Skip to content

feat(parsers): add Orca Security CSV and JSON parser#14450

Merged
Maffooch merged 13 commits intoDefectDojo:devfrom
skywalke34:orca-security-parser
Mar 11, 2026
Merged

feat(parsers): add Orca Security CSV and JSON parser#14450
Maffooch merged 13 commits intoDefectDojo:devfrom
skywalke34:orca-security-parser

Conversation

@skywalke34
Copy link
Copy Markdown
Contributor

@skywalke34 skywalke34 commented Mar 5, 2026

Description

New parser for Orca Security. Orca Security is a cloud security platform that provides agentless security and compliance for AWS, Azure, GCP, and Kubernetes environments.

The parser:

  • Parses both CSV and JSON alert exports from Orca Security
  • Auto-detects file format (JSON arrays start with [, otherwise CSV)
  • Maps 12 CSV fields and 10 JSON fields to DefectDojo Finding fields
  • Converts OrcaScore (float 0-10) to DefectDojo severity levels
  • Stores Orca labels as finding tags for searchability
  • Sets active/inactive status based on Orca alert status
  • Uses hashcode deduplication via title + component_name configured in settings.dist.py

Note on Category field: Category metadata (e.g., "IAM misconfigurations") is included in the structured markdown description alongside other alert metadata, rather than as a tag. Orca's Labels field is stored as tags.

Test results

7 unit tests covering:

  • CSV: no findings, one finding, many findings (all severity levels)
  • JSON: no findings, one finding, many findings (all severity levels)
  • Cross-format: date parsing verification

Documentation

Parser documentation at docs/content/supported_tools/parsers/file/orca_security.md

Checklist

  • Rebased against the very latest dev
  • Submitted against dev branch
  • Meaningful PR name
  • Code is flake8/ruff compliant
  • Code is Python 3.13 compliant
  • Documentation included
  • No model changes, no migrations needed
  • Unit tests included (7 tests)
  • Deduplication configured in settings.dist.py (hashcode: title + component_name)
  • Label: Import Scans (maintainer to apply if needed)

Authored by T. Walker - DefectDojo

skywalke34 added 12 commits March 5, 2026 13:46
@skywalke34
test: add Orca Security parser sample scan files
4ec75ad 
Authored by T. Walker - DefectDojo
@skywalke34
test: add Orca Security parser unit tests (failing, TDD)
87ad00f 
Authored by T. Walker - DefectDojo
@skywalke34
feat: add Orca Security parser stubs and shared utility functions
526add9 
Authored by T. Walker - DefectDojo
@skywalke34
feat: implement Orca Security CSV parser
739bf20 
Extract shared helper functions into helpers.py to avoid circular
imports between parser.py and csv_parser.py. The CSV parser reads
Orca Security alert exports and maps fields to DefectDojo findings.

Authored by T. Walker - DefectDojo
@skywalke34
feat: implement Orca Security JSON parser
b3e1121 
Authored by T. Walker - DefectDojo
@skywalke34
style: fix linting issues in Orca Security parser
b812955 
Authored by T. Walker - DefectDojo
@skywalke34
docs: add Orca Security parser documentation
9c7cf0b 
Authored by T. Walker - DefectDojo
@skywalke34
feat: improve Orca Security parser field mappings
7226e82 
- Source now populates 'service' field
- OrcaScore populates severity_justification as 'OrcaScore: X.X'
- Labels now populate finding tags (unsaved_tags)
- unique_id_from_tool changed to hash(CloudAccount.Name|Inventory.Name|Title)

Authored by T. Walker - DefectDojo
@skywalke34
docs: update Orca Security parser documentation for improved mappings
e23c496 
- Updated deduplication hash fields (CloudAccount.Name|Inventory.Name|Title)
- Added service field mapping from Source
- Added severity_justification field mapping from OrcaScore
- Added tags field mapping from Labels
- Updated line number references throughout
- Added new Special Processing Notes sections

Authored by T. Walker - DefectDojo
@skywalke34
docs: add docstrings and comments to Orca Security parser
5745799 
Add comprehensive docstrings to helpers.py with function descriptions,
parameter documentation, and return value documentation.

