diff --git a/content/posts/commits/2026-04-15-commit-4fa26f4.md b/content/posts/commits/2026-04-15-commit-4fa26f4.md new file mode 100644 index 0000000..10f2d8e --- /dev/null +++ b/content/posts/commits/2026-04-15-commit-4fa26f4.md @@ -0,0 +1,97 @@ +--- +title: "[bojemoi] feat(vuln-mgmt): migrate Faraday CE → DefectDojo" +date: 2026-04-15T23:00:02+02:00 +draft: false +tags: ["commit", "bojemoi", "main"] +categories: ["Git Activity"] +summary: "Commit 4fa26f4 par Betty dans bojemoi" +author: "Betty" +--- + +## Commit `4fa26f4` + +| | | +|---|---| +| **Repository** | bojemoi | +| **Branch** | `main` | +| **Author** | Betty | +| **Hash** | `4fa26f4a4ccf477472a6642963dcd9578daf9b83` | + + +### Description + +Replace Faraday CE with DefectDojo across the full stack: + +- stack/70-service-defectdojo.yml: new stack (nginx+uwsgi+celery+initializer+triage) +- mcp-server/tools/defectdojo.py: DefectDojo API v2 client (list_products, get_findings, add_finding) +- medved/honeypot/defectdojo_reporter.py: token-based reporter, idempotent DB column migration +- faraday-triage/triage.py: rewrite to use REST API instead of direct PostgreSQL access +- borodino, nuclei-api, zap-scanner: FARADAY_* → DEFECTDOJO_* env vars + dojo_api_token secret +- nginx: faraday.conf → defectdojo.conf, upstream faraday → defectdojo +- prometheus: FaradayDown → DefectDojoDown, faraday_vulnerabilities → triage_findings_pending + +Fixes: NYM_PROXY :+ interpolation, postgres role password sync, uwsgi DNS alias, + node.labels.defectdojo=true on meta-68, old honeypot stack removal. + +Co-Authored-By: Claude Sonnet 4.6 + +### Files Changed + +``` +A faraday-triage/Dockerfile +A faraday-triage/requirements.txt +A faraday-triage/triage.py +M mcp-server/server.py +A mcp-server/tools/defectdojo.py +D mcp-server/tools/faraday.py +M medved/honeypot/config.py +M medved/honeypot/db.py +A medved/honeypot/defectdojo_reporter.py +D medved/honeypot/faraday_reporter.py +M medved/honeypot/main.py +M medved/honeypot/metrics.py +M oblast-1/zap_scanner.py +M samsonov/nuclei_api/main.py +D samsonov/pentest_orchestrator/plugins/plugin_faraday.py +M stack/40-service-borodino.yml +M stack/49-service-mcp.yml +M stack/65-service-medved.yml +A stack/70-service-defectdojo.yml +M volumes/nginx/conf.d/default.conf +A volumes/nginx/conf.d/sites/defectdojo.conf +D volumes/nginx/conf.d/sites/faraday.conf +M volumes/nginx/conf.d/upstreams/upstreams.conf +M volumes/prometheus/rules/alert_rules.yml +M volumes/prometheus/rules/alerts.yml +``` + +### Diff Summary + +``` + faraday-triage/Dockerfile | 10 + + faraday-triage/requirements.txt | 3 + + faraday-triage/triage.py | 354 ++++++++++++++ + mcp-server/server.py | 49 +- + mcp-server/tools/defectdojo.py | 190 ++++++++ + mcp-server/tools/faraday.py | 126 ----- + medved/honeypot/config.py | 16 +- + medved/honeypot/db.py | 29 +- + medved/honeypot/defectdojo_reporter.py | 234 +++++++++ + medved/honeypot/faraday_reporter.py | 200 -------- + medved/honeypot/main.py | 6 +- + medved/honeypot/metrics.py | 6 +- + oblast-1/zap_scanner.py | 212 ++++++--- + samsonov/nuclei_api/main.py | 212 +++++---- + .../pentest_orchestrator/plugins/plugin_faraday.py | 522 --------------------- + stack/40-service-borodino.yml | 99 +--- + stack/49-service-mcp.yml | 7 +- + stack/65-service-medved.yml | 14 +- + stack/70-service-defectdojo.yml | 295 ++++++++++++ + volumes/nginx/conf.d/default.conf | 6 +- + volumes/nginx/conf.d/sites/defectdojo.conf | 31 ++ + volumes/nginx/conf.d/sites/faraday.conf | 65 --- + volumes/nginx/conf.d/upstreams/upstreams.conf | 6 +- + volumes/prometheus/rules/alert_rules.yml | 8 +- + volumes/prometheus/rules/alerts.yml | 52 +- + 25 files changed, 1502 insertions(+), 1250 deletions(-) +```