-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update JIRA for Finding Group When Risk Acceptance Expires #11401
base: bugfix
Are you sure you want to change the base?
Conversation
DryRun Security SummaryThe pull request focuses on improving the JIRA integration, risk acceptance management, and finding-related functionality in the DefectDojo application by enhancing code reliability, traceability, and maintainability through targeted changes in three key files. Expand for full summarySummary: The code changes in this pull request are focused on improving the functionality and reliability of the JIRA integration, the management of risk acceptances, and the organization of the finding-related functionality in the DefectDojo application. The changes to the The changes to the The changes to the From an application security perspective, these changes do not directly impact the security of the application, but they do contribute to the overall reliability, traceability, and maintainability of the DefectDojo application, which can indirectly benefit the security of the application. Files Changed:
Code AnalysisWe ran |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works well! Small nitpick about code org, but otherwise good
dojo/risk_acceptance/helper.py
Outdated
def update_risk_acceptance_jira(finding): | ||
# Manage the jira status changes | ||
push_to_jira = False | ||
# Determine if the finding is in a group. if so, not push to jira yet | ||
finding_in_group = finding.has_finding_group | ||
# Check if there is a jira issue that needs to be updated | ||
jira_issue_exists = finding.has_jira_issue or (finding.finding_group and finding.finding_group.has_jira_issue) | ||
# Only push if the finding is not in a group | ||
if jira_issue_exists: | ||
# Determine if any automatic sync should occur | ||
push_to_jira = jira_helper.is_push_all_issues(finding) \ | ||
or jira_helper.get_jira_instance(finding).finding_jira_sync | ||
# Save the finding | ||
finding.save(push_to_jira=(push_to_jira and not finding_in_group)) | ||
|
||
# we only push the group after saving the finding to make sure | ||
# the updated data of the finding is pushed as part of the group | ||
if push_to_jira and finding_in_group: | ||
jira_helper.push_to_jira(finding.finding_group) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would be better placed in dojo/jira_link/helper.py under a different name like save_and_push_to_jira
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
[sc-9132]
When a risk exception expires, and reopens all of the associated findings, those changes should be reflected in jira.