We greatly appreciate all of our contributors.
We would also like to highlight the contributions from Michael Dong and Fatimah Zohra who contributed to DefectDojo before it was open source.
Before submitting, please ensure that you are using the latests code by performing a git pull.
Please include your operating system name, your operating system version number (16.04, 18.6, etc), and the dojo install type you are using (setup.bash, docker, k8s, etc).
Bugs that do not have this information will be closed.
Here are a few things to keep in mind when making changes to DefectDojo.
Please see the parser guide for guidance on how to write a parser.
Please use these test scripts to test your changes. These are the scripts we run in our integration tests.
For changes that require additional settings, you can now use local_settings.py file. See the logging section below for more information.
For compatibility reasons, the code in dev branch should be python3.11 compliant.
With the exception of new parsers and parser improvements, it is recomended that you get in touch with us to discuss changes prior to dedicating time and resources. We are working on defining clear guidelines on direction and acceptable PRs, but in the meantime, please get in touch with a core mod or a maintainer on Slack.
The following are things to consider before submitting a pull request to DefectDojo.
-
Base your PR against the
devorbugfixbranch, unless discussed otherwise with the maintainers -
Make sure that the install is working properly.
-
All tests found in these test scripts should be passing.
-
All submitted code should conform to PEP8 standards.
-
See flake8 built-in commit hooks on how to easily check for for pep8 with flake8 before comitting.
-
Pull requests should be submitted to the
devorbugfixbranch. -
In dev branch, the code should be python 3.11 compliant.