Simplify class docstrings in parser files to match DefectDojo conventions.

Authored by T. Walker - DefectDojo
@skywalke34
fix: add dedup config, increase title limit, remove doc line numbers
4b904ef 
- Add DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL entry for Orca Security Alerts
  in settings.dist.py
- Increase title truncation from 150 to 500 characters
- Remove line number references from documentation tables and prose
- Clean up parser.py imports (remove unused helper re-exports)

Authored by T. Walker - DefectDojo
@skywalke34
refactor: switch dedup from unique_id_from_tool to hashcode algorithm
931c619 
Reviewers have indicated parsers should not compute unique_id_from_tool.
Switch to DEDUPE_ALGO_HASH_CODE using title + component_name fields
configured in settings.dist.py.

- Remove build_unique_id helper and hashlib import
- Remove unique_id_from_tool from CSV and JSON parsers
- Add HASHCODE_FIELDS_PER_SCANNER entry for Orca Security Alerts
- Change DEDUPLICATION_ALGORITHM_PER_PARSER to DEDUPE_ALGO_HASH_CODE
- Update tests and documentation to reflect new dedup approach

Authored by T. Walker - DefectDojo
@github-actions github-actions bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR docs unittests parser labels Mar 5, 2026
@skywalke34
chore: retrigger CI (runner cancellation on arm64)
9765bc9 
Authored by T. Walker - DefectDojo
@valentijnscholten valentijnscholten added this to the 2.57.0 milestone Mar 9, 2026
mtesauro
mtesauro approved these changes Mar 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 7dfabd6 into DefectDojo:dev Mar 11, 2026
284 checks passed
valentijnscholten pushed a commit to valentijnscholten/django-DefectDojo that referenced this pull request Mar 13, 2026
@skywalke34 @valentijnscholten
feat(parsers): add Orca Security CSV and JSON parser (DefectDojo#14450)
f803173 
* test: add Orca Security parser sample scan files

Authored by T. Walker - DefectDojo

* test: add Orca Security parser unit tests (failing, TDD)

Authored by T. Walker - DefectDojo

* feat: add Orca Security parser stubs and shared utility functions

Authored by T. Walker - DefectDojo

* feat: implement Orca Security CSV parser

Extract shared helper functions into helpers.py to avoid circular
imports between parser.py and csv_parser.py. The CSV parser reads
Orca Security alert exports and maps fields to DefectDojo findings.

Authored by T. Walker - DefectDojo

* feat: implement Orca Security JSON parser

Authored by T. Walker - DefectDojo

* style: fix linting issues in Orca Security parser

Authored by T. Walker - DefectDojo

* docs: add Orca Security parser documentation

Authored by T. Walker - DefectDojo

* feat: improve Orca Security parser field mappings

- Source now populates 'service' field
- OrcaScore populates severity_justification as 'OrcaScore: X.X'
- Labels now populate finding tags (unsaved_tags)
- unique_id_from_tool changed to hash(CloudAccount.Name|Inventory.Name|Title)

Authored by T. Walker - DefectDojo

* docs: update Orca Security parser documentation for improved mappings

- Updated deduplication hash fields (CloudAccount.Name|Inventory.Name|Title)
- Added service field mapping from Source
- Added severity_justification field mapping from OrcaScore
- Added tags field mapping from Labels
- Updated line number references throughout
- Added new Special Processing Notes sections

Authored by T. Walker - DefectDojo

* docs: add docstrings and comments to Orca Security parser

Add comprehensive docstrings to helpers.py with function descriptions,
parameter documentation, and return value documentation.

Simplify class docstrings in parser files to match DefectDojo conventions.

Authored by T. Walker - DefectDojo

* fix: add dedup config, increase title limit, remove doc line numbers

- Add DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL entry for Orca Security Alerts
  in settings.dist.py
- Increase title truncation from 150 to 500 characters
- Remove line number references from documentation tables and prose
- Clean up parser.py imports (remove unused helper re-exports)

Authored by T. Walker - DefectDojo

* refactor: switch dedup from unique_id_from_tool to hashcode algorithm

Reviewers have indicated parsers should not compute unique_id_from_tool.
Switch to DEDUPE_ALGO_HASH_CODE using title + component_name fields
configured in settings.dist.py.

