From 13079b84deabebc6167ddc79e8232e786a8229c9 Mon Sep 17 00:00:00 2001 From: Dilip <116056239+dt-dilip@users.noreply.github.com> Date: Wed, 21 Aug 2024 14:06:38 +0530 Subject: [PATCH] release-4.9.2 --- charts/cdefense/Chart.yaml | 4 +- charts/cdefense/templates/api/deployment.yaml | 238 ++++++++++-------- charts/cdefense/values.yaml | 2 +- release.md | 28 +-- 4 files changed, 145 insertions(+), 127 deletions(-) diff --git a/charts/cdefense/Chart.yaml b/charts/cdefense/Chart.yaml index 0da92ef..0c75f64 100755 --- a/charts/cdefense/Chart.yaml +++ b/charts/cdefense/Chart.yaml @@ -13,9 +13,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 4.9.1 +version: 4.9.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "4.9.1" +appVersion: "4.9.2" diff --git a/charts/cdefense/templates/api/deployment.yaml b/charts/cdefense/templates/api/deployment.yaml index add574e..272100e 100644 --- a/charts/cdefense/templates/api/deployment.yaml +++ b/charts/cdefense/templates/api/deployment.yaml @@ -47,45 +47,45 @@ spec: # echo waiting for graphql; sleep 10; done; echo connection to graphql ok # terminationMessagePath: /dev/termination-log # terminationMessagePolicy: File - - name: check-seed-pod - image: cdefense/scandb-seed:latest - # imagePullPolicy: IfNotPresent - command: - - sh - - -c - - ./seed_db.sh # 'until pg_isready; do echo waiting for database; sleep 5; done;/seed_db.sh;' - env: - - name: PGHOST - valueFrom: - configMapKeyRef: - name: cdefense-config - key: DB_ADDR - - name: PGPORT - valueFrom: - configMapKeyRef: - name: cdefense-config - key: DB_PORT - - name: PGUSER - valueFrom: - configMapKeyRef: - name: cdefense-config - key: DB_USER - - name: PGDATABASE - valueFrom: - configMapKeyRef: - name: cdefense-config - key: DB_NAME - - name: PGPASSWORD - valueFrom: - secretKeyRef: - name: cdefense-secrets - key: DB_PASSWORD - resources: {} - volumeMounts: - - mountPath: /bootstrap - name: bootstrap - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File + # - name: check-seed-pod + # image: cdefense/scandb-seed:latest + # # imagePullPolicy: IfNotPresent + # command: + # - sh + # - -c + # - ./seed_db.sh # 'until pg_isready; do echo waiting for database; sleep 5; done;/seed_db.sh;' + # env: + # - name: PGHOST + # valueFrom: + # configMapKeyRef: + # name: cdefense-config + # key: DB_ADDR + # - name: PGPORT + # valueFrom: + # configMapKeyRef: + # name: cdefense-config + # key: DB_PORT + # - name: PGUSER + # valueFrom: + # configMapKeyRef: + # name: cdefense-config + # key: DB_USER + # - name: PGDATABASE + # valueFrom: + # configMapKeyRef: + # name: cdefense-config + # key: DB_NAME + # - name: PGPASSWORD + # valueFrom: + # secretKeyRef: + # name: cdefense-secrets + # key: DB_PASSWORD + # resources: {} + # volumeMounts: + # - mountPath: /bootstrap + # name: bootstrap + # terminationMessagePath: /dev/termination-log + # terminationMessagePolicy: File containers: - name: api image: {{ .Values.api.image }}:{{ .Values.version }} @@ -362,6 +362,26 @@ spec: configMapKeyRef: key: AWS_DAST_UPLOAD_S3_BUCKET name: scan-server-config + - name: VULNERABILITY_SCRAPER_SERVICE_HOST + valueFrom: + configMapKeyRef: + name: scan-server-config + key: VULNERABILITY_SCRAPER_SERVICE_HOST + - name: VULNERABILITY_SCRAPER_SERVICE_TOKEN + valueFrom: + secretKeyRef: + name: vulnscrape-secrets + key: VULNERABILITY_SCRAPER_SERVICE_TOKEN + - name: DATAJOB_WEBHOOK_URL + valueFrom: + configMapKeyRef: + name: scan-server-config + key: DATAJOB_WEBHOOK_URL + - name: NVD_KEY + valueFrom: + secretKeyRef: + name: scan-server-secrets + key: NVD_KEY ports: - containerPort: 8080 livenessProbe: @@ -384,73 +404,73 @@ spec: # cpu: "500m" # limits: # memory: "1G" - - name: