diff --git a/.github/workflows/build-docker-images-for-testing.yml b/.github/workflows/build-docker-images-for-testing.yml index cd9c549494e..245b340ba36 100644 --- a/.github/workflows/build-docker-images-for-testing.yml +++ b/.github/workflows/build-docker-images-for-testing.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -28,14 +28,14 @@ jobs: run: echo "IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 with: buildkitd-flags: --debug driver-opts: image=moby/buildkit:master # needed to get the fix for https://github.com/moby/buildkit/issues/2426 - name: Build id: docker_build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 timeout-minutes: 10 env: DOCKER_BUILD_CHECKS_ANNOTATIONS: false @@ -49,7 +49,7 @@ jobs: # export docker images to be used in next jobs below - name: Upload image ${{ matrix.docker-image }} as artifact timeout-minutes: 10 - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: built-docker-image-${{ matrix.docker-image }}-${{ matrix.os }} path: ${{ matrix.docker-image }}-${{ matrix.os }}_img diff --git a/.github/workflows/cancel-outdated-workflow-runs.yml b/.github/workflows/cancel-outdated-workflow-runs.yml index d9e0ec074ad..1f984efa2ea 100644 --- a/.github/workflows/cancel-outdated-workflow-runs.yml +++ b/.github/workflows/cancel-outdated-workflow-runs.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 3 steps: - - uses: styfle/cancel-workflow-action@0.12.1 + - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1 with: workflow_id: 'integration-tests.yml,k8s-testing.yml,unit-tests.yml' access_token: ${{ github.token }} diff --git a/.github/workflows/detect-merge-conflicts.yaml b/.github/workflows/detect-merge-conflicts.yaml index 83041158702..934543cec4e 100644 --- a/.github/workflows/detect-merge-conflicts.yaml +++ b/.github/workflows/detect-merge-conflicts.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: check if prs are conflicted - uses: eps1lon/actions-label-merge-conflict@v3 + uses: eps1lon/actions-label-merge-conflict@1b1b1fcde06a9b3d089f3464c96417961dde1168 # v3.0.2 with: dirtyLabel: "conflicts-detected" repoToken: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/fetch-oas.yml b/.github/workflows/fetch-oas.yml index 5ec0aa9abad..cc5c499f22b 100644 --- a/.github/workflows/fetch-oas.yml +++ b/.github/workflows/fetch-oas.yml @@ -22,7 +22,7 @@ jobs: file-type: [yaml, json] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: release/${{ env.release_version }} @@ -51,7 +51,7 @@ jobs: run: docker compose down - name: Upload oas.${{ matrix.file-type }} as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: oas-${{ matrix.file-type }} path: oas.${{ matrix.file-type }} diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 8cabeeb588f..888cd7eb3e4 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -5,8 +5,6 @@ on: push: branches: - master - - dev - - bugfix # Taken from https://github.com/marketplace/actions/hugo-setup#%EF%B8%8F-workflow-for-autoprefixer-and-postcss-cli # Both builds have to be one worflow as otherwise one publish will overwrite the other @@ -15,18 +13,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Setup Hugo - uses: peaceiris/actions-hugo@v3 + uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 with: hugo-version: '0.125.3' extended: true - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: '22.5.1' - name: Cache dependencies - uses: actions/cache@v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} @@ -34,14 +32,14 @@ jobs: ${{ runner.os }}-node- - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: recursive fetch-depth: 0 - name: Setup Pages id: pages - uses: actions/configure-pages@v4 + uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 - use this after https://github.com/DefectDojo/django-DefectDojo/pull/11329 - name: Install dependencies run: cd docs && npm ci @@ -53,7 +51,7 @@ jobs: run: cd docs && hugo --minify --gc --config config/production/hugo.toml - name: Deploy - uses: peaceiris/actions-gh-pages@v4 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 with: # publishes to the `gh-pages` branch by default github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./docs/public diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index cd8d8072377..c60cb6f3403 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -41,11 +41,11 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # load docker images from build jobs - name: Load images from artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: built-docker-image pattern: built-docker-image-* diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml index a4feb77273f..3f169002efb 100644 --- a/.github/workflows/k8s-tests.yml +++ b/.github/workflows/k8s-tests.yml @@ -32,10 +32,10 @@ jobs: os: debian steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Minikube - uses: manusa/actions-setup-minikube@v2.13.0 + uses: manusa/actions-setup-minikube@0e8062ceff873bd77979f39cf8fd3621416afe4d # v2.13.0 with: minikube version: 'v1.33.1' kubernetes version: ${{ matrix.k8s }} @@ -48,7 +48,7 @@ jobs: minikube status - name: Load images from artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: built-docker-image pattern: built-docker-image-* diff --git a/.github/workflows/plantuml.yml b/.github/workflows/plantuml.yml index 5fa308ffb41..6beb590899b 100644 --- a/.github/workflows/plantuml.yml +++ b/.github/workflows/plantuml.yml @@ -13,7 +13,7 @@ jobs: UML_FILES: ".puml" steps: - name: Checkout Source - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -33,7 +33,7 @@ jobs: with: args: -v -tpng ${{ steps.getfile.outputs.files }} - name: Push Local Changes - uses: stefanzweifel/git-auto-commit-action@v5.0.1 + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 with: commit_user_name: "PlantUML_bot" commit_user_email: "noreply@defectdojo.org" diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml index 34a31a0cab2..cde6795db05 100644 --- a/.github/workflows/pr-labeler.yml +++ b/.github/workflows/pr-labeler.yml @@ -15,7 +15,7 @@ jobs: name: "Autolabeler" runs-on: ubuntu-latest steps: - - uses: actions/labeler@v5 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" sync-labels: true diff --git a/.github/workflows/release-1-create-pr.yml b/.github/workflows/release-1-create-pr.yml index c93b1d0ee69..5b65c02ec93 100644 --- a/.github/workflows/release-1-create-pr.yml +++ b/.github/workflows/release-1-create-pr.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout from_branch branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.inputs.from_branch }} @@ -45,7 +45,7 @@ jobs: run: git push origin HEAD:${NEW_BRANCH} - name: Checkout release branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.NEW_BRANCH }} @@ -75,7 +75,7 @@ jobs: grep -H version helm/defectdojo/Chart.yaml - name: Push version changes - uses: stefanzweifel/git-auto-commit-action@v5.0.1 + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 with: commit_user_name: "${{ env.GIT_USERNAME }}" commit_user_email: "${{ env.GIT_EMAIL }}" @@ -88,7 +88,7 @@ jobs: - name: Create Pull Request env: REPO_ORG: ${{ env.repoorg }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/release-2-tag-docker-push.yml b/.github/workflows/release-2-tag-docker-push.yml index f6f021fcaa9..bd06d3b920a 100644 --- a/.github/workflows/release-2-tag-docker-push.yml +++ b/.github/workflows/release-2-tag-docker-push.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: master diff --git a/.github/workflows/release-3-master-into-dev.yml b/.github/workflows/release-3-master-into-dev.yml index 6af0fb58ebe..ede4cf33d37 100644 --- a/.github/workflows/release-3-master-into-dev.yml +++ b/.github/workflows/release-3-master-into-dev.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: master @@ -38,7 +38,7 @@ jobs: run: git push origin HEAD:${NEW_BRANCH} - name: Checkout new branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.NEW_BRANCH }} @@ -50,15 +50,11 @@ jobs: CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1) sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml - - name: Update settings SHA - run: sha256sum dojo/settings/settings.dist.py | cut -d ' ' -f1 > dojo/settings/.settings.dist.py.sha256sum - - name: Check numbers run: | grep version dojo/__init__.py grep appVersion helm/defectdojo/Chart.yaml grep version components/package.json - cat dojo/settings/.settings.dist.py.sha256sum - name: Create upgrade notes to documentation run: | @@ -77,7 +73,7 @@ jobs: if: endsWith(github.event.inputs.release_number_new, '.0') && endsWith(github.event.inputs.release_number_dev, '.0-dev') - name: Push version changes - uses: stefanzweifel/git-auto-commit-action@v5.0.1 + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 with: commit_user_name: "${{ env.GIT_USERNAME }}" commit_user_email: "${{ env.GIT_EMAIL }}" @@ -90,7 +86,7 @@ jobs: - name: Create Pull Request env: REPO_ORG: ${{ env.repoorg }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -107,7 +103,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: master @@ -124,7 +120,7 @@ jobs: run: git push origin HEAD:${NEW_BRANCH} - name: Checkout new branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.NEW_BRANCH }} @@ -136,18 +132,14 @@ jobs: CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1) sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml - - name: Update settings SHA - run: sha256sum dojo/settings/settings.dist.py | cut -d ' ' -f1 > dojo/settings/.settings.dist.py.sha256sum - - name: Check numbers run: | grep version dojo/__init__.py grep appVersion helm/defectdojo/Chart.yaml grep version components/package.json - cat dojo/settings/.settings.dist.py.sha256sum - name: Push version changes - uses: stefanzweifel/git-auto-commit-action@v5.0.1 + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 with: commit_user_name: "${{ env.GIT_USERNAME }}" commit_user_email: "${{ env.GIT_EMAIL }}" @@ -160,7 +152,7 @@ jobs: - name: Create Pull Request env: REPO_ORG: ${{ env.repoorg }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 0e42769cd76..7802bfdc1b2 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Create Release id: create_release - uses: release-drafter/release-drafter@v6.0.0 + uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6.0.0 with: version: ${{ github.event.inputs.version }} env: @@ -47,13 +47,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Load OAS files from artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: oas-* - name: Upload Release Asset - OpenAPI Specification - YAML id: upload-release-asset-yaml - uses: actions/upload-release-asset@v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -64,7 +64,7 @@ jobs: - name: Upload Release Asset - OpenAPI Specification - JSON id: upload-release-asset-json - uses: actions/upload-release-asset@v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/release-x-manual-docker-containers.yml b/.github/workflows/release-x-manual-docker-containers.yml index 6f8862b6216..bf0061c7e6e 100644 --- a/.github/workflows/release-x-manual-docker-containers.yml +++ b/.github/workflows/release-x-manual-docker-containers.yml @@ -32,13 +32,13 @@ jobs: platform: [amd64] steps: - name: Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Checkout tag - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.inputs.release_number }} @@ -47,11 +47,11 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Build and push images with debian if: ${{ matrix.os == 'debian' }} - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 env: DOCKER_BUILD_CHECKS_ANNOTATIONS: false REPO_ORG: ${{ env.repoorg }} @@ -64,7 +64,7 @@ jobs: - name: Build and push images with alpine if: ${{ matrix.os == 'alpine' }} - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 env: DOCKER_BUILD_CHECKS_ANNOTATIONS: false REPO_ORG: ${{ env.repoorg }} diff --git a/.github/workflows/release-x-manual-helm-chart.yml b/.github/workflows/release-x-manual-helm-chart.yml index ee749cdc4a8..27b7edab0ce 100644 --- a/.github/workflows/release-x-manual-helm-chart.yml +++ b/.github/workflows/release-x-manual-helm-chart.