Skip to content

Commit 1e1f721

Browse files
committed
Merge branch 'release/2.16.0'
2 parents 0574b7d + 10bed13 commit 1e1f721

25 files changed

Lines changed: 132 additions & 21 deletions

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,8 @@ Since data is pulled from YWH platform to your server, only regular outbound web
4848
- servicenow
4949

5050
## Changelog
51+
- v2.16:
52+
- report pdf attachment for Jira issue
5153
- v2.15:
5254
- automatic management of program slugs
5355
- link to reports from the same program

docs/User-Guide.md

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ only regular outbound web connections need to be authorized on your server.
1919
# Requirements
2020

2121
- `python` >=3.8,<=3.12
22-
- [`pip`](https://pip.pypa.io/en/stable/installing/)
22+
- [`pip`](https://pip.pypa.io/en/stable/installation/)
2323

2424
To use it on your program, while maintaining the maximum security, the tool requires you create a Personal Access Token
2525
on the [Yes We Hack platform][YesWeHack-Platform] with the role "Program Bug Tracker" for the desired program.
@@ -69,6 +69,8 @@ See `docker run yeswehack/ywh2bugtracker -h` or `docker run yeswehack/ywh2bugtra
6969
since the report is from this point considered valid.
7070
* Subsequent returns to "Ask for integration" status won’t create another issue.
7171
2. The types of comments synchronized depends on [configuration](#yes-we-hack-integration):
72+
* Program type filter for synchronization:
73+
![Program type options](img/ui-yeswehack-program-type-options.png)
7274
* Updates pushed from reports to issues:
7375
![Synchronization options](img/ui-yeswehack-synchronization-options.png)
7476
* Updates pushed from issues to reports:
@@ -209,10 +211,16 @@ cannot have the two-factor authentication enabled.
209211
- **Password**: Jira API token previously created.
210212
- **Project slug**: project key as defined in Jira (see _Project settings > Details > Key_).
211213
- **Verify TLS**: whether to verify if the API server's TLS certificate is valid.
212-
- **Issue type**: type of issue to be created (in Jira, see _Project settings > Issue types_
214+
- **Vulnerability issue type**: type of issue to be created (in Jira, see _Project settings > Issue types_
213215
for a list of valid types). **This value is sensitive to the Jira account language.**
214-
- **Issue closed status**: name of the workflow status for which the issue is considered closed/done. **This value is
216+
- **Vulnerability issue closed status**: name of the workflow status for which the issue is considered closed/done. **This value is
215217
sensitive to the Jira account language.**
218+
- **Group by program**: whether to add a parent issue corresponding to the program
219+
- **Program work item type**: type of issue to be created (in Jira, see _Project settings > Issue types_
220+
for a list of valid types). **This value is sensitive to the Jira account language.**
221+
- **Report in PDF**: when enabled, the Jira issue will only contain the report title and a link to YesWeHack.
222+
The full report is exported as PDF from YesWeHack and attached to the Jira issue.
223+
This avoids copying sensitive report content (e.g., payloads) directly into the issue description.
216224

217225
#### ServiceNow integration
218226

@@ -283,7 +291,8 @@ that can be downloaded from the [Yes We Hack platform][YesWeHack-Platform].
283291
See [Requirements](#requirements-5).
284292
- **Verify TLS**: whether to verify if the API server's TLS certificate is valid.
285293
- **Programs**: a list of programs to be synchronized.
286-
- **Program slug**: a program slug.
294+
- **Criteria title**: name your configuration.
295+
- **Program slugs**: one or more program slug (separated by a coma).
287296
- **Synchronization options**: options for synchronizing a Yes We Hack report with the bug tracker.
288297
- **Upload private comments**: whether to upload the reports private comments into the bug tracker.
289298
- **Upload assignments comments**: whether to upload the reports assignments comments into the bug tracker.
@@ -293,6 +302,8 @@ that can be downloaded from the [Yes We Hack platform][YesWeHack-Platform].
293302
- **Upload priority updates**: whether to upload the reports priority updates into the bug tracker.
294303
- **Upload rewards**: whether to upload the reports rewards into the bug tracker.
295304
- **Upload status updates**: whether to upload the reports status updates into the bug tracker.
305+
- **Upload transfer updates**: whether to upload the reports transfer updates into the bug tracker.
306+
- **Upload triage status updates**: whether to upload the reports triage status updates into the bug tracker.
296307
- **Recreate missing issues**: whether to recreate issues that were created by a previous synchronization but are not found into the bug tracker anymore.
297308
- **Feedback options**: options for synchronizing bug trackers issues with Yes We Hack reports.
298309
- **Download bug trackers comments**: whether to download comments from the bug tracker

docs/examples/example.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,16 @@ bugtrackers:
55
login: bender@my-company.com
66
password: wFs2wr0&i38#gLNI@6BBuIKIDiY4h6gJ
77
project: my-project
8+
verify: true
89
yeswehack:
910
my-project-bug-bounty:
1011
pat: 83eb3105-43a6-4c61-bf22-5f4b1a89cd6f
12+
verify: false
1113
programs:
1214
- slug: my-company-my-project
1315
synchronize_options:
1416
upload_private_comments: true
1517
upload_public_comments: true
18+
feedback_options: {}
1619
bugtrackers_name:
1720
- tracker-jira-my-project

docs/img/ui-github-empty.png

30.7 KB
Loading

docs/img/ui-gitlab-empty.png

29.1 KB
Loading

docs/img/ui-jira-empty.png

44.1 KB
Loading

docs/img/ui-servicenow-empty.png

27.5 KB
Loading

docs/img/ui-yeswehack-empty.png

55.3 KB
Loading
22.3 KB
Loading
32.3 KB
Loading

0 commit comments

Comments
 (0)