data - image: {{ .Values.data.image }}:{{ .Values.version }} - imagePullPolicy: Always - env: - - name: CLOUDDEFENSE_BASE_URL - valueFrom: - configMapKeyRef: - name: cdefense-config - key: CLOUDDEFENSE_BASE_URL - - name: DB_CONNECTION_STRING - valueFrom: - configMapKeyRef: - name: cdefense-config - key: DB_CONNECTION_STRING - - name: DB_USER - valueFrom: - configMapKeyRef: - name: cdefense-config - key: DB_USER - - name: CLOUDDEFENSE_HEROKUAPP_GRAPHQL_URL - valueFrom: - configMapKeyRef: - name: cdefense-config - key: CLOUDDEFENSE_GRAPHQL_URL - - name: VFEED_SYNC_JOB_CRON_EXPRESSION - valueFrom: - configMapKeyRef: - name: scan-server-config - key: DATA_VFEED_SQLITE_FULL_REFRESH_CRON_EXPRESSION - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: cdefense-secrets - key: DB_PASSWORD - - name: HASURA_GRAPHQL_ADMIN_SECRET - valueFrom: - secretKeyRef: - name: graphql-secrets - key: HASURA_GRAPHQL_ADMIN_SECRET - - name: PORT - value: "8081" - - name: VULNERABILITY_SCRAPER_SERVICE_HOST - valueFrom: - configMapKeyRef: - name: scan-server-config - key: VULNERABILITY_SCRAPER_SERVICE_HOST - - name: VULNERABILITY_SCRAPER_SERVICE_TOKEN - valueFrom: - secretKeyRef: - name: vulnscrape-secrets - key: VULNERABILITY_SCRAPER_SERVICE_TOKEN - - name: DATAJOB_WEBHOOK_URL - valueFrom: - configMapKeyRef: - name: scan-server-config - key: DATAJOB_WEBHOOK_URL - - name: NVD_KEY - valueFrom: - secretKeyRef: - name: scan-server-secrets - key: NVD_KEY - # resources: - # requests: - # memory: "1G" - # cpu: "250m" - # limits: - # memory: "1G" - volumes: - - name: bootstrap - emptyDir: {} + # - name: data + # image: {{ .Values.data.image }}:{{ .Values.version }} + # imagePullPolicy: Always + # env: + # - name: CLOUDDEFENSE_BASE_URL + # valueFrom: + # configMapKeyRef: + # name: cdefense-config + # key: CLOUDDEFENSE_BASE_URL + # - name: DB_CONNECTION_STRING + # valueFrom: + # configMapKeyRef: + # name: cdefense-config + # key: DB_CONNECTION_STRING + # - name: DB_USER + # valueFrom: + # configMapKeyRef: + # name: cdefense-config + # key: DB_USER + # - name: CLOUDDEFENSE_HEROKUAPP_GRAPHQL_URL + # valueFrom: + # configMapKeyRef: + # name: cdefense-config + # key: CLOUDDEFENSE_GRAPHQL_URL + # - name: VFEED_SYNC_JOB_CRON_EXPRESSION + # valueFrom: + # configMapKeyRef: + # name: scan-server-config + # key: DATA_VFEED_SQLITE_FULL_REFRESH_CRON_EXPRESSION + # - name: DB_PASSWORD + # valueFrom: + # secretKeyRef: + # name: cdefense-secrets + # key: DB_PASSWORD + # - name: HASURA_GRAPHQL_ADMIN_SECRET + # valueFrom: + # secretKeyRef: + # name: graphql-secrets + # key: HASURA_GRAPHQL_ADMIN_SECRET + # - name: PORT + # value: "8081" + # - name: VULNERABILITY_SCRAPER_SERVICE_HOST + # valueFrom: + # configMapKeyRef: + # name: scan-server-config + # key: VULNERABILITY_SCRAPER_SERVICE_HOST + # - name: VULNERABILITY_SCRAPER_SERVICE_TOKEN + # valueFrom: + # secretKeyRef: + # name: vulnscrape-secrets + # key: VULNERABILITY_SCRAPER_SERVICE_TOKEN + # - name: DATAJOB_WEBHOOK_URL + # valueFrom: + # configMapKeyRef: + # name: scan-server-config + # key: DATAJOB_WEBHOOK_URL + # - name: NVD_KEY + # valueFrom: + # secretKeyRef: + # name: scan-server-secrets + # key: NVD_KEY + # # resources: + # # requests: + # # memory: "1G" + # # cpu: "250m" + # # limits: + # # memory: "1G" + # volumes: + # - name: bootstrap + # emptyDir: {} diff --git a/charts/cdefense/values.yaml b/charts/cdefense/values.yaml index 3773885..72ae7c4 100644 --- a/charts/cdefense/values.yaml +++ b/charts/cdefense/values.yaml @@ -1,4 +1,4 @@ -version: "release-4.9.1" +version: "release-4.9.2" domain: clouddefenseai.com hostname: cdefense.clouddefenseai.com diff --git a/release.md b/release.md index 6291ad6..e987a51 