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: master fetch-depth: 0 @@ -46,10 +46,8 @@ jobs: git config --global user.name "${{ env.GIT_USERNAME }}" git config --global user.email "${{ env.GIT_EMAIL }}" - - name: Install Helm - uses: azure/setup-helm@v4 - with: - version: v3.4.0 + - name: Set up Helm + uses: azure/setup-helm@v4.2.0 - name: Configure HELM repos run: |- @@ -58,7 +56,7 @@ jobs: helm dependency update ./helm/defectdojo - name: Add yq - uses: mikefarah/yq@master + uses: mikefarah/yq@4839dbbf80445070a31c7a9c1055da527db2d5ee # v4.44.6 - name: Pin version docker version id: pin_image @@ -75,7 +73,7 @@ jobs: echo "chart_version=$(ls build | cut -d '-' -f 2 | sed 's|\.tgz||')" >> $GITHUB_ENV - name: Create release ${{ github.event.inputs.release_number }} - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: name: '${{ github.event.inputs.release_number }} 🌈' tag_name: ${{ github.event.inputs.release_number }} diff --git a/.github/workflows/release_drafter_valentijn.yml b/.github/workflows/release_drafter_valentijn.yml index 0ac52a0466a..7ce4c2813a6 100644 --- a/.github/workflows/release_drafter_valentijn.yml +++ b/.github/workflows/release_drafter_valentijn.yml @@ -20,7 +20,7 @@ jobs: update_release_draft: runs-on: ubuntu-latest steps: - - uses: valentijnscholten/release-drafter@master + - uses: valentijnscholten/release-drafter@master # TODO: not maintained anymore - missing part is maybe already solved in the upstream with: version: ${{github.event.inputs.version}} previous-version: ${{github.event.inputs.previous-version}} diff --git a/.github/workflows/rest-framework-tests.yml b/.github/workflows/rest-framework-tests.yml index bd8ca3322fa..63056587431 100644 --- a/.github/workflows/rest-framework-tests.yml +++ b/.github/workflows/rest-framework-tests.yml @@ -14,13 +14,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false # load docker images from build jobs - name: Load images from artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: built-docker-image pattern: built-docker-image-* diff --git a/.github/workflows/ruff.yml b/.github/workflows/ruff.yml index 04799cdd003..59652fa7332 100644 --- a/.github/workflows/ruff.yml +++ b/.github/workflows/ruff.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Ruff Linter run: pip install -r requirements-lint.txt diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 4a37d71b562..8657b48c68a 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Grab shellcheck run: | diff --git a/.github/workflows/test-helm-chart.yml b/.github/workflows/test-helm-chart.yml index 5bf20169328..75cf1186411 100644 --- a/.github/workflows/test-helm-chart.yml +++ b/.github/workflows/test-helm-chart.yml @@ -14,15 +14,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v4.2.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: 3.9 @@ -33,7 +33,7 @@ jobs: helm dependency update ./helm/defectdojo - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 with: yamale_version: 4.0.4 yamllint_version: 1.35.1 diff --git a/Dockerfile.nginx-alpine b/Dockerfile.nginx-alpine index 0355ec4c2b4..9c266b9734a 100644 --- a/Dockerfile.nginx-alpine +++ b/Dockerfile.nginx-alpine @@ -140,7 +140,7 @@ COPY manage.py ./ COPY dojo/ ./dojo/ RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true -FROM nginx:1.27.3-alpine@sha256:5acf10cd305853dc2271e3c818d342f3aeb3688b1256ab8f035fda04b91ed303 +FROM nginx:1.27.3-alpine@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4 ARG uid=1001 ARG appuser=defectdojo COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ diff --git a/Dockerfile.nginx-debian b/Dockerfile.nginx-debian index aca7191e808..f55d77bfe8f 100644 --- a/Dockerfile.nginx-debian +++ b/Dockerfile.nginx-debian @@ -73,7 +73,7 @@ COPY dojo/ ./dojo/ RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true -FROM nginx:1.27.3-alpine@sha256:5acf10cd305853dc2271e3c818d342f3aeb3688b1256ab8f035fda04b91ed303 +FROM nginx:1.27.3-alpine@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4 ARG uid=1001 ARG appuser=defectdojo COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ diff --git a/components/package.json b/components/package.json index 613bb03e112..018753a4c6b 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.41.0", + "version": "2.42.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { @@ -35,7 +35,7 @@ "metismenu": "~3.0.7", "moment": "^2.30.1", "morris.js": "morrisjs/morris.js", - "pdfmake": "^0.2.15", + "pdfmake": "^0.2.16", "startbootstrap-sb-admin-2": "1.0.7" }, "engines": { diff --git a/components/yarn.lock b/components/yarn.lock index 26479c39938..eb7b1009641 100644 --- a/components/yarn.lock +++ b/components/yarn.lock @@ -24,10 +24,10 @@ base64-js "1.3.1" unicode-trie "^2.0.0" -"@foliojs-fork/pdfkit@^0.15.1": - version "0.15.1" - resolved "https://registry.yarnpkg.com/@foliojs-fork/pdfkit/-/pdfkit-0.15.1.tgz#ecae3bcb7aad46b58e50493de593317f9b738074" - integrity sha512-4Cq2onHZAhThIfzv3/AFTPALqHzbmV8uNvgRELULWNbsZATgVeqEL4zHOzCyblLfX6tMXVO2BVaPcXboIxGjiw== +"@foliojs-fork/pdfkit@^0.15.2": + version "0.15.2" + resolved "https://registry.yarnpkg.com/@foliojs-fork/pdfkit/-/pdfkit-0.15.2.tgz#6dbe57ed45f1dc022d0219f3810071b9007e347e" + integrity sha512-Wpj6BH4DGn+zAWmCk9agdbAw3Zxt+MpemjssLfYdnretWpZ014uR6Zo51E4ftVP75UA8a7mtt4TiCu09lIKsBw== dependencies: "@foliojs-fork/fontkit" "^1.9.2" "@foliojs-fork/linebreak" "^1.1.1" @@ -503,13 +503,13 @@ pako@~1.0.2: resolved "https://registry.yarnpkg.com/pako/-/pako-1.0.11.tgz#6c9599d340d54dfd3946380252a35705a6b992bf" integrity sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw== -pdfmake@^0.2.15: - version "0.2.15" - resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.15.tgz#86bbc2c854e8a1cc98d4d6394b39dae00cc3a3b0" - integrity sha512-Ryef9mjxo6q8dthhbssAK0zwCsPZ6Pl7kCHnIEXOvQdd79LUGZD6SHGi21YryFXczPjvw6V009uxQwp5iritcA== +pdfmake@^0.2.16: + version "0.2.16" + resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.16.tgz#5001538ad16e347aa21c12b1bdc0440015f7bdf7" + integrity sha512-oCHFIAVybjCkeU1ZCY5fB6BxOZ7ofeinN/sYfgPBny7Frx+8GbxNkEuuvZGj70Xn8/9kUhKZ84Q9S6qxj5eq5Q== dependencies: "@foliojs-fork/linebreak" "^1.1.2" - "@foliojs-fork/pdfkit" "^0.15.1" + "@foliojs-fork/pdfkit" "^0.15.2" iconv-lite "^0.6.3" xmldoc "^1.3.0" diff --git a/docker-compose.yml b/docker-compose.yml index aac7a98f7ba..c0cc991e6ca 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,6 +16,8 @@ services: - uwsgi environment: NGINX_METRICS_ENABLED: "${NGINX_METRICS_ENABLED:-false}" + DD_UWSGI_HOST: "${DD_UWSGI_HOST:-uwsgi}" + DD_UWSGI_PORT: "${DD_UWSGI_PORT:-3031}" volumes: - defectdojo_media:/usr/share/nginx/html/media ports: @@ -103,7 +105,7 @@ services: source: ./docker/extra_settings target: /app/docker/extra_settings postgres: - image: postgres:17.2-alpine@sha256:e7897baa70dae1968d23d785adb4aeb699175e0bcaae44f98a7083ecb9668b93 + image: postgres:17.2-alpine@sha256:d37d2c160d34430877c802e5adc22824a2ad453499db9bab1a2ceb2be6c1a46f environment: POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo} POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo} diff --git a/docker/setEnv.sh b/docker/setEnv.sh index b9336535e39..41aa804c304 100755 --- a/docker/setEnv.sh +++ b/docker/setEnv.sh @@ -40,7 +40,7 @@ function get_current { # Tell to which environments we can switch function say_switch { echo "Using '${current_env}' configuration." - for one_env in dev debug unit_tests integration_tests release + for one_env in dev unit_tests integration_tests release do if [ "${current_env}" != ${one_env} ]; then echo "-> You can switch to '${one_env}' with '${0} ${one_env}'" @@ -118,7 +118,7 @@ function set_integration_tests { # Change directory to allow working with relative paths. cd "${target_dir}" || exit -if [ ${#} -eq 1 ] && [[ 'dev debug unit_tests unit_tests_cicd integration_tests release' =~ ${1} ]] +if [ ${#} -eq 1 ] && [[ 'dev unit_tests unit_tests_cicd integration_tests release' =~ ${1} ]] then set_"${1}" else diff --git a/docs/assets/images/About_Custom_Dashboard_Tiles.png b/docs/assets/images/About_Custom_Dashboard_Tiles.png new file mode 100644 index 00000000000..f93e3cef66f Binary files /dev/null and b/docs/assets/images/About_Custom_Dashboard_Tiles.png differ diff --git a/docs/assets/images/About_Custom_Dashboard_Tiles_10.png b/docs/assets/images/About_Custom_Dashboard_Tiles_10.png new file mode 100644 index 00000000000..d1a529cc634 Binary files /dev/null and b/docs/assets/images/About_Custom_Dashboard_Tiles_10.png differ diff --git a/docs/assets/images/About_Custom_Dashboard_Tiles_11.png b/docs/assets/images/About_Custom_Dashboard_Tiles_11.png new file mode 100644 index 00000000000..28c214ce609 Binary files /dev/null and b/docs/assets/images/About_Custom_Dashboard_Tiles_11.png differ diff --git a/docs/assets/images/About_Custom_Dashboard_Tiles_12.png b/docs/assets/images/About_Custom_Dashboard_Tiles_12.png new file mode 100644 index 00000000000..a85d84e4076 Binary files /dev/null and b/docs/assets/images/About_Custom_Dashboard_Tiles_12.png differ diff --git a/docs/assets/images/About_Custom_Dashboard_Tiles_2.png b/docs/assets/images/About_Custom_Dashboard_Tiles_2.png new file mode 100644 index 00000000000..0776da29aea Binary files /dev/null and b/docs/assets/images/About_Custom_Dashboard_Tiles_2.png differ diff --git a/docs/assets/images/About_Custom_Dashboard_Tiles_3.png b/docs/assets/images/About_Custom_Dashboard_Tiles_3.png new file mode 100644 index 00000000000..61f4ddb3503 Binary files /dev/null and b/docs/assets/images/About_Custom_Dashboard_Tiles_3.png differ diff --git a/docs/assets/images/About_Custom_Dashboard_Tiles_4.png b/docs/assets/images/About_Custom_Dashboard_Tiles_4.png new file mode 100644 index 00000000000..e110e93428f Binary files /dev/null and b/docs/assets/images/About_Custom_Dashboard_Tiles_4.png differ diff --git a/docs/assets/images/About_Custom_Dashboard_Tiles_5.png b/docs/assets/images/About_Custom_Dashboard_Tiles_5.png new file mode 100644 index 00000000000..6001191d30d Binary files /dev/null and b/docs/assets/images/About_Custom_Dashboard_Tiles_5.png differ diff --git a/docs/assets/images/About_Custom_Dashboard_Tiles_6.png b/docs/assets/images/About_Custom_Dashboard_Tiles_6.png new file mode 100644 index 00000000000..9fb05e93ff2 Binary files /dev/null and b/docs/assets/images/About_Custom_Dashboard_Tiles_6.png differ diff --git a/docs/assets/images/About_Custom_Dashboard_Tiles_7.png b/docs/assets/images/About_Custom_Dashboard_Tiles_7.png new file mode 100644 index 00000000000..0c25182d9cf Binary files /dev/null and b/docs/assets/images/About_Custom_Dashboard_Tiles_7.png differ diff --git a/docs/assets/images/About_Custom_Dashboard_Tiles_8.png b/docs/assets/images/About_Custom_Dashboard_Tiles_8.png new file mode 100644 index 00000000000..146acaced7a Binary files /dev/null and b/docs/assets/images/About_Custom_Dashboard_Tiles_8.png differ diff --git a/docs/assets/images/About_Custom_Dashboard_Tiles_9.png b/docs/assets/images/About_Custom_Dashboard_Tiles_9.png new file mode 100644 index 00000000000..b9f3d2ce2ff Binary files /dev/null and b/docs/assets/images/About_Custom_Dashboard_Tiles_9.png differ diff --git a/docs/assets/images/About_In-App_Alerts.png b/docs/assets/images/About_In-App_Alerts.png new file mode 100644 index 00000000000..b1534a60c34 Binary files /dev/null and b/docs/assets/images/About_In-App_Alerts.png differ diff --git a/docs/assets/images/About_In-App_Alerts_2.png b/docs/assets/images/About_In-App_Alerts_2.png new file mode 100644 index 00000000000..7557d0765a0 Binary files /dev/null and b/docs/assets/images/About_In-App_Alerts_2.png differ diff --git a/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product.png b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product.png new file mode 100644 index 00000000000..4fe1fc826d6 Binary files /dev/null and b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product.png differ diff --git a/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_2.png b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_2.png new file mode 100644 index 00000000000..a640315c218 Binary files /dev/null and b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_2.png differ diff --git a/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_3.png b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_3.png new file mode 100644 index 00000000000..6bc25804dd6 Binary files /dev/null and b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_3.png differ diff --git a/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_4.png b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_4.png new file mode 100644 index 00000000000..a14899f8824 Binary files /dev/null and b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_4.png differ diff --git a/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_5.png b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_5.png new file mode 100644 index 00000000000..00cbbb76789 Binary files /dev/null and b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_5.png differ diff --git a/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_6.png b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_6.png new file mode 100644 index 00000000000..1e19075c9cd Binary files /dev/null and b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_6.png differ diff --git a/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_7.png b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_7.png new file mode 100644 index 00000000000..6b9b1302b36 Binary files /dev/null and b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_7.png differ diff --git a/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_8.png b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_8.png new file mode 100644 index 00000000000..3cff617e742 Binary files /dev/null and