Groups allow for an email address that is intended to hold an email distribution address. This distribution address could include all of the members of the group, just a few of the members, or maybe even some folks that do not have access to DefectDojo at all.
Findings can now have owners in the form of the groups! Only groups that have access to the product type or product of a given finding can be designated as the owner of that finding.
Findings can be filtered by their respective owners to allow personalized lists of findings. This allows for each member of a group to see and easily manage only the findings they are responsible for actioning. Acceptable filters on any finding list page are as follows:
Owners Digests is a scheduled notification that alerts finding owners of the findings that they are responsible for. To enable this type of notification, email base notifications must first be enabeled in the System Settings menu.
Notifications are sent out at 9:00 AM within the timezone that is set within your DefectDojo server. Frequency of the these notifications can be set according to the following:
The content of the email message is as follows:
Please review the current vulnerabilities for which you are assigned here.
As a reminder, it is company policy to remediate these issues in accordance with our vulnerability SLA’s which are displayed in the above link.
Where “here” is a URL to filter the list of all findings to those owned by the given group.
Notifications come in three scopes: