Skip to content

feat(parsers): add Orca Security CSV and JSON parser#14450

Open
skywalke34 wants to merge 13 commits intoDefectDojo:devfrom
skywalke34:orca-security-parser
Open

feat(parsers): add Orca Security CSV and JSON parser#14450
skywalke34 wants to merge 13 commits intoDefectDojo:devfrom
skywalke34:orca-security-parser

Conversation

@skywalke34
Copy link
Contributor

@skywalke34 skywalke34 commented Mar 5, 2026

Description

New parser for Orca Security. Orca Security is a cloud security platform that provides agentless security and compliance for AWS, Azure, GCP, and Kubernetes environments.

The parser:

  • Parses both CSV and JSON alert exports from Orca Security
  • Auto-detects file format (JSON arrays start with [, otherwise CSV)
  • Maps 12 CSV fields and 10 JSON fields to DefectDojo Finding fields
  • Converts OrcaScore (float 0-10) to DefectDojo severity levels
  • Stores Orca labels as finding tags for searchability
  • Sets active/inactive status based on Orca alert status
  • Uses hashcode deduplication via title + component_name configured in settings.dist.py

Note on Category field: Category metadata (e.g., "IAM misconfigurations") is included in the structured markdown description alongside other alert metadata, rather than as a tag. Orca's Labels field is stored as tags.

Test results

7 unit tests covering:

  • CSV: no findings, one finding, many findings (all severity levels)
  • JSON: no findings, one finding, many findings (all severity levels)
  • Cross-format: date parsing verification

Documentation

Parser documentation at docs/content/supported_tools/parsers/file/orca_security.md

Checklist

  • Rebased against the very latest dev
  • Submitted against dev branch
  • Meaningful PR name
  • Code is flake8/ruff compliant
  • Code is Python 3.13 compliant
  • Documentation included
  • No model changes, no migrations needed
  • Unit tests included (7 tests)
  • Deduplication configured in settings.dist.py (hashcode: title + component_name)
  • Label: Import Scans (maintainer to apply if needed)

Authored by T. Walker - DefectDojo

skywalke34 added 12 commits March 5, 2026 13:46
@skywalke34
test: add Orca Security parser sample scan files
4ec75ad 
Authored by T. Walker - DefectDojo
@skywalke34
test: add Orca Security parser unit tests (failing, TDD)
87ad00f 
Authored by T. Walker - DefectDojo
@skywalke34
feat: add Orca Security parser stubs and shared utility functions
526add9 
Authored by T. Walker - DefectDojo
@skywalke34
feat: implement Orca Security CSV parser
739bf20 
Extract shared helper functions into helpers.py to avoid circular
imports between parser.py and csv_parser.py. The CSV parser reads
Orca Security alert exports and maps fields to DefectDojo findings.

Authored by T. Walker - DefectDojo
@skywalke34
feat: implement Orca Security JSON parser
b3e1121 
Authored by T. Walker - DefectDojo
@skywalke34
style: fix linting issues in Orca Security parser
b812955 
Authored by T. Walker - DefectDojo
@skywalke34
docs: add Orca Security parser documentation
9c7cf0b 
Authored by T. Walker - DefectDojo
@skywalke34
feat: improve Orca Security parser field mappings
7226e82 
- Source now populates 'service' field
- OrcaScore populates severity_justification as 'OrcaScore: X.X'
- Labels now populate finding tags (unsaved_tags)
- unique_id_from_tool changed to hash(CloudAccount.Name|Inventory.Name|Title)

Authored by T. Walker - DefectDojo
@skywalke34
docs: update Orca Security parser documentation for improved mappings
e23c496 
- Updated deduplication hash fields (CloudAccount.Name|Inventory.Name|Title)
- Added service field mapping from Source
- Added severity_justification field mapping from OrcaScore
- Added tags field mapping from Labels
- Updated line number references throughout
- Added new Special Processing Notes sections

Authored by T. Walker - DefectDojo
@skywalke34
docs: add docstrings and comments to Orca Security parser
5745799 
Add comprehensive docstrings to helpers.py with function descriptions,
parameter documentation, and return value documentation.

Simplify class docstrings in parser files to match DefectDojo conventions.

Authored by T. Walker - DefectDojo
@skywalke34
fix: add dedup config, increase title limit, remove doc line numbers
4b904ef 
- Add DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL entry for Orca Security Alerts
  in settings.dist.py
- Increase title truncation from 150 to 500 characters
- Remove line number references from documentation tables and prose
- Clean up parser.py imports (remove unused helper re-exports)

Authored by T. Walker - DefectDojo
@skywalke34
refactor: switch dedup from unique_id_from_tool to hashcode algorithm
931c619 
Reviewers have indicated parsers should not compute unique_id_from_tool.
Switch to DEDUPE_ALGO_HASH_CODE using title + component_name fields
configured in settings.dist.py.

- Remove build_unique_id helper and hashlib import
- Remove unique_id_from_tool from CSV and JSON parsers
- Add HASHCODE_FIELDS_PER_SCANNER entry for Orca Security Alerts
- Change DEDUPLICATION_ALGORITHM_PER_PARSER to DEDUPE_ALGO_HASH_CODE
- Update tests and documentation to reflect new dedup approach

Authored by T. Walker - DefectDojo
@github-actions github-actions bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR docs unittests parser labels Mar 5, 2026
@skywalke34
chore: retrigger CI (runner cancellation on arm64)
9765bc9 
Authored by T. Walker - DefectDojo
@valentijnscholten valentijnscholten added this to the 2.57.0 milestone Mar 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

@valentijnscholten valentijnscholten Awaiting requested review from valentijnscholten

@dogboat dogboat Awaiting requested review from dogboat

@blakeaowens blakeaowens Awaiting requested review from blakeaowens

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

docs parser settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR unittests

Projects

None yet

Milestone

2.57.0

Development

Successfully merging this pull request may close these issues.

3 participants

@skywalke34 @Maffooch @valentijnscholten