b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_8.png differ diff --git a/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_9.png b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_9.png new file mode 100644 index 00000000000..29084146db7 Binary files /dev/null and b/docs/assets/images/Add_a_Connected_Jira_Project_to_a_Product_9.png differ diff --git a/docs/assets/images/Avoiding_Duplicates_Reimport_Recurring_Tests.png b/docs/assets/images/Avoiding_Duplicates_Reimport_Recurring_Tests.png new file mode 100644 index 00000000000..d26f35a4652 Binary files /dev/null and b/docs/assets/images/Avoiding_Duplicates_Reimport_Recurring_Tests.png differ diff --git a/docs/assets/images/Bulk_Editing_Findings.png b/docs/assets/images/Bulk_Editing_Findings.png new file mode 100644 index 00000000000..acfcaaec871 Binary files /dev/null and b/docs/assets/images/Bulk_Editing_Findings.png differ diff --git a/docs/assets/images/Bulk_Editing_Findings_2.png b/docs/assets/images/Bulk_Editing_Findings_2.png new file mode 100644 index 00000000000..eb0b13d8b2f Binary files /dev/null and b/docs/assets/images/Bulk_Editing_Findings_2.png differ diff --git a/docs/assets/images/Bulk_Editing_Findings_3.png b/docs/assets/images/Bulk_Editing_Findings_3.png new file mode 100644 index 00000000000..61e34d07402 Binary files /dev/null and b/docs/assets/images/Bulk_Editing_Findings_3.png differ diff --git a/docs/assets/images/Bulk_Editing_Findings_4.png b/docs/assets/images/Bulk_Editing_Findings_4.png new file mode 100644 index 00000000000..79f267ee25b Binary files /dev/null and b/docs/assets/images/Bulk_Editing_Findings_4.png differ diff --git a/docs/assets/images/Bulk_Editing_Findings_5.png b/docs/assets/images/Bulk_Editing_Findings_5.png new file mode 100644 index 00000000000..97b1e0a0a05 Binary files /dev/null and b/docs/assets/images/Bulk_Editing_Findings_5.png differ diff --git a/docs/assets/images/Configure_Single-Sign_On_Login.png b/docs/assets/images/Configure_Single-Sign_On_Login.png new file mode 100644 index 00000000000..cbcb9575b9c Binary files /dev/null and b/docs/assets/images/Configure_Single-Sign_On_Login.png differ diff --git a/docs/assets/images/Configure_Single-Sign_On_Login_2.png b/docs/assets/images/Configure_Single-Sign_On_Login_2.png new file mode 100644 index 00000000000..f6dc82c6014 Binary files /dev/null and b/docs/assets/images/Configure_Single-Sign_On_Login_2.png differ diff --git a/docs/assets/images/Configure_Single-Sign_On_Login_3.png b/docs/assets/images/Configure_Single-Sign_On_Login_3.png new file mode 100644 index 00000000000..fac5fe227a2 Binary files /dev/null and b/docs/assets/images/Configure_Single-Sign_On_Login_3.png differ diff --git a/docs/assets/images/Configure_Single-Sign_On_Login_4.png b/docs/assets/images/Configure_Single-Sign_On_Login_4.png new file mode 100644 index 00000000000..cbcb9575b9c Binary files /dev/null and b/docs/assets/images/Configure_Single-Sign_On_Login_4.png differ diff --git a/docs/assets/images/Configure_Single-Sign_On_Login_5.png b/docs/assets/images/Configure_Single-Sign_On_Login_5.png new file mode 100644 index 00000000000..022cb0dd51f Binary files /dev/null and b/docs/assets/images/Configure_Single-Sign_On_Login_5.png differ diff --git a/docs/assets/images/Configure_System_&_Personal_Notifications.png b/docs/assets/images/Configure_System_&_Personal_Notifications.png new file mode 100644 index 00000000000..9e0f6175cc6 Binary files /dev/null and b/docs/assets/images/Configure_System_&_Personal_Notifications.png differ diff --git a/docs/assets/images/Configure_System_&_Personal_Notifications_2.png b/docs/assets/images/Configure_System_&_Personal_Notifications_2.png new file mode 100644 index 00000000000..96264fd71ca Binary files /dev/null and b/docs/assets/images/Configure_System_&_Personal_Notifications_2.png differ diff --git a/docs/assets/images/Configure_System_&_Personal_Notifications_3.png b/docs/assets/images/Configure_System_&_Personal_Notifications_3.png new file mode 100644 index 00000000000..38c98179ff3 Binary files /dev/null and b/docs/assets/images/Configure_System_&_Personal_Notifications_3.png differ diff --git a/docs/assets/images/Configure_a_Microsoft_Teams_Integration.png b/docs/assets/images/Configure_a_Microsoft_Teams_Integration.png new file mode 100644 index 00000000000..22a151c6bee Binary files /dev/null and b/docs/assets/images/Configure_a_Microsoft_Teams_Integration.png differ diff --git a/docs/assets/images/Configure_a_Microsoft_Teams_Integration_2.png b/docs/assets/images/Configure_a_Microsoft_Teams_Integration_2.png new file mode 100644 index 00000000000..37288e64e04 Binary files /dev/null and b/docs/assets/images/Configure_a_Microsoft_Teams_Integration_2.png differ diff --git a/docs/assets/images/Configure_a_Slack_Integration.png b/docs/assets/images/Configure_a_Slack_Integration.png new file mode 100644 index 00000000000..af0784e9466 Binary files /dev/null and b/docs/assets/images/Configure_a_Slack_Integration.png differ diff --git a/docs/assets/images/Configure_a_Slack_Integration_2.png b/docs/assets/images/Configure_a_Slack_Integration_2.png new file mode 100644 index 00000000000..19642ffda20 Binary files /dev/null and b/docs/assets/images/Configure_a_Slack_Integration_2.png differ diff --git a/docs/assets/images/Configure_a_Slack_Integration_3.png b/docs/assets/images/Configure_a_Slack_Integration_3.png new file mode 100644 index 00000000000..af0784e9466 Binary files /dev/null and b/docs/assets/images/Configure_a_Slack_Integration_3.png differ diff --git a/docs/assets/images/Configure_a_Slack_Integration_4.png b/docs/assets/images/Configure_a_Slack_Integration_4.png new file mode 100644 index 00000000000..d4611789377 Binary files /dev/null and b/docs/assets/images/Configure_a_Slack_Integration_4.png differ diff --git a/docs/assets/images/Configuring_the_Jira_DefectDojo_Webhook.png b/docs/assets/images/Configuring_the_Jira_DefectDojo_Webhook.png new file mode 100644 index 00000000000..1aab8ad9c21 Binary files /dev/null and b/docs/assets/images/Configuring_the_Jira_DefectDojo_Webhook.png differ diff --git a/docs/assets/images/Connect_DefectDojo_to_Jira.png b/docs/assets/images/Connect_DefectDojo_to_Jira.png new file mode 100644 index 00000000000..28df98a7407 Binary files /dev/null and b/docs/assets/images/Connect_DefectDojo_to_Jira.png differ diff --git a/docs/assets/images/Connect_DefectDojo_to_Jira_2.png b/docs/assets/images/Connect_DefectDojo_to_Jira_2.png new file mode 100644 index 00000000000..5a0174e4e3e Binary files /dev/null and b/docs/assets/images/Connect_DefectDojo_to_Jira_2.png differ diff --git a/docs/assets/images/Connect_DefectDojo_to_Jira_3.png b/docs/assets/images/Connect_DefectDojo_to_Jira_3.png new file mode 100644 index 00000000000..46b99f956a0 Binary files /dev/null and b/docs/assets/images/Connect_DefectDojo_to_Jira_3.png differ diff --git a/docs/assets/images/Connectivity_Troubleshooting.png b/docs/assets/images/Connectivity_Troubleshooting.png new file mode 100644 index 00000000000..6324be17652 Binary files /dev/null and b/docs/assets/images/Connectivity_Troubleshooting.png differ diff --git a/docs/assets/images/Connectivity_Troubleshooting_2.png b/docs/assets/images/Connectivity_Troubleshooting_2.png new file mode 100644 index 00000000000..a66229e96d3 Binary files /dev/null and b/docs/assets/images/Connectivity_Troubleshooting_2.png differ diff --git a/docs/assets/images/Connectivity_Troubleshooting_3.png b/docs/assets/images/Connectivity_Troubleshooting_3.png new file mode 100644 index 00000000000..7ec221f3b27 Binary files /dev/null and b/docs/assets/images/Connectivity_Troubleshooting_3.png differ diff --git a/docs/assets/images/Create_a_User_Group_for_shared_permissions.png b/docs/assets/images/Create_a_User_Group_for_shared_permissions.png new file mode 100644 index 00000000000..7ad06ce70f2 Binary files /dev/null and b/docs/assets/images/Create_a_User_Group_for_shared_permissions.png differ diff --git a/docs/assets/images/Create_a_User_Group_for_shared_permissions_2.png b/docs/assets/images/Create_a_User_Group_for_shared_permissions_2.png new file mode 100644 index 00000000000..d9036b020c0 Binary files /dev/null and b/docs/assets/images/Create_a_User_Group_for_shared_permissions_2.png differ diff --git a/docs/assets/images/Create_a_User_Group_for_shared_permissions_3.png b/docs/assets/images/Create_a_User_Group_for_shared_permissions_3.png new file mode 100644 index 00000000000..aa3ae2839cd Binary files /dev/null and b/docs/assets/images/Create_a_User_Group_for_shared_permissions_3.png differ diff --git a/docs/assets/images/Create_a_User_Group_for_shared_permissions_4.png b/docs/assets/images/Create_a_User_Group_for_shared_permissions_4.png new file mode 100644 index 00000000000..cdf1558f631 Binary files /dev/null and b/docs/assets/images/Create_a_User_Group_for_shared_permissions_4.png differ diff --git a/docs/assets/images/Create_a_User_Group_for_shared_permissions_5.png b/docs/assets/images/Create_a_User_Group_for_shared_permissions_5.png new file mode 100644 index 00000000000..4178b6a4645 Binary files /dev/null and b/docs/assets/images/Create_a_User_Group_for_shared_permissions_5.png differ diff --git a/docs/assets/images/Create_a_User_Group_for_shared_permissions_6.png b/docs/assets/images/Create_a_User_Group_for_shared_permissions_6.png new file mode 100644 index 00000000000..371b4f2a110 Binary files /dev/null and b/docs/assets/images/Create_a_User_Group_for_shared_permissions_6.png differ diff --git a/docs/assets/images/Create_a_User_Group_for_shared_permissions_7.png b/docs/assets/images/Create_a_User_Group_for_shared_permissions_7.png new file mode 100644 index 00000000000..ec6f4c87c7b Binary files /dev/null and b/docs/assets/images/Create_a_User_Group_for_shared_permissions_7.png differ diff --git a/docs/assets/images/Create_a_User_Group_for_shared_permissions_8.png b/docs/assets/images/Create_a_User_Group_for_shared_permissions_8.png new file mode 100644 index 00000000000..f8efb7194ee Binary files /dev/null and b/docs/assets/images/Create_a_User_Group_for_shared_permissions_8.png differ diff --git a/docs/assets/images/Create_a_User_Group_for_shared_permissions_9.png b/docs/assets/images/Create_a_User_Group_for_shared_permissions_9.png new file mode 100644 index 00000000000..b4373006e46 Binary files /dev/null and b/docs/assets/images/Create_a_User_Group_for_shared_permissions_9.png differ diff --git a/docs/assets/images/Creating_Findings_Manually.png b/docs/assets/images/Creating_Findings_Manually.png new file mode 100644 index 00000000000..c64ddd1d668 Binary files /dev/null and b/docs/assets/images/Creating_Findings_Manually.png differ diff --git a/docs/assets/images/Creating_Findings_Manually_2.png b/docs/assets/images/Creating_Findings_Manually_2.png new file mode 100644 index 00000000000..5289e2e6ed7 Binary files /dev/null and b/docs/assets/images/Creating_Findings_Manually_2.png differ diff --git a/docs/assets/images/Creating_Issues_in_Jira.png b/docs/assets/images/Creating_Issues_in_Jira.png new file mode 100644 index 00000000000..10e66408422 Binary files /dev/null and b/docs/assets/images/Creating_Issues_in_Jira.png differ diff --git a/docs/assets/images/Creating_Issues_in_Jira_2.png b/docs/assets/images/Creating_Issues_in_Jira_2.png new file mode 100644 index 00000000000..10cd38f8568 Binary files /dev/null and b/docs/assets/images/Creating_Issues_in_Jira_2.png differ diff --git a/docs/assets/images/Creating_Issues_in_Jira_3.png b/docs/assets/images/Creating_Issues_in_Jira_3.png new file mode 100644 index 00000000000..2d3afd51959 Binary files /dev/null and b/docs/assets/images/Creating_Issues_in_Jira_3.png differ diff --git a/docs/assets/images/Creating_Issues_in_Jira_4.png b/docs/assets/images/Creating_Issues_in_Jira_4.png new file mode 100644 index 00000000000..4f023449a22 Binary files /dev/null and b/docs/assets/images/Creating_Issues_in_Jira_4.png differ diff --git a/docs/assets/images/Creating_Issues_in_Jira_5.png b/docs/assets/images/Creating_Issues_in_Jira_5.png new file mode 100644 index 00000000000..6a77ede0026 Binary files /dev/null and b/docs/assets/images/Creating_Issues_in_Jira_5.png differ diff --git a/docs/assets/images/Editing_Findings.png b/docs/assets/images/Editing_Findings.png new file mode 100644 index 00000000000..d2811582f50 Binary files /dev/null and b/docs/assets/images/Editing_Findings.png differ diff --git a/docs/assets/images/Editing_Findings_2.png b/docs/assets/images/Editing_Findings_2.png new file mode 100644 index 00000000000..ebeac72c45b Binary files /dev/null and b/docs/assets/images/Editing_Findings_2.png differ diff --git a/docs/assets/images/Enabling_Deduplication_within_an_Engagement.png b/docs/assets/images/Enabling_Deduplication_within_an_Engagement.png new file mode 100644 index 00000000000..5558c2721e6 Binary files /dev/null and b/docs/assets/images/Enabling_Deduplication_within_an_Engagement.png differ diff --git