v1.3.1

📌 Dependencies

• Updated embedded Tomcat to 9.0.31. Fixes potential vulnerability to CVE-2020-1938

v1.3.0

🕷 Security Scanner

• Add Ncrack Bruteforce Scanner @jorgestiga (#137)

🚀 Features

• Configure multiple users, groups and tenants via the application.yaml config @J12934 (#115)

📌 Dependencies

• [Snyk] Upgrade com.amazonaws:aws-java-sdk-s3 from 1.11.689 to 1.11.699 @snyk-bot (#136)
• [Snyk] Upgrade org.elasticsearch.client:elasticsearch-rest-high-level-client from 6.8.5 to 6.8.6 @snyk-bot (#130)

v1.2.0

🚀 Features

• Add SecurityTest metadata to elasticsearch finding documents @J12934 (#110)
• Add scan durationInMs, startDate & endDate fields to SecurityTest and ScanProcessExecution Models @J12934 (#107)

⛩ DefectDojo Integration

• fix: use latest in case no testName is given @wurstbrot (#135)
• Added name and description check for nikto scans to avoid NullPointer @Chau362 (#134)
• Use getServeritiesAndHigherServerities @wurstbrot (#133)
• Add getLatestTestIdByEngagementName @wurstbrot (#131)
• Fix Typos @wurstbrot (#105)
• Add Re-Import and tests @wurstbrot (#102)

🐛 Bug Fixes

• Reduce Database Write Clutter in Nmap Process @J12934 (#101)
• Ensure that Groups are always Created before the Users @J12934 (#100)
• Bugfixing the combined NMAP+SSH Scan @rseedorff (#132)

🔧 Maintenance

• Decrease default history duration to 1 day @J12934 (#108)
• Replace develop docker tag with unstable tag @J12934 (#103)

📌 Dependencies

• [Snyk] Upgrade io.springfox:springfox-swagger2 from 2.9.0 to 2.9… @snyk-bot (#114)
• Update java dependencies @J12934 (#109)
• [Snyk] Upgrade com.amazonaws:aws-java-sdk-s3 from 1.11.688 to 1.… @snyk-bot (#129)
• [Snyk] Upgrade org.springframework.boot:spring-boot-starter-secu… @snyk-bot (#127)
• [Snyk] Upgrade org.springframework.boot:spring-boot-properties-m… @snyk-bot (#128)
• [Snyk] Upgrade com.amazonaws:aws-java-sdk-s3 from 1.11.683 to 1.… @snyk-bot (#126)
• [Snyk] Upgrade com.amazonaws:aws-java-sdk-s3 from 1.11.681 to 1.… @snyk-bot (#125)
• [Snyk] Upgrade com.amazonaws:aws-java-sdk-s3 from 1.11.676 to 1.… @snyk-bot (#122)
• [Snyk] Upgrade org.elasticsearch.client:elasticsearch-rest-high-… @snyk-bot (#123)
• [Snyk] Upgrade io.swagger:swagger-annotations from 1.5.23 to 1.6… @snyk-bot (#121)
• [Snyk] Upgrade com.amazonaws:aws-java-sdk-s3 from 1.11.653 to 1.… @snyk-bot (#120)
• [Snyk] Upgrade org.springframework.boot:spring-boot-properties-m… @snyk-bot (#118)
• [Snyk] Upgrade org.springframework.boot:spring-boot-starter-actu… @snyk-bot (#119)
• [Snyk] Upgrade io.swagger:swagger-annotations from 1.5.14 to 1.5… @snyk-bot (#111)
• [Snyk] Upgrade org.springframework.boot:spring-boot-properties-m… @snyk-bot (#116)
• [Snyk] Fix for 1 vulnerabilities @snyk-bot (#112)
• [Snyk] Fix for 1 vulnerable dependencies @snyk-bot (#106)

v1.1.0

🚀 Features

• Enable use of DefectDojo Persistence Provider Code without the secureCodeBox @wurstbrot @J12934 (#99)
• Feature/wordpress scanner @dpatanin (#87)
• add new visualizations and dashboard @dpatanin (#88)

🐛 Bug Fixes

• Correctly display nmap host without port in result form @J12934 (#97)
• Add missing permissions to ci group @J12934 (#95)

🔧 Maintenance

• Update elastic client dependencies to 6.8.1 @J12934 (#92)

v1.0.4

🐛 Bug Fixes

• Fix bug preventing arachni form from getting submitted (#86)

v1.0.3 Minor Bug Fix

• Accept "/" in nmap target locations to support slash ranges

v1.0.2 Fixes for devs & Security Updates

• Fixed Scan Process Archetype, the archetype should now properly produce new scan processes which can be used without any further changes for straight forward process models.
• Updated Spring Boot Version to fix a potential security vulnerability
• Fixed minor naming inconsistencies of internal components
• Including the securityTest context in the elasticsearch securityTest document

v1.0.1 API Fixes & Dependency Updates

• Fixed API Markdown Export by updating the dependencies and including the correct dependency repository
• Updated dependency version of vulnarable aws sdk of the s3 persistence provider

v1.0.0 First Stable Release

secureCodeBox 🔒 v1.0.0 🎉

This is our first non beta release!
This release added a bunch of stuff and we have done a lot to improve the general stability.

Mayor Changes

• DefectDojo persistence provider allowing you to import your findings into DefectDojo. See the persistence provider docs for setup instructions.
• Updated Camunda from 7.8 to 7.10
  • Note this requires database upgrades. SQL migration files are provided directly by camunda see:
    • 7.8 to 7.9: https://docs.camunda.org/manual/7.10/update/minor/78-to-79/#database-updates
    • 7.9 to 7.10: https://docs.camunda.org/manual/7.10/update/minor/79-to-710/#database-updates
• Updated the API
  • Introduced new securityTest Concept abstracting from the camunda processes, with all related information attached to it.
  • Removed the "start process" endpoint and replaced it with the securityTest endpoint enabling you to start securityTest and retrieve their status and results without worrying about the concrete camunda processes.
  • Introduced a concept for adding some additional meta-data informations to securityTest
    • helpful if you automate the securityTest execution with your buildserver (e.g. Jenkins) and add the build-reference as meta data to your securityTest
  • Added BasicAuth for engine to scanner communication
  • Added engine health endpoint
• Direct HTTPS support without a separate proxy server
• Introduced Docker Healthchecks for engine and scanner container