100644 --- a/release.md +++ b/release.md @@ -1,23 +1,21 @@ -Release Date : 30.07.2024 -Release Notes : 4.9.1 +Release Date : 20.08.2024 +Release Notes : 4.9.2 New Features: -1) Vulnerability Report Branch detail: We have added Branch name details under the Global Vulnerability Report for better insight into the report data. -2) Application Report generation for Zero vulnerability: We have added the option to download the Application Report in the absence of vulnerabilities. -3) Added "OWASP Top 10" and "SANS Top 25" labels: We have added the "OWASP Top 10" and "SANS Top 25" labels for the respective found vulnerabilities. -4) Added filter option to get the "OWASP Top 10" and "SANS Top 25" vulnerabilities under Scan History: We have added the filter option to get the "OWASP Top 10" and "SANS Top 25" for found vulnerabilities for better usability. -5) Added Excluded filter option and respective label for vulnerabilities removed after getting added to the "Excluded Path" setting: Added Excluded filter option and respective label for better user experience. -6) Team Admins to have access to change the User Membership: We have provided the Team Admin the access to change its User membership to another team. -7) AppUser to be able to raise a request to mark a vulnerability as False Positive: We have provided AppUser the access to request for a vulnerability to be marked as False Positive via approval. -8) Added "Open Source" Report feature under Report drop-down menu: We have added the "Open Source" Report feature under Report to give better insights into the Vulnerability metrics. -9) Added the Pull Request Build Policy Configuration: We have added the Pull Request Policy configuration for the Delta scan. +1) Jira ticket enhancement: We have added more details to the Jira ticket raised for vulnerability, providing recommendations, vulnerability path mapping, and severity mapping. +2) Ability to rename Application name: We have added the ability to rename the Application name facilitating application management at the organization level to be more user-friendly. +3) Added SAST recommendation for Application level report: We have also added recommendations for the SAST-type vulnerabilities under the Application report. +4) Application Report Generation for Previous Scan History: We have added the facility to generate and download reports for previous scan histories at the application level. +5) Branch-Specific Report Generation: We have added the facility to generate and download reports for scanned branches other than the default branch at the Application level for better user experience. +6) Added column sorting for the Open Source page for CVE, CWE, and Libraries columns: We have provided column sorting for the Open Source page for CVE, CWE, and Libraries columns for ease of use. Improvements: -1) Fixed the False Positive marked vulnerability Expiration: We have fixed the False Positive marked vulnerability Expiration. +1) Fixed the New Exception Requested Field under Application Scan History for SCA vulnerabilities 2) Bug Fixing on Backend: Fixed bugs across the application for better user experience. 3) Fixed list of UI issues. -4) Fixed Vulnerability Retest functionality. -5) Fixed Scan History update on deleting an "Excluded File" from the Application Setting -6) Fixed Vulnerability Page latency issues. \ No newline at end of file +4) Fixed addition of DAST vulnerabilities to allowed list for AppUser role. +5) Fixed default branch name information for all new application scans +6) Fixed AWS-S3 alert integration for weekly team-level report +7) Fixed JavaScript Open fix PR issue. \ No newline at end of file