a/docs/assets/images/Enabling_Deduplication_within_an_Engagement_2.png b/docs/assets/images/Enabling_Deduplication_within_an_Engagement_2.png new file mode 100644 index 00000000000..435cddb3c43 Binary files /dev/null and b/docs/assets/images/Enabling_Deduplication_within_an_Engagement_2.png differ diff --git a/docs/assets/images/Enabling_Deduplication_within_an_Engagement_3.png b/docs/assets/images/Enabling_Deduplication_within_an_Engagement_3.png new file mode 100644 index 00000000000..95a3f5e7899 Binary files /dev/null and b/docs/assets/images/Enabling_Deduplication_within_an_Engagement_3.png differ diff --git a/docs/assets/images/Enabling_Deduplication_within_an_Engagement_4.png b/docs/assets/images/Enabling_Deduplication_within_an_Engagement_4.png new file mode 100644 index 00000000000..c016985ab24 Binary files /dev/null and b/docs/assets/images/Enabling_Deduplication_within_an_Engagement_4.png differ diff --git a/docs/assets/images/Enabling_Product-Level_Deduplication.png b/docs/assets/images/Enabling_Product-Level_Deduplication.png new file mode 100644 index 00000000000..f469c834875 Binary files /dev/null and b/docs/assets/images/Enabling_Product-Level_Deduplication.png differ diff --git a/docs/assets/images/Enabling_Product-Level_Deduplication_2.png b/docs/assets/images/Enabling_Product-Level_Deduplication_2.png new file mode 100644 index 00000000000..d422e0a9873 Binary files /dev/null and b/docs/assets/images/Enabling_Product-Level_Deduplication_2.png differ diff --git a/docs/assets/images/Finding_Status_Definitions.png b/docs/assets/images/Finding_Status_Definitions.png new file mode 100644 index 00000000000..702fec9e613 Binary files /dev/null and b/docs/assets/images/Finding_Status_Definitions.png differ diff --git a/docs/assets/images/How-To_Add,_Edit_or_Delete_Dashboard_Tiles.png b/docs/assets/images/How-To_Add,_Edit_or_Delete_Dashboard_Tiles.png new file mode 100644 index 00000000000..457430afe1f Binary files /dev/null and b/docs/assets/images/How-To_Add,_Edit_or_Delete_Dashboard_Tiles.png differ diff --git a/docs/assets/images/How-To_Add,_Edit_or_Delete_Dashboard_Tiles_2.png b/docs/assets/images/How-To_Add,_Edit_or_Delete_Dashboard_Tiles_2.png new file mode 100644 index 00000000000..0776da29aea Binary files /dev/null and b/docs/assets/images/How-To_Add,_Edit_or_Delete_Dashboard_Tiles_2.png differ diff --git a/docs/assets/images/How-To_Add,_Edit_or_Delete_Dashboard_Tiles_3.png b/docs/assets/images/How-To_Add,_Edit_or_Delete_Dashboard_Tiles_3.png new file mode 100644 index 00000000000..d75da933423 Binary files /dev/null and b/docs/assets/images/How-To_Add,_Edit_or_Delete_Dashboard_Tiles_3.png differ diff --git a/docs/assets/images/How-To_Edit_Dashboard_Configuration.png b/docs/assets/images/How-To_Edit_Dashboard_Configuration.png new file mode 100644 index 00000000000..cde5d388743 Binary files /dev/null and b/docs/assets/images/How-To_Edit_Dashboard_Configuration.png differ diff --git a/docs/assets/images/How-To_Edit_Dashboard_Configuration_2.png b/docs/assets/images/How-To_Edit_Dashboard_Configuration_2.png new file mode 100644 index 00000000000..24a7b23fa9e Binary files /dev/null and b/docs/assets/images/How-To_Edit_Dashboard_Configuration_2.png differ diff --git a/docs/assets/images/How-To_Edit_Dashboard_Configuration_3.png b/docs/assets/images/How-To_Edit_Dashboard_Configuration_3.png new file mode 100644 index 00000000000..78f55afd4bf Binary files /dev/null and b/docs/assets/images/How-To_Edit_Dashboard_Configuration_3.png differ diff --git a/docs/assets/images/Introduction_to_Dashboard_Features.png b/docs/assets/images/Introduction_to_Dashboard_Features.png new file mode 100644 index 00000000000..16a1a6be6ef Binary files /dev/null and b/docs/assets/images/Introduction_to_Dashboard_Features.png differ diff --git a/docs/assets/images/Introduction_to_Dashboard_Features_2.png b/docs/assets/images/Introduction_to_Dashboard_Features_2.png new file mode 100644 index 00000000000..f93e3cef66f Binary files /dev/null and b/docs/assets/images/Introduction_to_Dashboard_Features_2.png differ diff --git a/docs/assets/images/Introduction_to_Dashboard_Features_3.png b/docs/assets/images/Introduction_to_Dashboard_Features_3.png new file mode 100644 index 00000000000..fe82f87b6d8 Binary files /dev/null and b/docs/assets/images/Introduction_to_Dashboard_Features_3.png differ diff --git a/docs/assets/images/Introduction_to_Dashboard_Features_4.png b/docs/assets/images/Introduction_to_Dashboard_Features_4.png new file mode 100644 index 00000000000..1eeba317dac Binary files /dev/null and b/docs/assets/images/Introduction_to_Dashboard_Features_4.png differ diff --git a/docs/assets/images/Introduction_to_Dashboard_Features_5.png b/docs/assets/images/Introduction_to_Dashboard_Features_5.png new file mode 100644 index 00000000000..ac51210cef4 Binary files /dev/null and b/docs/assets/images/Introduction_to_Dashboard_Features_5.png differ diff --git a/docs/assets/images/Introduction_to_Dashboard_Features_6.png b/docs/assets/images/Introduction_to_Dashboard_Features_6.png new file mode 100644 index 00000000000..d7eedb6dd30 Binary files /dev/null and b/docs/assets/images/Introduction_to_Dashboard_Features_6.png differ diff --git a/docs/assets/images/Introduction_to_Findings.png b/docs/assets/images/Introduction_to_Findings.png new file mode 100644 index 00000000000..1dc022f5858 Binary files /dev/null and b/docs/assets/images/Introduction_to_Findings.png differ diff --git a/docs/assets/images/Product_Hierarchy_Overview.png b/docs/assets/images/Product_Hierarchy_Overview.png new file mode 100644 index 00000000000..a0502462f98 Binary files /dev/null and b/docs/assets/images/Product_Hierarchy_Overview.png differ diff --git a/docs/assets/images/Product_Hierarchy_Overview_2.png b/docs/assets/images/Product_Hierarchy_Overview_2.png new file mode 100644 index 00000000000..cb4b3b8514b Binary files /dev/null and b/docs/assets/images/Product_Hierarchy_Overview_2.png differ diff --git a/docs/assets/images/Risk_Acceptances.png b/docs/assets/images/Risk_Acceptances.png new file mode 100644 index 00000000000..b8d1d3be8cf Binary files /dev/null and b/docs/assets/images/Risk_Acceptances.png differ diff --git a/docs/assets/images/Risk_Acceptances_2.png b/docs/assets/images/Risk_Acceptances_2.png new file mode 100644 index 00000000000..5c682e67950 Binary files /dev/null and b/docs/assets/images/Risk_Acceptances_2.png differ diff --git a/docs/assets/images/Risk_Acceptances_3.png b/docs/assets/images/Risk_Acceptances_3.png new file mode 100644 index 00000000000..28af44c6d3d Binary files /dev/null and b/docs/assets/images/Risk_Acceptances_3.png differ diff --git a/docs/assets/images/Risk_Acceptances_4.png b/docs/assets/images/Risk_Acceptances_4.png new file mode 100644 index 00000000000..4ba5a8cf655 Binary files /dev/null and b/docs/assets/images/Risk_Acceptances_4.png differ diff --git a/docs/assets/images/Set_a_User's_Permissions.png b/docs/assets/images/Set_a_User's_Permissions.png new file mode 100644 index 00000000000..6e2dd94d3be Binary files /dev/null and b/docs/assets/images/Set_a_User's_Permissions.png differ diff --git a/docs/assets/images/Set_a_User's_Permissions_2.png b/docs/assets/images/Set_a_User's_Permissions_2.png new file mode 100644 index 00000000000..17690bf8dc4 Binary files /dev/null and b/docs/assets/images/Set_a_User's_Permissions_2.png differ diff --git a/docs/assets/images/Set_a_User's_Permissions_3.png b/docs/assets/images/Set_a_User's_Permissions_3.png new file mode 100644 index 00000000000..17690bf8dc4 Binary files /dev/null and b/docs/assets/images/Set_a_User's_Permissions_3.png differ diff --git a/docs/assets/images/Set_a_User's_Permissions_4.png b/docs/assets/images/Set_a_User's_Permissions_4.png new file mode 100644 index 00000000000..f3007abf38e Binary files /dev/null and b/docs/assets/images/Set_a_User's_Permissions_4.png differ diff --git a/docs/assets/images/Set_a_User's_Permissions_5.png b/docs/assets/images/Set_a_User's_Permissions_5.png new file mode 100644 index 00000000000..bc565c06a77 Binary files /dev/null and b/docs/assets/images/Set_a_User's_Permissions_5.png differ diff --git a/docs/assets/images/Set_a_User's_Permissions_6.png b/docs/assets/images/Set_a_User's_Permissions_6.png new file mode 100644 index 00000000000..2cc94cd2efc Binary files /dev/null and b/docs/assets/images/Set_a_User's_Permissions_6.png differ diff --git a/docs/assets/images/Set_a_User's_Permissions_7.png b/docs/assets/images/Set_a_User's_Permissions_7.png new file mode 100644 index 00000000000..6e2dd94d3be Binary files /dev/null and b/docs/assets/images/Set_a_User's_Permissions_7.png differ diff --git a/docs/assets/images/Using_Custom_Fields.png b/docs/assets/images/Using_Custom_Fields.png new file mode 100644 index 00000000000..e89362b0dd1 Binary files /dev/null and b/docs/assets/images/Using_Custom_Fields.png differ diff --git a/docs/assets/images/Using_Custom_Fields_2.png b/docs/assets/images/Using_Custom_Fields_2.png new file mode 100644 index 00000000000..b56d7f74e0d Binary files /dev/null and b/docs/assets/images/Using_Custom_Fields_2.png differ diff --git a/docs/assets/images/Using_the_Report_Builder.png b/docs/assets/images/Using_the_Report_Builder.png new file mode 100644 index 00000000000..5bb20d08c23 Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_10.png b/docs/assets/images/Using_the_Report_Builder_10.png new file mode 100644 index 00000000000..75dc55c2f79 Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_10.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_11.png b/docs/assets/images/Using_the_Report_Builder_11.png new file mode 100644 index 00000000000..668af5e3483 Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_11.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_12.png b/docs/assets/images/Using_the_Report_Builder_12.png new file mode 100644 index 00000000000..0884df114d4 Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_12.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_13.png b/docs/assets/images/Using_the_Report_Builder_13.png new file mode 100644 index 00000000000..7f85b4da72c Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_13.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_14.png b/docs/assets/images/Using_the_Report_Builder_14.png new file mode 100644 index 00000000000..b7100d7b9a9 Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_14.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_15.png b/docs/assets/images/Using_the_Report_Builder_15.png new file mode 100644 index 00000000000..0b12c09fc94 Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_15.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_2.png b/docs/assets/images/Using_the_Report_Builder_2.png new file mode 100644 index 00000000000..d30679e3097 Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_2.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_3.png b/docs/assets/images/Using_the_Report_Builder_3.png new file mode 100644 index 00000000000..92acd858786 Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_3.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_4.png b/docs/assets/images/Using_the_Report_Builder_4.png new file mode 100644 index 00000000000..f3254604631 Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_4.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_5.png b/docs/assets/images/Using_the_Report_Builder_5.png new file mode 100644 index 00000000000..cf6da570aa0 Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_5.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_6.png b/docs/assets/images/Using_the_Report_Builder_6.png new file mode 100644 index 00000000000..128fcbfdb80 Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_6.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_7.png b/docs/assets/images/Using_the_Report_Builder_7.png new file mode 100644 index 00000000000..c470cc8e16a Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_7.