- Remove build_unique_id helper and hashlib import
- Remove unique_id_from_tool from CSV and JSON parsers
- Add HASHCODE_FIELDS_PER_SCANNER entry for Orca Security Alerts
- Change DEDUPLICATION_ALGORITHM_PER_PARSER to DEDUPE_ALGO_HASH_CODE
- Update tests and documentation to reflect new dedup approach

Authored by T. Walker - DefectDojo

* chore: retrigger CI (runner cancellation on arm64)

Authored by T. Walker - DefectDojo
tejas0077 pushed a commit to tejas0077/django-DefectDojo that referenced this pull request Mar 30, 2026
@skywalke34
feat(parsers): add Orca Security CSV and JSON parser (DefectDojo#14450)
829b510 
* test: add Orca Security parser sample scan files

Authored by T. Walker - DefectDojo

* test: add Orca Security parser unit tests (failing, TDD)

Authored by T. Walker - DefectDojo

* feat: add Orca Security parser stubs and shared utility functions

Authored by T. Walker - DefectDojo

* feat: implement Orca Security CSV parser

Extract shared helper functions into helpers.py to avoid circular
imports between parser.py and csv_parser.py. The CSV parser reads
Orca Security alert exports and maps fields to DefectDojo findings.

Authored by T. Walker - DefectDojo

* feat: implement Orca Security JSON parser

Authored by T. Walker - DefectDojo

* style: fix linting issues in Orca Security parser

Authored by T. Walker - DefectDojo

* docs: add Orca Security parser documentation

Authored by T. Walker - DefectDojo

* feat: improve Orca Security parser field mappings

- Source now populates 'service' field
- OrcaScore populates severity_justification as 'OrcaScore: X.X'
- Labels now populate finding tags (unsaved_tags)
- unique_id_from_tool changed to hash(CloudAccount.Name|Inventory.Name|Title)

Authored by T. Walker - DefectDojo

* docs: update Orca Security parser documentation for improved mappings

- Updated deduplication hash fields (CloudAccount.Name|Inventory.Name|Title)
- Added service field mapping from Source
- Added severity_justification field mapping from OrcaScore
- Added tags field mapping from Labels
- Updated line number references throughout
- Added new Special Processing Notes sections

Authored by T. Walker - DefectDojo

* docs: add docstrings and comments to Orca Security parser

Add comprehensive docstrings to helpers.py with function descriptions,
parameter documentation, and return value documentation.

Simplify class docstrings in parser files to match DefectDojo conventions.

Authored by T. Walker - DefectDojo

* fix: add dedup config, increase title limit, remove doc line numbers

- Add DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL entry for Orca Security Alerts
  in settings.dist.py
- Increase title truncation from 150 to 500 characters
- Remove line number references from documentation tables and prose
- Clean up parser.py imports (remove unused helper re-exports)

Authored by T. Walker - DefectDojo

* refactor: switch dedup from unique_id_from_tool to hashcode algorithm

Reviewers have indicated parsers should not compute unique_id_from_tool.
Switch to DEDUPE_ALGO_HASH_CODE using title + component_name fields
configured in settings.dist.py.

- Remove build_unique_id helper and hashlib import
- Remove unique_id_from_tool from CSV and JSON parsers
- Add HASHCODE_FIELDS_PER_SCANNER entry for Orca Security Alerts
- Change DEDUPLICATION_ALGORITHM_PER_PARSER to DEDUPE_ALGO_HASH_CODE
- Update tests and documentation to reflect new dedup approach

Authored by T. Walker - DefectDojo

* chore: retrigger CI (runner cancellation on arm64)

Authored by T. Walker - DefectDojo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

@valentijnscholten valentijnscholten Awaiting requested review from valentijnscholten

Assignees

No one assigned

Labels

docs parser settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR unittests

Projects

None yet

Milestone

2.57.0

Development

Successfully merging this pull request may close these issues.

6 participants

@skywalke34 @mtesauro @dogboat @Maffooch @blakeaowens @valentijnscholten