Notification for new findings

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.

https://defectdojo.com

BSD 3-Clause "New" or "Revised" License

3.72k stars 1.56k forks source link

Notification for new findings #7393

Open Gby56 opened 1 year ago

Gby56 commented 1 year ago

Is your feature request related to a problem? Please describe This is a very simple idea, but sometimes, when you manage a mix of tools that are cloud-hosted, and DIY scanners, and lots more, it is hard to keep track of new findings that might be found daily/weekly. Having a dashboard might help, but still requires you to connect daily and check the numbers.

Describe the solution you'd like A simple notification when a new finding has been created, for a given filter like:

is SAST
is severity Critical
of CWE CWE-94
in product X
OR in product of team Y

Having that kind of notification system, both per-user and for the whole DefectDojo instance (especially for Security Engineering teams that manage the instance, it would be cool to get slack notifications about anything new critical appearing)

Describe alternatives you've considered I guess querying and filtering the API daily/hourly and sending a webhook myself to Slack ?

tomaszn commented 1 year ago

I would add that these notification settings should not necessarily be tied to specific users. I need to set up various notifications, each sent to a different Slack channel, and all DefectDojo admins should be able to add/update/remove them.

(Alternatively, these notifications could be tied to new users which I would create, but currently I can't even set up notifications for other users without manually editing the database. Solution for this is enabling superusers to log in as others, looks like this could be used: https://pypi.org/project/django-impersonate/ )

farsheedify commented 1 year ago

We also need this in our organization.

We want to be able to notify security champions of teams about new high/critical findings in their recent engagements of their own products, therefore it would be a really handy enhancement to add the ability to send email notifications per product type, per severity for the latest engagement.

ansereb commented 8 months ago

As a workaround, there are findings_new, findings_mitigated, findings_reactivated and findings_untouched lists are transferred to template renderer here https://github.com/DefectDojo/django-DefectDojo/blob/1f450c2e737df8e9331590f633a2961562b35429/dojo/notifications/helper.py#L401 You can iterate them inside https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/templates/notifications/slack/scan_added.tpl template, for example add new findings title to the notification :

New findings:
{% for finding in findings_new %}
  {{ finding.title }}
{% endfor %}

P.S. you need to remove blocktranslate block if you want to add new for or if blocks

jonhall54 commented 6 months ago

@ansereb thanks for the workaround, unfortunately I'm finding that with this method the deduplication has not necessarily finished when the notification is sent. For large scan files, many issues still get sent to Slack, any thoughts on handling this?

ansereb commented 4 months ago

@jonhall54 i think it may happen if you upload a scan into new test. Try re-upload into existing test instead, for me it's resolved the issue