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_8.png b/docs/assets/images/Using_the_Report_Builder_8.png new file mode 100644 index 00000000000..f8f7c56356e Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_8.png differ diff --git a/docs/assets/images/Using_the_Report_Builder_9.png b/docs/assets/images/Using_the_Report_Builder_9.png new file mode 100644 index 00000000000..0a6cefec2d8 Binary files /dev/null and b/docs/assets/images/Using_the_Report_Builder_9.png differ diff --git a/docs/assets/images/Working_with_Generated_Reports.png b/docs/assets/images/Working_with_Generated_Reports.png new file mode 100644 index 00000000000..b7100d7b9a9 Binary files /dev/null and b/docs/assets/images/Working_with_Generated_Reports.png differ diff --git a/docs/assets/images/Working_with_Generated_Reports_2.png b/docs/assets/images/Working_with_Generated_Reports_2.png new file mode 100644 index 00000000000..9e55a096325 Binary files /dev/null and b/docs/assets/images/Working_with_Generated_Reports_2.png differ diff --git a/docs/assets/images/Working_with_Generated_Reports_3.png b/docs/assets/images/Working_with_Generated_Reports_3.png new file mode 100644 index 00000000000..6b40cd02147 Binary files /dev/null and b/docs/assets/images/Working_with_Generated_Reports_3.png differ diff --git a/docs/assets/images/_index.png b/docs/assets/images/_index.png new file mode 100644 index 00000000000..07eece49029 Binary files /dev/null and b/docs/assets/images/_index.png differ diff --git a/docs/assets/images/add_edit_connectors.png b/docs/assets/images/add_edit_connectors.png new file mode 100644 index 00000000000..b4b4fec881c Binary files /dev/null and b/docs/assets/images/add_edit_connectors.png differ diff --git a/docs/assets/images/add_edit_connectors_2.png b/docs/assets/images/add_edit_connectors_2.png new file mode 100644 index 00000000000..e074c4146a7 Binary files /dev/null and b/docs/assets/images/add_edit_connectors_2.png differ diff --git a/docs/assets/images/add_edit_connectors_3.png b/docs/assets/images/add_edit_connectors_3.png new file mode 100644 index 00000000000..68e2147e4b2 Binary files /dev/null and b/docs/assets/images/add_edit_connectors_3.png differ diff --git a/docs/assets/images/api-token.png b/docs/assets/images/api-token.png new file mode 100644 index 00000000000..cfe42fcd89e Binary files /dev/null and b/docs/assets/images/api-token.png differ diff --git a/docs/assets/images/api_pipeline_modelling.png b/docs/assets/images/api_pipeline_modelling.png new file mode 100644 index 00000000000..f8a96620dc6 Binary files /dev/null and b/docs/assets/images/api_pipeline_modelling.png differ diff --git a/docs/assets/images/connectors_tool_reference.png b/docs/assets/images/connectors_tool_reference.png new file mode 100644 index 00000000000..2add0f93337 Binary files /dev/null and b/docs/assets/images/connectors_tool_reference.png differ diff --git a/docs/assets/images/connectors_tool_reference_2.png b/docs/assets/images/connectors_tool_reference_2.png new file mode 100644 index 00000000000..32a11c0cae9 Binary files /dev/null and b/docs/assets/images/connectors_tool_reference_2.png differ diff --git a/docs/assets/images/contact_defectdojo_support.png b/docs/assets/images/contact_defectdojo_support.png new file mode 100644 index 00000000000..f345cc8bf67 Binary files /dev/null and b/docs/assets/images/contact_defectdojo_support.png differ diff --git a/docs/assets/images/contact_defectdojo_support_2.png b/docs/assets/images/contact_defectdojo_support_2.png new file mode 100644 index 00000000000..89484dd3ff8 Binary files /dev/null and b/docs/assets/images/contact_defectdojo_support_2.png differ diff --git a/docs/assets/images/edit_ignore_delete_records.png b/docs/assets/images/edit_ignore_delete_records.png new file mode 100644 index 00000000000..db5c9457504 Binary files /dev/null and b/docs/assets/images/edit_ignore_delete_records.png differ diff --git a/docs/assets/images/edit_ignore_delete_records_2.png b/docs/assets/images/edit_ignore_delete_records_2.png new file mode 100644 index 00000000000..a472dacee5b Binary files /dev/null and b/docs/assets/images/edit_ignore_delete_records_2.png differ diff --git a/docs/assets/images/external-tools.png b/docs/assets/images/external-tools.png new file mode 100644 index 00000000000..053563989b5 Binary files /dev/null and b/docs/assets/images/external-tools.png differ diff --git a/docs/assets/images/import_scan_ui.png b/docs/assets/images/import_scan_ui.png new file mode 100644 index 00000000000..851dfa95d34 Binary files /dev/null and b/docs/assets/images/import_scan_ui.png differ diff --git a/docs/assets/images/manage_records.png b/docs/assets/images/manage_records.png new file mode 100644 index 00000000000..91e8676ba1b Binary files /dev/null and b/docs/assets/images/manage_records.png differ diff --git a/docs/assets/images/manage_records_2.jpg b/docs/assets/images/manage_records_2.jpg new file mode 100644 index 00000000000..fa078e4e6bf Binary files /dev/null and b/docs/assets/images/manage_records_2.jpg differ diff --git a/docs/assets/images/operations_discover.png b/docs/assets/images/operations_discover.png new file mode 100644 index 00000000000..4786b371dcb Binary files /dev/null and b/docs/assets/images/operations_discover.png differ diff --git a/docs/assets/images/operations_discover_2.png b/docs/assets/images/operations_discover_2.png new file mode 100644 index 00000000000..07eece49029 Binary files /dev/null and b/docs/assets/images/operations_discover_2.png differ diff --git a/docs/assets/images/operations_discover_3.png b/docs/assets/images/operations_discover_3.png new file mode 100644 index 00000000000..21e5dee6331 Binary files /dev/null and b/docs/assets/images/operations_discover_3.png differ diff --git a/docs/assets/images/operations_page.png b/docs/assets/images/operations_page.png new file mode 100644 index 00000000000..678f0cbc178 Binary files /dev/null and b/docs/assets/images/operations_page.png differ diff --git a/docs/assets/images/operations_sync.png b/docs/assets/images/operations_sync.png new file mode 100644 index 00000000000..2113c8ba6bc Binary files /dev/null and b/docs/assets/images/operations_sync.png differ diff --git a/docs/assets/images/reorder-columns.png b/docs/assets/images/reorder-columns.png new file mode 100644 index 00000000000..a4665a87651 Binary files /dev/null and b/docs/assets/images/reorder-columns.png differ diff --git a/docs/assets/images/request_a_trial.png b/docs/assets/images/request_a_trial.png new file mode 100644 index 00000000000..339fcddf1f1 Binary files /dev/null and b/docs/assets/images/request_a_trial.png differ diff --git a/docs/assets/images/request_a_trial_2.png b/docs/assets/images/request_a_trial_2.png new file mode 100644 index 00000000000..b6228168a3f Binary files /dev/null and b/docs/assets/images/request_a_trial_2.png differ diff --git a/docs/assets/images/request_a_trial_3.png b/docs/assets/images/request_a_trial_3.png new file mode 100644 index 00000000000..f30f3cc8b1a Binary files /dev/null and b/docs/assets/images/request_a_trial_3.png differ diff --git a/docs/assets/images/request_a_trial_4.png b/docs/assets/images/request_a_trial_4.png new file mode 100644 index 00000000000..9dd8a96e3f6 Binary files /dev/null and b/docs/assets/images/request_a_trial_4.png differ diff --git a/docs/assets/images/request_a_trial_5.png b/docs/assets/images/request_a_trial_5.png new file mode 100644 index 00000000000..2b4bb90ccd4 Binary files /dev/null and b/docs/assets/images/request_a_trial_5.png differ diff --git a/docs/assets/images/request_a_trial_6.png b/docs/assets/images/request_a_trial_6.png new file mode 100644 index 00000000000..16b636890cd Binary files /dev/null and b/docs/assets/images/request_a_trial_6.png differ diff --git a/docs/assets/images/request_a_trial_7.png b/docs/assets/images/request_a_trial_7.png new file mode 100644 index 00000000000..cabf57ab944 Binary files /dev/null and b/docs/assets/images/request_a_trial_7.png differ diff --git a/docs/assets/images/request_a_trial_mg.png b/docs/assets/images/request_a_trial_mg.png new file mode 100644 index 00000000000..41aec0489ee Binary files /dev/null and b/docs/assets/images/request_a_trial_mg.png differ diff --git a/docs/assets/images/run_operations_manually.png b/docs/assets/images/run_operations_manually.png new file mode 100644 index 00000000000..dbc10e031e2 Binary files /dev/null and b/docs/assets/images/run_operations_manually.png differ diff --git a/docs/assets/images/run_operations_manually_2.png b/docs/assets/images/run_operations_manually_2.png new file mode 100644 index 00000000000..10d2aeb494e Binary files /dev/null and b/docs/assets/images/run_operations_manually_2.png differ diff --git a/docs/assets/images/smart_upload.png b/docs/assets/images/smart_upload.png new file mode 100644 index 00000000000..e00d726b6e0 Binary files /dev/null and b/docs/assets/images/smart_upload.png differ diff --git a/docs/assets/images/smart_upload_2.png b/docs/assets/images/smart_upload_2.png new file mode 100644 index 00000000000..1f464d4d554 Binary files /dev/null and b/docs/assets/images/smart_upload_2.png differ diff --git a/docs/assets/images/smart_upload_3.png b/docs/assets/images/smart_upload_3.png new file mode 100644 index 00000000000..e0fa73111c5 Binary files /dev/null and b/docs/assets/images/smart_upload_3.png differ diff --git a/docs/assets/images/using_reimport.png b/docs/assets/images/using_reimport.png new file mode 100644 index 00000000000..d26f35a4652 Binary files /dev/null and b/docs/assets/images/using_reimport.png differ diff --git a/docs/assets/images/using_reimport_2.png b/docs/assets/images/using_reimport_2.png new file mode 100644 index 00000000000..5a180a591c7 Binary files /dev/null and b/docs/assets/images/using_reimport_2.png differ diff --git a/docs/assets/images/using_reimport_3.png b/docs/assets/images/using_reimport_3.png new file mode 100644 index 00000000000..d26f35a4652 Binary files /dev/null and b/docs/assets/images/using_reimport_3.png differ diff --git a/docs/assets/images/using_the_cloud_manager.png b/docs/assets/images/using_the_cloud_manager.png new file mode 100644 index 00000000000..7a3e7cfc2c8 Binary files /dev/null and b/docs/assets/images/using_the_cloud_manager.png differ diff --git a/docs/assets/images/using_the_cloud_manager_2.png b/docs/assets/images/using_the_cloud_manager_2.png new file mode 100644 index 00000000000..888fda387b5 Binary files /dev/null and b/docs/assets/images/using_the_cloud_manager_2.png differ diff --git a/docs/assets/images/using_the_cloud_manager_3.png b/docs/assets/images/using_the_cloud_manager_3.png new file mode 100644 index 00000000000..5aa07b31e98 Binary files /dev/null and b/docs/assets/images/using_the_cloud_manager_3.png differ diff --git a/docs/assets/images/using_the_cloud_manager_4.png b/docs/assets/images/using_the_cloud_manager_4.png new file mode 100644 index 00000000000..38d4a9a94eb Binary files /dev/null and b/docs/assets/images/using_the_cloud_manager_4.png differ diff --git a/docs/assets/images/using_the_cloud_manager_5.png b/docs/assets/images/using_the_cloud_manager_5.png new file mode 100644 index 00000000000..5ec675978cf Binary files /dev/null and b/docs/assets/images/using_the_cloud_manager_5.png differ diff --git a/docs/assets/images/using_the_cloud_manager_6.png b/docs/assets/images/using_the_cloud_manager_6.png new file mode 100644 index 00000000000..2a2c3cc462e Binary files /dev/null and b/docs/assets/images/using_the_cloud_manager_6.png differ diff --git a/docs/config.dev.toml b/docs/config.dev.toml index de3d1b24c36..65fff4564ba 100644 --- a/docs/config.dev.toml +++ b/docs/config.dev.toml @@ -77,12 +77,6 @@ weight = 1 pre = "" url = "https://github.com/DefectDojo/django-DefectDojo" -[[menu.main]] - name = "Knowledge Base" - weight = 50 - pre = "" - url = "https://support.defectdojo.com" - [markup] [markup.goldmark] [markup.goldmark.renderer] diff --git a/docs/content/en/about_defectdojo/contact_defectdojo_support.md b/docs/content/en/about_defectdojo/contact_defectdojo_support.md index 7c2bee2d42c..3094da9e561 100644 --- a/docs/content/en/about_defectdojo/contact_defectdojo_support.md +++ b/docs/content/en/about_defectdojo/contact_defectdojo_support.md @@ -6,26 +6,29 @@ pro-feature: true weight: 3 --- -For DefectDojo Pro users, DefectDojo's Support team can be contacted in a variety of ways. +DefectDojo Pro subscriptions come with full support from the DefectDojo Inc team during the initial trial period and beyond. -## Contacting Support via Email +Open Source users can receive assistance via the OWASP [Slack Channel](https://owasp.org/slack/invite), or on [GitHub](https://github.com/DefectDojo/django-DefectDojo). See our [Community Site](https://defectdojo.com/community) for more information. -Customers / Pro Users can always email our team directly at [support@defectdojo.com](mailto:support@defectdojo.com). +# Accessing Pro Support +### Email -## Contacting Support through the DefectDojo app +Customers / Pro Users can always email our team directly at [support@defectdojo.com](mailto:support@defectdojo.com) for assistance. + +### Within DefectDojo You can contact us through the DefectDojo App: -* by opening **Cloud Manager \> Contact Support** from the left sidebar**,** +* by opening **Cloud Manager \> Contact Support** from the left sidebar * or through **{your\-instance}.defectdojo.com/cloud\_portal/support**. -![Where to find the 'Contact Support' link in DefectDojo](https://defectdojo-inc.intercom-attachments-7.com/i/o/854681122/eca2271b89d62b943e80923b/gpUG1R_oppB0eO2XyzCludfqxjYCFT4xodToow7IBc-GE7zeXNc3CrGAtHCnLBMSAiFs5PRIcW6V58B6kHAxpKRado9NGjU3sBVbXQFCi2X1zNMfr0Xx8jgNED7ZCvt1bQWe83g47pnFcaPZ9L2oEs8?expires=1729720800&signature=74a5200740953f712cfcb0ed6145ac3ad5657bc5974e2e23e62ce5b13032272c&req=fCUjEMF%2FnINdFb4f3HP0gBxcVTY7O4IHl0%2Bn%2BVAfJVMzuNg%2FYQxvJl0daCy2%0AD6E%3D%0A) +![image](images/contact_defectdojo_support.png) -## Contact