From 2b3e0cac2f62d13decb049b309c7c2f1895b07bb Mon Sep 17 00:00:00 2001 From: Dilip <116056239+dt-dilip@users.noreply.github.com> Date: Sat, 30 Nov 2024 16:06:59 +0530 Subject: [PATCH] release-4.9.4 --- charts/cdefense/Chart.yaml | 4 +-- .../templates/alertservice/deployment.yaml | 10 +++++++ charts/cdefense/templates/api/config.yaml | 4 ++- charts/cdefense/templates/api/deployment.yaml | 15 ++++++++++ .../templates/authservice/config.yaml | 4 +-- .../templates/authservice/deployment.yaml | 15 ++++++---- charts/cdefense/values.yaml | 6 ++-- release.md | 28 ++++++++++--------- 8 files changed, 60 insertions(+), 26 deletions(-) diff --git a/charts/cdefense/Chart.yaml b/charts/cdefense/Chart.yaml index 0bb95fc..e92b9c5 100755 --- a/charts/cdefense/Chart.yaml +++ b/charts/cdefense/Chart.yaml @@ -13,9 +13,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 4.9.3 +version: 4.9.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "4.9.3" +appVersion: "4.9.4" diff --git a/charts/cdefense/templates/alertservice/deployment.yaml b/charts/cdefense/templates/alertservice/deployment.yaml index 57be032..0a7f1fd 100644 --- a/charts/cdefense/templates/alertservice/deployment.yaml +++ b/charts/cdefense/templates/alertservice/deployment.yaml @@ -53,6 +53,16 @@ spec: configMapKeyRef: name: cdefense-config key: CLOUDDEFENSE_BASE_URL + - name: SECRET_HEADER_VALUE + valueFrom: + secretKeyRef: + key: ATTACK_PATH_KEY + name: cdefense-secrets + - name: CLOUDDEFENSE_SENDGRID_EMAIL + valueFrom: + configMapKeyRef: + key: CLOUDDEFENSE_SENDGRID_EMAIL + name: scan-server-config # livenessProbe: # tcpSocket: # port: 8080 diff --git a/charts/cdefense/templates/api/config.yaml b/charts/cdefense/templates/api/config.yaml index cb6d1bf..9bf19aa 100644 --- a/charts/cdefense/templates/api/config.yaml +++ b/charts/cdefense/templates/api/config.yaml @@ -36,5 +36,7 @@ data: K8_RESOURCES_LIMIT_MEMORY: {{ .Values.api.job.resource.memory.limit }} DATAJOB_WEBHOOK_URL: "https://discord.com/api/webhooks/1006160865386582077/HndjuqofW-wYXspUb5_iv-AJN46UojZZvQDksz1a2cgvx1Q1lUJkdZ_IhZrlsh_ytKKO" PROFILER_WEBHOOK_URL: "https://discord.com/api/webhooks/1102883054806114375/DwZqyzMTpYf66kMyQ47b7lgFLNFGfqmxQxEBfnfOZtH6cMJIFzoNw17pmQnG9OmNk9Tv" + STATISTIC_WEBHOOK_URL: "https://discord.com/api/webhooks/1121016075799253063/6dAOW8JvKo3rHudlcwtcNFR0gMfLvfIWFFTAQTXxORwML7Y58RzDBjfjztqa9DZ6WmXw" CLOUDDEFENSE_SENDGRID_EMAIL: "support-noreply@clouddefense.ai" - MICRONAUT_ENVIRONMENTS: {{ .Values.api.environment | default "dev" }} \ No newline at end of file + MICRONAUT_ENVIRONMENTS: {{ .Values.api.environment | default "dev" }} + ALERT_SERVICE_URL: "http://alertservice" \ No newline at end of file diff --git a/charts/cdefense/templates/api/deployment.yaml b/charts/cdefense/templates/api/deployment.yaml index c8a5139..089db26 100644 --- a/charts/cdefense/templates/api/deployment.yaml +++ b/charts/cdefense/templates/api/deployment.yaml @@ -348,6 +348,21 @@ spec: configMapKeyRef: name: scan-server-config key: DATA_VFEED_SQLITE_FULL_REFRESH_CRON_EXPRESSION + - name: SECRET_HEADER_VALUE + valueFrom: + secretKeyRef: + key: ATTACK_PATH_KEY + name: cdefense-secrets + - name: ALERT_SERVICE_URL + valueFrom: + configMapKeyRef: + name: scan-server-config + key: ALERT_SERVICE_URL + - name: ATTACK_PATH_KEY + valueFrom: + secretKeyRef: + key: ATTACK_PATH_KEY + name: cdefense-secrets ports: - containerPort: 8080 livenessProbe: diff --git a/charts/cdefense/templates/authservice/config.yaml b/charts/cdefense/templates/authservice/config.yaml index 55362bd..a32da83 100644 --- a/charts/cdefense/templates/authservice/config.yaml +++ b/charts/cdefense/templates/authservice/config.yaml @@ -5,6 +5,6 @@ metadata: labels: app: keycloak data: - MICRONAUT_ENVIRONMENTS: {{ .Values.authservice.environment | default "dev" }} AUTH_DEPLOYMENT_MODE_DOCKER: "true" - NEW_RELIC_APP_NAME: cdefense \ No newline at end of file + NEW_RELIC_APP_NAME: cdefense + DOMAIN: "cdefense.clouddefenseai.com" \ No newline at end of file diff --git a/charts/cdefense/templates/authservice/deployment.yaml b/charts/cdefense/templates/authservice/deployment.yaml index ba35329..4014974 100644 --- a/charts/cdefense/templates/authservice/deployment.yaml +++ b/charts/cdefense/templates/authservice/deployment.yaml @@ -96,11 +96,6 @@ spec: secretKeyRef: name: keycloak-secrets key: KEYCLOAK_ADMIN_CLIENT_SECRET - - name: MICRONAUT_ENVIRONMENTS - valueFrom: - configMapKeyRef: - name: authservice-config - key: MICRONAUT_ENVIRONMENTS - name: CLOUDDEFENSE_AUTH_DEPLOYMENT_MODE_DOCKER valueFrom: configMapKeyRef: @@ -182,6 +177,16 @@ spec: secretKeyRef: name: graphql-secrets key: HASURA_GRAPHQL_ADMIN_SECRET + - name: SECRET_HEADER_VALUE + valueFrom: + secretKeyRef: + key: ATTACK_PATH_KEY + name: cdefense-secrets + - name: DOMAIN + valueFrom: + configMapKeyRef: + name: authservice-config + key: DOMAIN ports: - containerPort: 8080 livenessProbe: diff --git a/charts/cdefense/values.yaml b/charts/cdefense/values.yaml index 7bd608e..165778c 100644 --- a/charts/cdefense/values.yaml +++ b/charts/cdefense/values.yaml @@ -1,4 +1,4 @@ -version: "release-4.9.3" +version: "release-4.9.4" domain: clouddefenseai.com hostname: cdefense.clouddefenseai.com @@ -110,8 +110,8 @@ api: image: cdefense/fullscan data: region: us-east-1 - bucket: cdefense-vulnerability-data-new - endpoint: https://cdefense-vulnerability-data-new.s3.us-east-1.amazonaws.com + bucket: cdefense-vulnerability-new-data + endpoint: https://cdefense-vulnerability-new-data.s3.us-east-1.amazonaws.com vuln: host: "https://vuln-console.clouddefenseai.com" logs: diff --git a/release.md b/release.md index 1135477..d3e35c1 100644 --- a/release.md +++ b/release.md @@ -1,21 +1,23 @@ -Release Date : 10.09.2024 -Release Notes : 4.9.3 +Release Date : 11.11.2024 +Release Notes : 4.9.4 New Features: -1) Improved CLI scan response output: We have added details for the OSS license policy failure under the CLI scan output to provide user more insight. -2) Added Custom Regex Support for Secret Scan: We have added the support for the custom regex for Secret Scan to eliminate the false positives, providing better user experience. -3) Merged Team and Organization Report Page: We have merged the Organization Report and Team Report page to provide user consolidated view with flexible filters to configure the Report View. -4) Improved Report Page performance: We have improved the Report page performance by reducing the response time latency for better user experience. -5) Added the detail about who and when introduced the detected vulnerability : We have added the details about the user who introduced the detected vulnerability to provide more isight and track the issue correctly. -6) Added details about the user initiating the scan under the Application page: We have provided details on the user that ran the scan and timestamp to provide more context into the scan run. User has capability to search for the latest scan run by user email. +1) Added Schedule scan support for DAST and API scan: We have added schedule scan support for DAST and API scan, providing better user experience. +2) Introduced License report: We have added license report for centralized tracking of utilization metrics. +3) Added Scan Type filter at Application Page: We have added Scan Type filter at Application Page for better user experience. +4) Moved Team Selector to side filter: We have removed the team selector from page header and moved it under side filter for better accessibility and uniformity. +5) Combined Generic API key and Personal API key for better manageability. +6) Captcha v3 Integration on SignUp: Added Google reCAPTCHA v3 to the sign-up process to enhance security and prevent bot registrations. +7) OTP Verification for Password: Implemented OTP validation to verify user identity before allowing password changes. +8) Recover deleted application: We have provided facility to recover deleted application within 15 days to avoid accidental information loss. Improvements: -1) Fixed the redirection of the Exploits reference links under Open Source Page +1) Updated the Azure devops access token request access level. 2) Bug Fixing on Backend: Fixed bugs across the application for better user experience. 3) Fixed list of UI issues. -4) Limited the number of default team to one. -5) Fixed SANS Top 25 result opening error under dashboard. -6) Fixed Search filter for the Open Source Report page -7) Improved the latency issues under the Application Page scan result expansion. \ No newline at end of file +4) Fixed report genration under Scan history +5) Updated the rule mappings with OWASP top 10 and SANS top 25 standard. +6) Removed error message shown on session logout. +7) Fixed automated container image scan. \ No newline at end of file