Conversation
This should resolve issues with the DefectDojo hook not being able to properly update the scan as the status fields didn't match the current ones Signed-off-by: Jannik Hollenbach <[email protected]>
EndPositive
approved these changes
Nov 18, 2021
Contributor
EndPositive
left a comment
EndPositive
left a comment
There was a problem hiding this comment.
Works as expected 😄 .
Tested with a deployment of DD, DD persistence provider, two update-field hooks, and nmap.
NAME TYPE PRIORITY IMAGE
persistence-defectdojo ReadAndWrite 0 docker.io/securecodebox/hook-persistence-defectdojo:sha-c9dbc16c
update-category-update-field-hook ReadAndWrite 1 docker.io/securecodebox/hook-update-field:sha-c9dbc16c
update-severity-update-field-hook ReadAndWrite -1 docker.io/securecodebox/hook-update-field:sha-c9dbc16c
NAME READY STATUS RESTARTS AGE
parse-nmap-cf6dr--1-5lmc4 0/1 Completed 0 2m7s
persistence-defectdojo-nmap-7tlxd--1-9nf9x 0/1 Completed 0 2m2s
scan-nmap-n6jpg--1-gxnhp 0/2 Completed 0 2m10s
update-category-update-field-hook-nmap-h7gs4--1-kqtsx 0/1 Completed 0 2m4s
update-severity-update-field-hook-nmap-p4r87--1-mgvpj 0/1 Completed 0 111s
Status:
Finding Download Link: [...]
Finding Head Link: [...]
Findings:
Categories:
DefectDojo Imported Finding: 1
Count: 1
Severities:
High: 1
Ordered Hook Statuses:
[map[hookName:update-category-update-field-hook jobName:update-category-update-field-hook-nmap-h7gs4 priority:1 state:Completed type:ReadAndWrite]]
[map[hookName:persistence-defectdojo jobName:persistence-defectdojo-nmap-7tlxd priority:0 state:Completed type:ReadAndWrite]]
[map[hookName:update-severity-update-field-hook jobName:update-severity-update-field-hook-nmap-p4r87 priority:-1 state:Completed type:ReadAndWrite]]
Raw Result Download Link: [...]
Raw Result File: nmap-results.xml
Raw Result Head Link: [...]
Raw Result Type: nmap-xml
State: Done
Order is properly preserved. DD hook does not mess up hook status and update-severity still runs after DD hook.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This should resolve issues with the DefectDojo hook not being able to properly update the scan as the status fields didn't match the current ones. These issue were initially caused by the #695 as this has updated the hook status fields in the
scan.status.Done by using the update.sh script. This scripts regenerates all the java types. After the script there unfortunatly is a manual editing step to get rid of unneeded autogenerated code (Mostly the volume and initContainer field from the scan). This is mostly done so that the generated code is not counted towards the programming language distribution of this repo... :(