Support through the DefectDojo Cloud Portal +### Through the Cloud Portal You can also contact our support team through your Cloud Portal: * by clicking on **Contact Us** (on the left sidebar) * or via ****. -![](https://downloads.intercomcdn.com/i/o/850350549/9183fa1703512f79f83a561b/Screenshot+2023-10-10+at+3.30.51+PM.png?expires=1729720800&signature=e6e5cda5d17f233575c7d5267d79de63210a1184a56e1c6d34468883a4c21817&req=fCUnFcx%2BmIVWFb4f3HP0gKi3DGFot4w4iwNAwMDaVsacaQIz63318wb%2BRw7J%0AOFM%3D%0A) \ No newline at end of file +![image](images/contact_defectdojo_support_2.png) \ No newline at end of file diff --git a/docs/content/en/about_defectdojo/request_a_trial.md b/docs/content/en/about_defectdojo/request_a_trial.md index 92f4d3b8193..5bbfda64c26 100644 --- a/docs/content/en/about_defectdojo/request_a_trial.md +++ b/docs/content/en/about_defectdojo/request_a_trial.md @@ -1,101 +1,67 @@ --- -title: "Request a Trial" +title: "Request a DefectDojo Pro Trial" description: "How to request and work with a trial of DefectDojo Cloud" draft: "false" weight: 4 pro-feature: true --- - If your team requires an on\-premise DefectDojo installation, please connect with our Sales team by emailing \-\> [info@defectdojo.com](mailto:info@defectdojo.com) . This trial setup process only applies to DefectDojo Cloud users. - All DefectDojo plans include a free 2\-week trial, which you can use to evaluate our software. DefectDojo Trial instances are fully\-featured and can be immediately converted to our team into paid instances \- no need to set everything up again, or reupload any data when your trial period ends. - - -# **Requesting your Trial** - - -In order to sign up for the trial, you'll need to complete the process at . - - - At the end of this process, you'll be put in touch with our Sales team, who will follow up to receive your billing information, and authorize and set up your company's trial instance. +# **Requesting your Trial** +In order to sign up for a trial, you'll need to create an account on our Cloud Portal, and then click the New Subscription menu option from the sidebar. -## Step 1: Select a Plan - - -DefectDojo offers 4 plan tiers: Entry, Team, Business and Enterprise. For more information on these plan tiers, see . +![image](images/request_a_trial_mg.png) +## Step 1: Welcome +Click Continue to begin setting up your instance. +![image](images/request_a_trial.png) ## Step 2: Enter your Company Information \& create your Domain - Enter your company's **Name** and the **Server Label** you want to use with DefectDojo. You will then have a custom domain created for your DefectDojo instance on our servers. - - +![image](images/request_a_trial_2.png) Normally, DefectDojo will name your domain according to your Company Name., but if you select "Use Server Label in Domain", DefectDojo will instead label your domain according to the Server Label you chose. This approach may be preferred if you plan to use multiple DefectDojo instances (such as a Production instance and a Test instance, for example). Please contact our Sales team \-\> [info@defectdojo.com](mailto:info@defectdojo.com) if you require multiple instances. - - -![](https://downloads.intercomcdn.com/i/o/860988422/eedc579b6677431286d65848/Screenshot+2023-10-24+at+1.40.08+PM.png?expires=1729720800&signature=a5d0777d68939399aaa5ec509c17ed2d416c1ec2a6bf522f1975ba9081556b02&req=fCYnH8F2mYNdFb4f3HP0gE8a9ArLlDRdCgEOOG%2FhF1RTkIUw7Ito80YJSY0l%0AHKg%3D%0A) - ## Step 3: Select a Server Location - Select a Server Location from the drop\-down menu. We recommend selecting a server that is geographically closest to the main DefectDojo team to reduce server latency. - - -![](https://downloads.intercomcdn.com/i/o/876540337/a0a35dcc0d6133d9920ae351/Screenshot+2023-11-06+at+10.52.31+AM.png?expires=1729720800&signature=ca343d1908f901d445fd42e4a6ad36bf5423fe11f5f5499330f12d5bcbb673f8&req=fCchE81%2BnoJYFb4f3HP0gEQv7p4cu3PEeMC%2F7lhGIjWslFuLY7y9ydfxMon8%0AEqc%3D%0A) +![image](images/request_a_trial_3.png) ## Step 4: Configure your Firewall Rules - Enter the IP address ranges, subnet mask and labels that you want to allow to access DefectDojo. Additional IP addresses and rules can be added or changed by your team after your instance is up and running. +![image](images/request_a_trial_4.png) - -![](https://downloads.intercomcdn.com/i/o/861008661/a96af61112ab368531e5cea3/Screenshot+2023-10-24+at+2.03.54+PM.png?expires=1729720800&signature=dd429751626344d5acdbc978075350b93c1eee4e08b19a7e2600acc32ef5af09&req=fCYmFsl2m4deFb4f3HP0gC9i9UC9KLwQAM03VQIh7iIX1Mte7ZuJem%2FMasGI%0AMOs%3D%0A) If you want to use external services with DefectDojo (GitHub or JIRA), check the appropriate boxes listed under **Select External Services.** - - -![](https://downloads.intercomcdn.com/i/o/861010228/9af57d1dbc88ec8eb1aba838/Screenshot+2023-10-24+at+2.05.17+PM.png?expires=1729720800&signature=4de093e7d6e8eb2868d8827d43b21e3fdcca811d54129281312ed2046e8f436b&req=fCYmFsh%2Bn4NXFb4f3HP0gESMYM2ZnzQC0Fiw%2BtpOyJtEyhzu2iwxkZDcgD8G%0AOt8%3D%0A) - -## Step 4: Confirm your Plan type and Billing Frequency - +## Step 5: Confirm your Plan type and Billing Frequency Before you complete the process, please confirm the plan you want to use along with your billing frequency \- monthly or annually. +![image](images/request_a_trial_5.png) +## Step 6: Review and Submit your Request -![](https://downloads.intercomcdn.com/i/o/876543637/6e37d8e254905d129b0db4e9/Screenshot+2023-11-06+at+12.50.04+PM.png?expires=1729720800&signature=71aa69825544e058bf464482c7a705d822cabe57df3d147383cd6f78606e2e2d&req=fCchE819m4JYFb4f3HP0gA6Fk0%2FefI4ZjPtNpPBBX2TaKmf7JCyejxcfyEyq%0Asw0%3D%0A) +We'll prompt you to look over your request one more time. Once submitted, only Firewall rules can be changed by your team without assistance from Support. To contact Support, please email [support@defectdojo.com](mailto:support@defectdojo.com) or follow the instructions in [this article](https://docs.defectdojo.com/en/about_defectdojo/contact_defectdojo_support/). -## Step 5: Review and Submit your Request +![image](images/request_a_trial_6.png) +After reviewing and accepting DefectDojo's License and Support Agreement, you can click **Checkout With Stripe** or **Contact Sales**. -We'll prompt you to look over your request one more time. Once submitted, only Firewall rules can be changed by your team without assistance from Support. To contact Support, please email [support@defectdojo.com](mailto:support@defectdojo.com) or follow the instructions in [this article](https://support.defectdojo.com/en/articles/8461544-contact-defectdojo-support). - - - -![](https://downloads.intercomcdn.com/i/o/862067499/929fb73dfcda5759f44d5fe7/Screenshot+2023-10-25+at+3.41.42+PM.png?expires=1729720800&signature=c5c2efdb7cf11724b8e74e0193d63aab8cb6fdd479f5f05a385156dd4ce3f3fc&req=fCYlFs95mYhWFb4f3HP0gF2vZoT3mHEx2TF3mhg3tv%2FwJLi00MGhyKfgGvLa%0AiTI%3D%0A) -After reviewing and accepting DefectDojo's License and Support Agreement, you can click **Proceed To Checkout,** or **Meet The Creators.** - - - -* Proceed To Checkout will take you to a Stripe page where you can enter your billing information. -* If you do not wish to enter your billing info at this time, you can click Meet The Creators \- our Sales team will be in touch to set up your trial. - +* Checkout With Stripe will take you to a Stripe page where you can enter your billing information. +* If you do not wish to enter your billing info at this time, you can click Contact Sales - our Sales team will be in touch to set up your trial. # Once your trial has been approved - -Our Support team will send you a Welcome email with links to access your DefectDojo instance. You can always reach out to [support@defectdojo.com](mailto:support@defectdojo.com) for product assistance once your trial begins. - +Our Support team will send you a Welcome email with links and an initial password to access your DefectDojo instance. You can always reach out to [support@defectdojo.com](mailto:support@defectdojo.com) for product assistance once your trial begins. diff --git a/docs/content/en/changelog/changelog.md b/docs/content/en/changelog/changelog.md index 3a244f82cca..3d0c2c92292 100644 --- a/docs/content/en/changelog/changelog.md +++ b/docs/content/en/changelog/changelog.md @@ -1,13 +1,43 @@ --- -title: "Changes & New Features" +title: "DefectDojo Pro Changelog" description: "DefectDojo Changelog" --- -Here are the release notes for DefectDojo Pro (Cloud Version) releases. For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases). +Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release notes are focused on UX, so will not include all code changes. +For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrate notes](../../open_source/upgrading/upgrading_guide). -## Nov 17, 2024 -**Version 2.40.2** +## Dec 9, 2024: v2.41.1 + +- **(API)** When using the jira_finding_mappings API endpoint, trying to update a finding's Jira mapping with a Jira issue that is already assigned to another finding will now raise a validation error. +- **(Beta UI)** A Test's Import History is now paginated by default. +- **(Findings)** New Filter: 'Has Any JIRA' which accounts for Findings with single Issues or Findings that were pushed to Jira as part of a Group. +- **(Classic UI)** Filters have been added to the Product Type view. This is useful for when a single Product Type contains many Products which need to be filtered down. +- **(Classic UI)** Reported Finding Severity by Month graph now tracks the X axis by month correctly. + +## Dec 2, 2024: v2.41.0 + +- **(API)** `engagements/{id}/update_jira_epic` endpoint path added so that users can now push an updated Engagement to Jira, without creating a new Jira Epic. +- **(Beta UI)** Columns can now be reordered in tables, by clicking and dragging the column header. + +![image](images/reorder-columns.png) + +- **(Beta UI)** Notes can now be added to a Test directly from the Test page. +- **(Classic UI)** Reviewers are now displayed on Finding pages. +- **(Docs)** New integrated docs site: https://docs.defectdojo.com/ + +## Nov 25, 2024: v2.40.4 + +- **(Beta UI)** Improved Metadata tables with Parent object relationships for Products, Engagements, Tests, Findings, Endpoints/Hosts +- **(Beta UI)** Deleting an object now returns you to a page which makes more sense. +- **(Endpoints)** Endpoints can now be sorted by ID. +- **(Review Request)** When a user requests a review, both the requester and the requestee are now captured in audit logs. +- **(Tools)** Trivy Operator now parses the ‘cluster compliance report’ from scans. +- **(Tools)** CheckMarx One parser can now handle cases where a result has no description. +- **(Tools)** AnchorCTL Policies tool has been fortified to handle new severity values. + + +## Nov 17, 2024: v2.40.2 - **(API)** Added an API endpoint to get the DefectDojo version number: `/api/v2/version` (Pro) - **(API)** Multiple Metadata objects can now be added to a single Endpoint, Finding or Product via POST or PATCH to `/api/v2/metadata/` . Previously, only one Metadata key/value pair could be updated per call. @@ -19,8 +49,7 @@ Here are the release notes for DefectDojo Pro (Cloud Version) releases. For Ope - **(Tools)** Update to AWS Prowler parser - can now handle the ‘event_time’ parameter -## Nov 14, 2024 -**Version 2.40.1** +## Nov 14, 2024: v2.40.1 - **(API)** Added a method to validate for file extensions, when 'artifact' files are added to a test (images, for example) - **(Cloud Portal)** Fixed an issue where QR codes were not being generated correctly for MFA setup. (Pro) @@ -31,8 +60,7 @@ Here are the release notes for DefectDojo Pro (Cloud Version) releases. For Ope -## Nov 4, 2024 -**Version 2.40.0** +## Nov 4, 2024: v2.40.0 - **(API)** Engagement_End_Date is now honored when submitted via /import /reimport endpoint. - **(API)** Corrected an issue with the /import endpoint where old Findings were not being mitigated correctly. @@ -60,16 +88,14 @@ configuration fields. * The "Location" field should be populated with the appropriate API endpoint for your region. For example, to retrieve results from the us-east-1 region, you would supply https://securityhub.us-east-1.amazonaws.com. * Note that we rely on Security Hub's cross-region aggregation to pull findings from more than one region. If cross-region aggregation is enabled, you should supply the API endpoint for your "Aggregation Region". Additional linked regions will have ProductRecords created for them in DefectDojo based on your AWS account IDs and the region names. -## October 29, 2024 -**Version 2.39.4 / 2.39.3** +## Oct 29, 2024: v2.39.4 - **(API)** Corrected 'multiple positional arguments' issue with `/import` endpoint - **(Metrics)** Dashboards can now handle multiple Products or Product Types simultaneously: this