Setup::Kits#new - offer more options to choose from#1503
Merged
caitmich merged 27 commits intorelease-5.0.0from Mar 20, 2026
Merged
Setup::Kits#new - offer more options to choose from#1503caitmich merged 27 commits intorelease-5.0.0from
caitmich merged 27 commits intorelease-5.0.0from
Conversation
Project and 3 HTML report variants
Makes the divider styles reusable across layouts by moving them from the inline block in hera/modules.scss into hera/modules/_divider.scss, and imports the module in setup/setup.scss so the divider is available in the setup flow.
Assumes new users are inexperienced, so predefined kits are now the primary options with a consistent horizontal layout. The no-kit "I got this!" option moves to the bottom behind an "or" divider. Consolidates btn-experience and btn-kit into a single class since they were always used together.
add /create-addon skill for scaffolding new Dradis addon gems
The templates filtered for Type 'Conclusions' which doesn't exist in the OWASP kit data. Replace with iteration over actual content block types (Document Control, Engagement Overview, Key Findings, Risk Posture, Recommendations, Appendix). Also normalize mixed CRLF/LF line endings in owasp.zip to LF only.
Define the field schema for new issues (with Liquid-computed Risk and Risk Score fields) and evidence entries in the OWASP kit.
New kit for adversary simulation assessments, showcasing a different approach from Welcome (infrastructure/CVSS) and OWASP (webapp/Impact x Likelihood). Uses direct severity assignment, ATT&CK tactic/technique mapping, and detection status tracking. Includes: - 10 sample findings across 7 ATT&CK tactics - Evidence with timestamps and host attribution - MITRE ATT&CK methodology board (12 phases, progress distributed) - Content blocks for Pro (Rules of Engagement through Appendix) - Kill Chain Ops HTML report template (after-action briefing style) - Issue and evidence note templates
aapomm
reviewed
Mar 18, 2026
| kit_folder = Rails.root.join('lib', 'tasks', 'templates', 'welcome').to_s | ||
| logger = Log.new.info('Loading Welcome kit...') | ||
| when :owasp, :welcome | ||
| kit_folder = Rails.root.join('lib', 'tasks', 'templates', @kit.to_s) |
Contributor
There was a problem hiding this comment.
We're converting the params from string to symbols (L46) then to string again here. What about skipping the symbols step entirely and just handle strings?
Member
Author
There was a problem hiding this comment.
the only minimal advantage is the use of @kit in a case/when, having symbols as keys is slightly better than matching strings. If anyone in the review chain feels strongly, I don't mind either way.
It was using the legacy AdvancedWordExport ready before.
Setup::Kits - add Red Team assessment kit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
From a single Welcome kit to a variety of options to try things go. The goal is to let people see how Dradis can be configured for different assessment types.
Check List