Skip to content

Make KEV data visible on findings listing #12785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 18, 2025
Merged

Make KEV data visible on findings listing #12785

merged 5 commits into from
Jul 18, 2025

Conversation

dogboat
Copy link
Contributor

@dogboat dogboat commented Jul 15, 2025

This PR displays KEV-related data (known exploited/used in ransomware/kev added date) stored on the Finding model to the Finding listing pages (all/open/closed/risk accepted). It also adds basic filtering against those fields.

Listing page view:
Screenshot 2025-07-15 at 1 17 32 PM

Filter view:
Screenshot 2025-07-15 at 1 07 35 PM

@github-actions github-actions bot added the ui label Jul 15, 2025
@dogboat
Copy link
Contributor Author

dogboat commented Jul 15, 2025

[sc-11506]

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security

No security concerns detected in this pull request.

All finding details can be found in the DryRun Security Dashboard.

valentijnscholten
valentijnscholten reviewed Jul 15, 2025
View reviewed changes
Copy link
Member

@valentijnscholten valentijnscholten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it sufficient to only be able to filter by the exact KEV date? I can imagine users want to do a weekly search to find out "which findings where added to KEV since last week"?
I also realize adding before/after fields may clutter the UI more.

@valentijnscholten valentijnscholten added this to the 2.48.2 milestone Jul 15, 2025
@dogboat
Copy link
Contributor Author

dogboat commented Jul 16, 2025

Is it sufficient to only be able to filter by the exact KEV date? I can imagine users want to do a weekly search to find out "which findings where added to KEV since last week"? I also realize adding before/after fields may clutter the UI more.

Yeah good point! I've added before/after filters for it. Does add a bit more to the UI, but it's already got a lot there so maybe it's not too much? Let me know what you think, and thanks for pointing this out, I think these are very useful.

Screenshot 2025-07-16 at 10 03 38 AM

@Maffooch Maffooch requested a review from blakeaowens July 16, 2025 16:46
@80998
Copy link

80998 commented Jul 16, 2025

Yes very good idea, I want to know if they are on the KEV also, excellent update coming ☝️🥹

@valentijnscholten valentijnscholten changed the title KEV data on findings listing Make KEV data visible on findings listing Jul 16, 2025
mtesauro
mtesauro approved these changes Jul 18, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 88716e5 into DefectDojo:bugfix Jul 18, 2025
85 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees
No one assigned
Labels
ui
Projects
None yet
Milestone
2.48.2
Development

Successfully merging this pull request may close these issues.
6 participants
@dogboat @80998 @mtesauro @valentijnscholten @Maffooch @blakeaowens