includes the Executive, Program, Remediation and Tool insights dashboards. (Pro) - **(Tools)** OSV, Tenable parsers have been made more robust -## October 21, 2024 -**Version 2.39.1** +## Oct 21, 2024: v2.39.1 - **(Beta UI)** Parent Object links have been added to the Metadata table to help contextualize the page you're on - **(Beta UI)** Improved "Toggle Columns" menu on tables @@ -79,9 +105,7 @@ configuration fields. - **(Metrics)** All Metrics dashboards can now be exported as a PDF (Remediation Insights, Program Insights, Tool Insights) (Pro) -## October 7, 2024 -**Version 2.39.0** - +## Oct 7, 2024: v2.39.0 - **(Beta UI)** Dropdown menus for Import Scan / Reimport Scan no longer block the active element of a form. - **(Beta UI)** Finding counts by Severity now disregard Out Of Scope / False Positive Findings. @@ -90,8 +114,7 @@ configuration fields. - **(Tools)** AWS Security Hub EPSS score now parses correctly. -## September 30, 2024 -**Version 2.38.4** +## Sept 30, 2024: v2.38.4 - **(API)** Object History can now be accessed via the API. - **(API Docs)** Generating the response schema for certain API endpoints no longer breaks the Swagger interface. @@ -99,8 +122,7 @@ configuration fields. - **(Passwords)** Password creation for new users can now be made optional upon request. This feature is toggled via the back-end. -## September 23, 2024 -**Version 2.38.3** +## Sept 23, 2024: v2.38.3 - **(API)** `/global_role` endpoint now supports prefetching. - **(API)** It is now possible to prefetch a Finding with attached files via API. @@ -112,8 +134,7 @@ configuration fields. - **Tools** fixed an issue where certain tools would not process asyncronously: Whitehat_Sentinel, SSLyze, SSLscan, Qualys_Webapp, Mend, Intsights, H1, and Blackduck. -## September 16, 2024 -**Version 2.38.2** +## Sept 16, 2024: v2.38.2 - **(Beta UI)** Jira integration in Beta UI now has parity with Legacy UI. Ability to Push To Jira has been added, and the Jira ticket view has been added to Findings, Engagements, and all other related objects in DefectDojo. - **(Finding SLAs)** Added “Mitigated Within SLA” Finding filter, so that users can now count how many Findings were mitigated on time, and how many were not. Previously, we were only able to filter Findings that were currently violating SLA or not, rather than ones that had historically violated SLA or not. @@ -126,8 +147,7 @@ configuration fields. -## September 9, 2024 -**Version 2.39.1** +## Sept 9, 2024: v2.38.1 - **(Beta UI)** Clearing a date filter and re-applying it no longer throws a 400 error. - **(Dashboard)** Dashboard Tag Filters now work correctly in both legacy and beta UIs. @@ -139,8 +159,7 @@ configuration fields. - **(Tools)** EPSS score / percentile will now be imported from Aquasec files -## Sepember 3, 2024 -**Version 2.38.0** +## Sept 3, 2024: v2.38.0 - **(API)** Better naming conventions on Mitigated and Discovered date filters: these are now labeled Mitigated/Discovered On, Mitigated/Discovered Before, Mitigated/Discovered After. - **(Beta UI)** Pre-filtered Finding Routes added to Sidebar: you can now quickly filter for Active Findings, Mitigated Findings, All Risk Acceptances, All Finding Groups. @@ -156,8 +175,7 @@ configuration fields. - **(Risk Acceptance)** Updating the Simple Risk Acceptance or the Full Risk Acceptance flag on a Product now updates the Product as expected. -## August 28, 2024 -**Version 2.37.3** +## Aug 28, 2024: v2.37.3 - **(API)** New Endpoint: /finding_groups allows you to GET, add Findings to, delete, or otherwise interact with Finding Groups. (Pro) - **(Beta UI)** Relative date ranges for Findings have been added to Finding Filters (last 30 days, last 90 days, etc) @@ -173,8 +191,7 @@ configuration fields. - **(Tools)** Nmap Parser now handles script output -## August 7, 2024 -**Version Version 2.37.0** +## Aug 7, 2024: v2.37.0 - **(API)** Created a method to handle simultaneous async reimports to the same Test via API - **(API)** Minimum Severity flag now works as expected on /import, /reimport endpoints (Clearsale) @@ -193,8 +210,7 @@ configuration fields. - **(Tools)** Kiuwan SCA Parser released - **(Tools)** Test Types can now be set to Inactive so that they won’t appear in menus. This ‘inactive’ setting can only be applied in the legacy UI, via Engagements > Test Types (or defectdojo.com/test_type) -## July 8, 2024 -**Version 2.36.0** +## Jul 8, 2024: v2.36.0 - **(Notifications)** Improved email notifications with collapsible Finding lists for greater readability - **(SLAs)** SLAs can now be optionally enforced. For each SLA associated with a Product you can set or unset the Enforce __ Finding Days box in the relevant SLA Configuration screen. When this box is unchecked, SLAs for Findings that match that Severity level will not be tracked or displayed in the UI. diff --git a/docs/content/en/cloud_management/Using the Cloud Manager.md b/docs/content/en/cloud_management/Using the Cloud Manager.md deleted file mode 100644 index 853c75c0d10..00000000000 --- a/docs/content/en/cloud_management/Using the Cloud Manager.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: "Using the Cloud Manager" -description: "Manage your subscription and account settings" ---- - -Logging into DefectDojo's Cloud Manager allows you to configure your account settings and manage your subscription with DefectDojo Cloud. - - - -# **New Subscription** - - -This page allows you to request a new, or additional Cloud instance from DefectDojo. - - - - -# **Manage Subscriptions** - - -The Subscription Management page shows all of your currently active Cloud instances, and allows you to configure the Firewall settings for each instance. - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/862089009/21684204f59c8a72fc5cd96c/oWnbKju2gAuFoJyu1HqO8VoY10HF98nGETVQr3qqyVetxwVS9T4dd9BsA07iVpqimE_DbAEOxu4YnETyF4B66bv8eRY7SA0LUfLcZV_cr2EyBBqe13n0XJd7MRFkhtVUYHBmAr7ikL-jqMRP_x3G5Yo?expires=1729720800&signature=c17d819ae6f7d8fcede2df269d2f70ce3a6d52a5fc90ca1eb528ef8fcbc981f4&req=fCYlFsF3nYFWFb4f3HP0gKBBQOIZ9S1HeeHWkUy2iQgj1cIBI%2FsKvYdjil0P%0A7zU%3D%0A)To edit or add firewall rules from within the DefectDojo cloud site, navigate to the **Manage Subscriptions** page, then click the **Edit Subscription** button in the top right corner of the subscription you wish to edit. - - - -Once on the **Edit Subscription** page, enter the IP Address, Mask, and Label for the rule you wish to add. If more than one firewall rule is needed, click **Add New Range** to create a new empty rule. - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/862089016/f591206745e3f6fb1e84ebb0/_0YHO3wFX4NOPfXD6lGQrlgyizJG4oI1uAmG6xPjKVNS5LEEsHG_e0NL7S9ghukYJZDGdZnLMLZbf4let3cWyEt1AXL-hKAr2pbJs94NMNGC4d_aCnAZzJwYw_-aisx_lkvSFQGGovg9DTXmHpcZQVE?expires=1729720800&signature=9c30c659541303f0b846c14f397d397d15b15cdbd5f7d06fa069ad94de9d12a6&req=fCYlFsF3nYBZFb4f3HP0gGOaSb2VkqgcS5e1HnxDZWkIvMwr9%2Bcy0%2FpbfIzh%0ABPw%3D%0A)To save these newly added firewall rules, click **Submit** at the bottom of the page to save and update the firewall rules on your DefectDojo cloud instance. - - - -Firewall rules can also be updated from within your DefectDojo cloud instance. For more information on modifying firewall rules from within your instance, detailed documentation can be found here: - - -*[https://documentation.defectdojo.com/proprietary\_plugins/01\_plus/cloud\_portal/\#firewall\-rules](https://documentation.defectdojo.com/proprietary_plugins/01_plus/cloud_portal/#firewall-rules)* - - - -# **Resources** - - -The Resources page contains a Contact Us form, which you can use to get in touch with our Support team. - - - -![](https://downloads.intercomcdn.com/i/o/874730270/5aeed3c6a01d72f6f9cd3744/Screenshot+2023-11-03+at+2.23.51+PM.png?expires=1729720800&signature=64441b86a47e5e90e7d835f9ba7f395cb5e699f550b98afae217c59636841c90&req=fCcjEcp%2Bn4ZfFb4f3HP0gO8a52Smoi05dVcxL5OEbRnX%2BGZMCLHom5a8sWeR%0AhoA%3D%0A)It also contains a link to our Open\-Source Documentation, which can be viewed at https://documentation.defectdojo.com. - - - -# **Account Settings** - - -The account settings page has four sections: - - -* **User Contact** allows you to set your Username, Email Address, First Name and Last Name. -* **Email Accounts** allows you to add additional email addresses to your accounts. Adding an additional email account will send a verification email to the new address. -* **Manage Social Accounts** allows you to connect DefectDojo Cloud to your GitHub or Google credentials, which can be used to log in instead of a username and password. -* **MFA Settings** allow you to add an MFA code to Google Authenticator, 1Password or similar apps. Adding an additional step to your login process is a good proactive step to prevent unauthorized access. - -### Add MFA to your login process - - -This can also be done from the following link: - - -1. Begin by installing an Authenticator app which supports QR code authentication on your smartphone or computer. -2. Once you've done this, click **Generate QR Code**. -3. Scan the QR code provided in DefectDojo using your Authenticator app, and then enter the six\-digit code provided by your app. -4. Click **Enable Multi\-Factor Authentication**. - -![](https://downloads.intercomcdn.com/i/o/874771940/efe7f25c04e1cd3189456f8d/Screenshot+2023-11-03+at+3.09.24+PM.png?expires=1729720800&signature=2664f7e14fe3ac87961f3593b1a123b17482ddca6237863d4acb1c97a97e4a0b&req=fCcjEc5%2FlIVfFb4f3HP0gP1QCbFbvE832eH4u4sdueBzfdtszKhTMHHP9qD7%0AtD4%3D%0A) \ No newline at end of file diff --git a/docs/content/en/cloud_management/Set up an additional Cloud instance.md b/docs/content/en/cloud_management/additional-cloud-instance.md similarity index 50% rename from docs/content/en/cloud_management/Set up an additional Cloud instance.md rename to docs/content/en/cloud_management/additional-cloud-instance.md index 5c5bb2cb7f6..2b65fd873fe 100644 --- a/docs/content/en/cloud_management/Set up an additional Cloud instance.md +++ b/docs/content/en/cloud_management/additional-cloud-instance.md @@ -5,84 +5,54 @@ description: "Add a test, dev, or other DefectDojo instance to your account" The process for adding a second Cloud instance is more or less the same as adding your first instance. This guide assumes you've already set up your initial DefectDojo server, and have an agreement with our Sales team to add another instance. - - - If you have not already requested an additional Cloud instance, please contact [info@defectdojo.com](mailto:info@defectdojo.com) before proceeding. - - ## Step 1: Open the New Subscription process +You can start this process from the following link: , or by clicking 🛒 **New Subscription** from the Cloud Manager page (cloud.defectdojo.com). -You can start this process from the following link: , or by clicking 🛒 **New Subscription** from the Cloud Manager page (cloud.defectdojo.com). - - - -![](https://downloads.intercomcdn.com/i/o/876539636/9b4cc38bb1a114bc31904443/Screenshot+2023-11-06+at+12.46.19+PM.png?expires=1729720800&signature=08ce5ffef842d3b4be4aa3f8538376ec461d2bc6d1d83afb85dcc9d801c7bf25&req=fCchE8p3m4JZFb4f3HP0gIHRfF7bqgQfmpwT2LnRImRLxalz2iT9uKYA9mKX%0ARmQ%3D%0A) +![image](images/request_a_trial.png) ## Step 2: Set your Server Label - Enter your company's **Name** and the **Server Label** you want to use with DefectDojo. You will then have a custom domain created for your DefectDojo instance on our servers. - - Keep your company name the same as before, but create a new Server Label and check the "**Use Server Label in Domain**" button, so that you can easily differentiate between your servers. - - -![](https://downloads.intercomcdn.com/i/o/860988422/eedc579b6677431286d65848/Screenshot+2023-10-24+at+1.40.08+PM.png?expires=1729720800&signature=a5d0777d68939399aaa5ec509c17ed2d416c1ec2a6bf522f1975ba9081556b02&req=fCYnH8F2mYNdFb4f3HP0gE8a9ArLlDRdCgEOOG%2FhF1RTkIUw7Ito80YJSY0l%0AHKg%3D%0A) +![image](images/request_a_trial_2.png) ## Step 3: Select a Server Location - Select a Server Location from the drop\-down menu. As before, we recommend selecting a server that is geographically closest to your users to reduce server latency. - - -![](https://downloads.intercomcdn.com/i/o/876540337/a0a35dcc0d6133d9920ae351/Screenshot+2023-11-06+at+10.52.31+AM.png?expires=1729720800&signature=ca343d1908f901d445fd42e4a6ad36bf5423fe11f5f5499330f12d5bcbb673f8&req=fCchE81%2BnoJYFb4f3HP0gEQv7p4cu3PEeMC%2F7lhGIjWslFuLY7y9ydfxMon8%0AEqc%3D%0A) +![image](images/request_a_trial_3.png) ## Step 4: Configure your Firewall Rules - Enter the IP address ranges, subnet mask and labels that you want to allow to access DefectDojo. Additional IP addresses and rules can be added or changed by your team after your instance is up and running. - - If you wish, these firewall rules can be different from the rules on your main DefectDojo instance. +![image](images/request_a_trial_4.png) - -![](https://downloads.intercomcdn.com/i/o/861008661/a96af61112ab368531e5cea3/Screenshot+2023-10-24+at+2.03.54+PM.png?expires=1729720800&signature=dd429751626344d5acdbc978075350b93c1eee4e08b19a7e2600acc32ef5af09&req=fCYmFsl2m4deFb4f3HP0gC9i9UC9KLwQAM03VQIh7iIX1Mte7ZuJem%2FMasGI%0AMOs%3D%0A) If you want to use external services with this instance (GitHub or JIRA), check the appropriate boxes listed under **Select External Services.