All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Severity Prioritization is now enabled by default, and will honor recast risks in IO #145 #121
- New Finding Severity field added #145 #121
- Addressed conditional Jira error when a paragraph has a zero-length string. #144
- Environmental subtask filtering #112 #117
- Updated issuetype checker to use updated Jira APIs #111
- Addressed bug introduced by fixing the timing issue in #107
- Refactored the service loop to reduce complexity and make its intentions more clear. #107
- Addressed timing gaps in the daemonization process #107
- Addressed issue with Jira summary field expecting fields to never be over 255 char. #102
- Issue identified with yaml.load() method that was insecure. switched to safe_load instead.
- Ability to pull vulns by
first_foundas well aslast_found. This has been explained within a new section of the readme. #100
- Arrow version 1.x changes timestamp interface #103
- Tags with spaces are getting split by Jira #98
- Severity Prioritization was only being handled on the issue, not subissue #96
- README not described the TYPE of Jira project being created. #90
- Asset Metadata merging was missing tagging data after changes made to support #74/#80
- Tenable Asset UUID now populated with agent UUID when using Tenable.sc
dry_runboolean param within the config to dump the raw vuln, generate issue, and generate sub-issue to help identify problems. In this mode, no tickets are actually created within Jira.
- Vuln Export API changed, making the default behavior undesirable.
- Added default age to exports for Tenable.io. It's possible to override this with the
tenable.tio_ageparameter. - Added ability to transform tags into asset attributes #74 #80
- If no custom fields are listed, then the script will fail. set a default null list if unspecified.
- Added ability to pass custom field definitions from the config without overloading the existing ones (additive definitions)
- Always add all asset attributes to the vuln doc (open AND fixed).
- Added ability to merge asset data into vuln instance tickets
- Added ability to set Jira priority based on severity.
- Removed accidental test value used for force a failure condition.
- Added ability to ignore Jira Cloud API errors via config setting.
- The Jira Field id should reliably return on the first match
- Asset tag support for Tenable.io
- Autoclosing of terminated and deleted assets
- Additional debug reporting.
- Closing methods are now more centralized.
- Patch publication wasn't a screen field.
- First Seen and Last Seen in Tenable.io is actually first_found and last_found #45
- Added Patch Publication Date to base config #45
- Addition of admin checking in CLI broke IO integration. #42
- Optional support for filtering based on VPR #41
- Optional auto-closing of accepted risks #8
- Logging if the IO API Keys aren't tied to an admin-level account.
- Added optional parameter to ignore accepted risks in Tenable.io #8
- Added
--troubleshootcommandline flag to generate output to use to help issue resolution.
- Tenable Platform custom field wasn't getting the appropriate value in JQL searches, resulting in duplication #16
- Embedded config referred to "Device IPv4" instead of "Device IPv4 Addresses" #15
- Info logging will now output the field, screens, and tab IDs.
- Jira field lengths cannot exceed 32767 chars. #13
- Generified the Issue closing error log to avoid type mismatches #4
- Setup-only mode to support configuration generation #1
- Tenable.sc support for ticket creation and management #2
- pyYAML compiled loaders switched for interpreted ones for compatability #7
- Screen pagination wasn't being handled properly #3
- pyYAML wasn't defined as a requirement #6
- Closed transition states are now configurable. #4
- Support for a separate setup job #1
- Initial Version