release-4.9.4

charts/cdefense/Chart.yaml

@@ -13,9 +13,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 4.9.3
+version: 4.9.4
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "4.9.3"
+appVersion: "4.9.4"

charts/cdefense/templates/alertservice/deployment.yaml

@@ -53,6 +53,16 @@ spec:
             configMapKeyRef:
               name: cdefense-config
               key: CLOUDDEFENSE_BASE_URL
+        - name: SECRET_HEADER_VALUE
+          valueFrom:
+            secretKeyRef:
+              key: ATTACK_PATH_KEY
+              name: cdefense-secrets
+        - name: CLOUDDEFENSE_SENDGRID_EMAIL
+          valueFrom:
+            configMapKeyRef:
+              key: CLOUDDEFENSE_SENDGRID_EMAIL
+              name: scan-server-config
         # livenessProbe:
         #   tcpSocket:
         #     port: 8080

charts/cdefense/templates/alertservice/service.yaml

@@ -1,4 +1,3 @@
-{{ if .Values.alertservice.enabled }}
 ---
 apiVersion: v1
 kind: Service
@@ -11,5 +10,4 @@ spec:
   selector:
     app: alertservice
   ports:
-    {{- .Values.alertservice.service.ports | toYaml | nindent 2 -}}
-{{ end }}
+    {{- .Values.alertservice.service.ports | toYaml | nindent 2 -}}

charts/cdefense/templates/api/config.yaml

@@ -36,5 +36,7 @@ data:
   K8_RESOURCES_LIMIT_MEMORY: {{ .Values.api.job.resource.memory.limit }}
   DATAJOB_WEBHOOK_URL: "https://discord.com/api/webhooks/1006160865386582077/HndjuqofW-wYXspUb5_iv-AJN46UojZZvQDksz1a2cgvx1Q1lUJkdZ_IhZrlsh_ytKKO"
   PROFILER_WEBHOOK_URL: "https://discord.com/api/webhooks/1102883054806114375/DwZqyzMTpYf66kMyQ47b7lgFLNFGfqmxQxEBfnfOZtH6cMJIFzoNw17pmQnG9OmNk9Tv"
+  STATISTIC_WEBHOOK_URL: "https://discord.com/api/webhooks/1121016075799253063/6dAOW8JvKo3rHudlcwtcNFR0gMfLvfIWFFTAQTXxORwML7Y58RzDBjfjztqa9DZ6WmXw"
   CLOUDDEFENSE_SENDGRID_EMAIL: "[email protected]" 
-  MICRONAUT_ENVIRONMENTS: {{ .Values.api.environment | default "dev"  }}
+  MICRONAUT_ENVIRONMENTS: {{ .Values.api.environment | default "dev"  }}
+  ALERT_SERVICE_URL: "http://alertservice"

charts/cdefense/templates/api/deployment.yaml

@@ -348,6 +348,21 @@ spec:
             configMapKeyRef:
               name: scan-server-config
               key: DATA_VFEED_SQLITE_FULL_REFRESH_CRON_EXPRESSION
+        - name: SECRET_HEADER_VALUE
+          valueFrom:
+            secretKeyRef:
+              key: ATTACK_PATH_KEY
+              name: cdefense-secrets
+        - name: ALERT_SERVICE_URL
+          valueFrom:
+            configMapKeyRef:
+              name: scan-server-config
+              key: ALERT_SERVICE_URL
+        - name: ATTACK_PATH_KEY
+          valueFrom:
+            secretKeyRef:
+              key: ATTACK_PATH_KEY
+              name: cdefense-secrets
         ports:
         - containerPort: 8080
         livenessProbe:

charts/cdefense/templates/authservice/config.yaml

@@ -5,6 +5,6 @@ metadata:
   labels:
     app: keycloak
 data:
-  MICRONAUT_ENVIRONMENTS: {{ .Values.authservice.environment | default "dev"  }}
   AUTH_DEPLOYMENT_MODE_DOCKER: "true"
-  NEW_RELIC_APP_NAME: cdefense
+  NEW_RELIC_APP_NAME: cdefense
+  DOMAIN: "cdefense.clouddefenseai.com"

charts/cdefense/templates/authservice/deployment.yaml

@@ -96,11 +96,6 @@ spec:
               secretKeyRef:
                 name: keycloak-secrets
                 key: KEYCLOAK_ADMIN_CLIENT_SECRET
-          - name: MICRONAUT_ENVIRONMENTS
-            valueFrom:
-              configMapKeyRef:
-                name: authservice-config
-                key: MICRONAUT_ENVIRONMENTS
           - name: CLOUDDEFENSE_AUTH_DEPLOYMENT_MODE_DOCKER
             valueFrom:
               configMapKeyRef:
@@ -182,6 +177,16 @@ spec:
               secretKeyRef:
                 name: graphql-secrets
                 key: HASURA_GRAPHQL_ADMIN_SECRET
+          - name: SECRET_HEADER_VALUE
+            valueFrom:
+              secretKeyRef:
+                key: ATTACK_PATH_KEY
+                name: cdefense-secrets
+          - name: DOMAIN
+            valueFrom:
+              configMapKeyRef:
+                name: authservice-config
+                key: DOMAIN
           ports:
           - containerPort: 8080
           livenessProbe:

charts/cdefense/templates/config.yaml

@@ -74,4 +74,4 @@ data:
   CLOUDDEFENSE_WEBCONSOLE_ONPREM_ENABLED: cdefense
   CUSTOM_VENDOR: ""
   GPT_BASE_URL: "http://ai/"
-  OUTSIDE : "https://console.clouddefenseai.com"
+  OUTSIDE : "https://cdefense.clouddefenseai.com"

charts/cdefense/templates/newapi/deployment.yaml

@@ -65,6 +65,11 @@ spec:
             configMapKeyRef:
                 name: scan-server-config
                 key: CLOUDDEFENSE_NEWAPI_BASE_URL
+        - name: ATTACK_PATH_KEY
+          valueFrom:
+            secretKeyRef:
+              key: ATTACK_PATH_KEY
+              name: cdefense-secrets
         ports:
         - containerPort: 8080
         livenessProbe:

charts/cdefense/values.yaml

@@ -1,4 +1,4 @@
-version: "release-4.9.3"
+version: "release-4.9.4"
 domain: clouddefenseai.com
 hostname: cdefense.clouddefenseai.com
 
@@ -110,8 +110,8 @@ api:
     image: cdefense/fullscan
   data:
     region: us-east-1
-    bucket: cdefense-vulnerability-data-new
-    endpoint: https://cdefense-vulnerability-data-new.s3.us-east-1.amazonaws.com
+    bucket: cdefense-vulnerability-new-data
+    endpoint: https://cdefense-vulnerability-new-data.s3.us-east-1.amazonaws.com
   vuln:
     host: "https://vuln-console.clouddefenseai.com"
   logs:

release.md

@@ -1,21 +1,23 @@
-Release Date : 10.09.2024
-Release Notes : 4.9.3
+Release Date : 11.11.2024
+Release Notes : 4.9.4
 
 New Features:
 
-1) Improved CLI scan response output: We have added details for the OSS license policy failure under the CLI scan output to provide user more insight.
-2) Added Custom Regex Support for Secret Scan: We have added the support for the custom regex for Secret Scan to eliminate the false positives, providing better user experience.
-3) Merged Team and Organization Report Page: We have merged the Organization Report and Team Report page to provide user consolidated view with flexible filters to configure the Report View.
-4) Improved Report Page performance: We have improved the Report page performance by reducing the response time latency for better user experience.
-5) Added the detail about who and when introduced the detected vulnerability : We have added the details about the user who introduced the detected vulnerability to provide more isight and track the issue correctly.
-6) Added details about the user initiating the scan under the Application page: We have provided details on the user that ran the scan and timestamp to provide more context into the scan run. User has capability to search for the latest scan run by user email.
+1) Added Schedule scan support for DAST and API scan: We have added schedule scan support for DAST and API scan, providing better user experience.
+2) Introduced License report: We have added license report for centralized tracking of utilization metrics.
+3) Added Scan Type filter at Application Page: We have added Scan Type filter at Application Page for better user experience.
+4) Moved Team Selector to side filter: We have removed the team selector from page header and moved it under side filter for better accessibility and uniformity.
+5) Combined Generic API key and Personal API key for better manageability.
+6) Captcha v3 Integration on SignUp: Added Google reCAPTCHA v3 to the sign-up process to enhance security and prevent bot registrations.
+7) OTP Verification for Password: Implemented OTP validation to verify user identity before allowing password changes.
+8) Recover deleted application: We have provided facility to recover deleted application within 15 days to avoid accidental information loss.
 
 Improvements:
 
-1) Fixed the redirection of the Exploits reference links under Open Source Page
+1) Updated the Azure devops access token request access level.
 2) Bug Fixing on Backend: Fixed bugs across the application for better user experience.
 3) Fixed list of UI issues.
-4) Limited the number of default team to one.
-5) Fixed SANS Top 25 result opening error under dashboard.
-6) Fixed Search filter for the Open Source Report page
-7) Improved the latency issues under the Application Page scan result expansion.
+4) Fixed report genration under Scan history
+5) Updated the rule mappings with OWASP top 10 and SANS top 25 standard.
+6) Removed error message shown on session logout.
+7) Fixed automated container image scan.