
+      #   - name: DATAJOB_WEBHOOK_URL
+      #     valueFrom:
+      #       configMapKeyRef:
+      #         name: scan-server-config
+      #         key: DATAJOB_WEBHOOK_URL
+      #   - name: NVD_KEY
+      #     valueFrom:
+      #       secretKeyRef:
+      #         name: scan-server-secrets
+      #         key: NVD_KEY
+      #   # resources:
+      #   #   requests:
+      #   #     memory: "1G"
+      #   #     cpu: "250m"
+      #   #   limits:
+      #   #     memory: "1G"
+      # volumes:
+      # - name: bootstrap
+      #   emptyDir: {}

charts/cdefense/values.yaml

@@ -1,4 +1,4 @@
-version: "release-4.9.1"
+version: "release-4.9.2"
 domain: clouddefenseai.com
 hostname: cdefense.clouddefenseai.com
 

release.md

@@ -1,23 +1,21 @@
-Release Date : 30.07.2024
-Release Notes : 4.9.1
+Release Date : 20.08.2024
+Release Notes : 4.9.2
 
 New Features:
 
-1) Vulnerability Report Branch detail: We have added Branch name details under the Global Vulnerability Report for better insight into the report data.
-2) Application Report generation for Zero vulnerability: We have added the option to download the Application Report in the absence of vulnerabilities.
-3) Added "OWASP Top 10" and "SANS Top 25" labels: We have added the "OWASP Top 10" and "SANS Top 25" labels for the respective found vulnerabilities.
-4) Added filter option to get the "OWASP Top 10" and "SANS Top 25" vulnerabilities under Scan History: We have added the filter option to get the "OWASP Top 10" and "SANS Top 25" for found vulnerabilities for better usability.
-5) Added Excluded filter option and respective label for vulnerabilities removed after getting added to the "Excluded Path" setting: Added Excluded filter option and respective label for better user experience.
-6) Team Admins to have access to change the User Membership: We have provided the Team Admin the access to change its User membership to another team.
-7) AppUser to be able to raise a request to mark a vulnerability as False Positive: We have provided AppUser the access to request for a vulnerability to be marked as False Positive via approval.
-8) Added "Open Source" Report feature under Report drop-down menu: We have added the "Open Source" Report feature under Report to give better insights into the Vulnerability metrics.
-9) Added the Pull Request Build Policy Configuration: We have added the Pull Request Policy configuration for the Delta scan. 
+1) Jira ticket enhancement: We have added more details to the Jira ticket raised for vulnerability, providing recommendations, vulnerability path mapping, and severity mapping.
+2) Ability to rename Application name: We have added the ability to rename the Application name facilitating application management at the organization level to be more user-friendly.
+3) Added SAST recommendation for Application level report: We have also added recommendations for the SAST-type vulnerabilities under the Application report.
+4) Application Report Generation for Previous Scan History: We have added the facility to generate and download reports for previous scan histories at the application level.
+5) Branch-Specific Report Generation: We have added the facility to generate and download reports for scanned branches other than the default branch at the Application level for better user experience.
+6) Added column sorting for the Open Source page for CVE, CWE, and Libraries columns: We have provided column sorting for the Open Source page for CVE, CWE, and Libraries columns for ease of use.
 
 Improvements:
 
-1) Fixed the False Positive marked vulnerability Expiration: We have fixed the False Positive marked vulnerability Expiration.
+1) Fixed the New Exception Requested Field under Application Scan History for SCA vulnerabilities
 2) Bug Fixing on Backend: Fixed bugs across the application for better user experience.
 3) Fixed list of UI issues.
-4) Fixed Vulnerability Retest functionality.
-5) Fixed Scan History update on deleting an "Excluded File" from the Application Setting
-6) Fixed Vulnerability Page latency issues.
+4) Fixed addition of DAST vulnerabilities to allowed list for AppUser role.
+5) Fixed default branch name information for all new application scans
+6) Fixed AWS-S3 alert integration for weekly team-level report
+7) Fixed JavaScript Open fix PR issue.