** - - -![](https://downloads.intercomcdn.com/i/o/861010228/9af57d1dbc88ec8eb1aba838/Screenshot+2023-10-24+at+2.05.17+PM.png?expires=1729720800&signature=4de093e7d6e8eb2868d8827d43b21e3fdcca811d54129281312ed2046e8f436b&req=fCYmFsh%2Bn4NXFb4f3HP0gESMYM2ZnzQC0Fiw%2BtpOyJtEyhzu2iwxkZDcgD8G%0AOt8%3D%0A) +You can also proceed without a firewall by selecting **Proceed Without Firewall**. Your firewall can be re-enabled later. ## Step 5: Confirm your Plan type and Billing Frequency - At the end of our process, you'll be put in touch with our sales team, who can accurately quote your new server. We recommend you select the Plan Type which has the server specifications you require for the new instance. - +![image](images/request_a_trial_5.png) A second server may not require the same storage, CPU and RAM requirements as your 'main' instance, but this will depend on your team's technical requirements. - - -![](https://downloads.intercomcdn.com/i/o/876543046/5c065910695edf6d0adf21a1/Screenshot+2023-11-06+at+12.50.04+PM.png?expires=1729720800&signature=3d7becae3895bcab80009b80513edb4e894f89f0bde7165103a554f0b517e2b0&req=fCchE819nYVZFb4f3HP0gP2oc8RWNW5g1tf9s%2BwDUtB9peXdDn2GiZgvSJSn%0AVIc%3D%0A) - ## Step 6: Review and Submit your Request - We'll prompt you to look over your request one more time. Once submitted, only Firewall rules can be changed by your team without assistance from Support. +![image](images/request_a_trial_6.png) +After reviewing and accepting DefectDojo's License and Support Agreement, you can proceed to **Checkout With Stripe**, or if you have an existing billing arrangement you can click **Contact Sales**. -After reviewing and accepting DefectDojo's License and Support Agreement, please click **Meet The Creators.** Our Support team will reach out to you when the process is complete and your server has been provisioned. - - - -![](https://downloads.intercomcdn.com/i/o/862067499/929fb73dfcda5759f44d5fe7/Screenshot+2023-10-25+at+3.41.42+PM.png?expires=1729720800&signature=c5c2efdb7cf11724b8e74e0193d63aab8cb6fdd479f5f05a385156dd4ce3f3fc&req=fCYlFs95mYhWFb4f3HP0gF2vZoT3mHEx2TF3mhg3tv%2FwJLi00MGhyKfgGvLa%0AiTI%3D%0A) +Our Support team will reach out to you with login credentials when your server has been approved and provisioned. \ No newline at end of file diff --git a/docs/content/en/cloud_management/Connectivity Troubleshooting.md b/docs/content/en/cloud_management/connectivity-troubleshooting.md similarity index 61% rename from docs/content/en/cloud_management/Connectivity Troubleshooting.md rename to docs/content/en/cloud_management/connectivity-troubleshooting.md index 5f744091ee7..482ae7d801e 100644 --- a/docs/content/en/cloud_management/Connectivity Troubleshooting.md +++ b/docs/content/en/cloud_management/connectivity-troubleshooting.md @@ -5,69 +5,49 @@ description: "Reconnect to your DefectDojo Instance" If you have difficulty accessing your DefectDojo instance, here are some steps you can follow to get reconnected: - - -# **I can access the site, but I can't log in** - +## I can access the site, but I can't log in 1. You can reset the password for your account from the login page: **yourcompanyinstance.cloud.defectdojo.com/login**. Click 'I forgot my password' in order to begin the process. ​ +![image](images/Connectivity_Troubleshooting.png) -![](https://downloads.intercomcdn.com/i/o/867662528/dbd2358b981f856e7f624c01/Screenshot+2023-10-30+at+2.06.03+PM.png?expires=1729720800&signature=cd15a929f169cf01783a6ed6c5e5d2808896ff64299b8cc14df0c09fd5307d72&req=fCYgEM98mINXFb4f3HP0gO6jJd9YIsKGdFgO9HgVqQpav8SNveR7J%2BvC8rys%0A5d8%3D%0A) 2. Enter your email address, and click "Reset my password". ​ -3. You should receive an email with the subject header "**Password reset on yourcompanyinstance.cloud.defectdojo.com**". This email contains a link which you can click to set a new password. +3. You should receive an email with the subject header "`Password reset on yourcompanyinstance.cloud.defectdojo.com`". This email contains a link which you can click to set a new password. -​ - - -![](https://downloads.intercomcdn.com/i/o/867664555/cef20544226f5012b4251ea6/Screenshot+2023-10-30+at+2.07.01+PM.png?expires=1729720800&signature=c40a92e6ec5c8c66de22e14b50f0d6a94c4b9eecf39ebefae7da739194efb44f&req=fCYgEM96mIRaFb4f3HP0gH1b%2F68jdpPBfLFZTfDo%2FQdLZvSWWjFM6I7jc5Gz%0AEbA%3D%0A) +![image](images/Connectivity_Troubleshooting_2.png) If you don't receive an email, please check your Spam folder. Failing that, have your team's DefectDojo admin confirm that you have an account registered on your instance. -​ - -# **I can't access my company's cloud.defectdojo site** +## I can't access my company's cloud.defectdojo site If your company's cloud.defectdojo site does not load in your browser, or times out, it may be necessary for your company to change your firewall rules in order to accept your connection. - - Firewall rules can be changed in your Cloud Manager at . - - If your company uses a shared VPN, proxy server or a similar tool, make sure it’s authorized to connect to DefectDojo and that the IP address is included in DefectDojo's Firewall rules. - - If the problem persists, please contact [support@defectdojo.com](mailto:support@defectdojo.com) . - -# **I can't log in to the Cloud Manager** - +## I can't log in to the Cloud Manager If you can’t access the Cloud Manager, navigate to the Login page at and click **“Forgot your password?”** - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/867730200/fec4f8e41a85980d9f2b5848/LLaYN22oG70U12Bn8arFUnCJcpyVZioqKmyAc9wgD0EkWqNbGQKx6IfEOIQYADmiL_oxrtcKciq3XYTFr53jF_QuqtOGDJua9JdtdyydYa9A9uwFcNkWiXEVuhwk6X2O7Euz-vfqOmqclvKzrlmiZMU?expires=1729720800&signature=8686957e56b0151acddca629d70588d3a7dc550527417676cdbdf3227efb33c5&req=fCYgEcp%2Bn4FfFb4f3HP0gJcUOE6BwyJhS43Nt3T%2B2A3Jgbqj6fMRKOC7N0bI%0AcUI%3D%0A) +![image](images/Connectivity_Troubleshooting_3.png) You’ll be prompted to enter your email address, and our team will send you an email with a link to reset your password and enter a new one. - - Please note that this login method only works for the **Cloud Manager**, an admin site which your team members may not all have access to. Directly logging into your instance to use DefectDojo is only possible by directly connecting to **yourcompanyinstance.cloud.defectdojo.com/login**. -# **I've lost access to my MFA codes** - +## I've lost access to my MFA codes * **For the Cloud Manager:** If you lose access to your MFA codes, or Authenticator App, please contact DefectDojo Support at [support@defectdojo.com](mailto:support@defectdojo.com). * **For a DefectDojo Instance:** It is not currently possible to remove MFA access from an account without an MFA code. The best option in this case is to create a new DefectDojo login, and re\-grant all necessary permissions to this account. diff --git a/docs/content/en/cloud_management/using-cloud-manager.md b/docs/content/en/cloud_management/using-cloud-manager.md new file mode 100644 index 00000000000..671aa8958f9 --- /dev/null +++ b/docs/content/en/cloud_management/using-cloud-manager.md @@ -0,0 +1,70 @@ +--- +title: "Using the Cloud Manager" +description: "Manage your subscription and account settings" +--- + +Logging into DefectDojo's Cloud Manager allows you to configure your account settings and manage your subscription with DefectDojo Cloud. + +## **New Subscription** + + +This page allows you to request a [new, or additional Cloud instance](../set-up-an-additional-cloud-instance) from DefectDojo. + +## **Manage Subscriptions** + + +The Subscription Management page shows all of your currently active Cloud instances, and allows you to configure the Firewall settings for each instance. + +### Changing your Firewall Settings +![image](images/using_the_cloud_manager.png) + +Once on the **Edit Subscription** page, enter the IP Address, Mask, and Label for the rule you wish to add. If more than one firewall rule is needed, click **Add New Range** to create a new empty rule. + +![image](images/using_the_cloud_manager_2.png) + +Here, you can also open your firewall to external services (GitHub & Jira Cloud). You can also disable your firewall entirely, if you wish, by selecting **Proceed Without Firewall** from the menu. + +## Adding additional users to the Cloud Portal + +If you have multiple users who you want to give control over your Cloud Portal / DefectDojo Subscription, you can add them using this form. The users you want to add will have to have created their own Cloud Portal account at cloud.defectdojo.com; having an account on your DefectDojo instance is not sufficient. + +![image](images/using_the_cloud_manager_5.png) + +Enter the email associated with the user's Cloud Portal account, and click Submit to add them to your list of linked users. The user will now be able to manage the Cloud Portal and your DefectDojo subscription. + +## Resources + + +The Resources page contains a Contact Us form, which you can use to get in touch with our Support team. + +![image](images/using_the_cloud_manager_3.png) + +## Tools + + +The Tools page is one of the places where you can download external Pro tools, such as Universal Importer or DefectDojo CLI. These tools are external add-ons which can be used to quickly build a command-line import pipeline in your network. For more information about these tools, see the [External Tools](../../connecting_your_tools/external_tools/) documentation. + +![image](images/using_the_cloud_manager_6.png) + + +## Account Settings + + +The account settings page has four sections: + +* **User Contact** allows you to set your Username, Email Address, First Name and Last Name. +* **Email Accounts** allows you to add additional email addresses to your accounts. Adding an additional email account will send a verification email to the new address. +* **Manage Social Accounts** allows you to connect DefectDojo Cloud to your GitHub or Google credentials, which can be used to log in instead of a username and password. +* **MFA Settings** allow you to add an MFA code to Google Authenticator, 1Password or similar apps. Adding an additional step to your login process is a good proactive step to prevent unauthorized access. + +### Add MFA to your Cloud Portal login + + +Note that this will only add MFA to your DefectDojo Cloud login, not to the login for your DefectDojo app. + +![image](images/using_the_cloud_manager_4.png) + +1. Begin by installing an Authenticator app which supports QR code authentication on your smartphone or computer. +2. Once you've done this, click **Generate QR Code**. +3. Scan the QR code provided in DefectDojo using your Authenticator app, and then enter the six\-digit code provided by your app. +4. Click **Enable Multi\-Factor Authentication**. \ No newline at end of file diff --git a/docs/content/en/connecting_your_tools/connectors/_index.md b/docs/content/en/connecting_your_tools/connectors/_index.md index c60b2f44282..1923119f880 100644 --- a/docs/content/en/connecting_your_tools/connectors/_index.md +++ b/docs/content/en/connecting_your_tools/connectors/_index.md @@ -16,83 +16,3 @@ seo: robots: "" # custom robot tags (optional) pro-feature: true --- - - -DefectDojo allows users to build sophisticated API integrations, and gives users full control over how their vulnerability data is organized. - - - -But everyone needs a starting point, and that's where Connectors come in. Connectors are designed to get your security tools connected and importing data to DefectDojo as quickly as possible. - - - -We currently support Connectors for the following tools, with more on the way: - - -* **AWS Security Hub** -* **BurpSuite** -* **Checkmarx ONE** -* **Dependency\-Track** -* **Probely** -* **Semgrep** -* **SonarQube** -* **Snyk** -* **Tenable** - -These Connectors provide an API\-speed integration with DefectDojo, and can be used to automatically ingest and organize vulnerability data from the tool. - - - - -# Connectors Quick\-Start - - -If you're using DefectDojo's **Auto\-Map** settings, you can have your first Connector up and running in no time. - - -1. Set up a [Connector](https://support.defectdojo.com/en/articles/9056787-add-or-edit-a-connector) from a supported tool. -2. [Discover](https://support.defectdojo.com/en/articles/9056822-discover-operations) your tool's data hierarchy. -3. [Sync](https://support.defectdojo.com/en/articles/9124820-sync-operations) the vulnerabilities found with your tool into DefectDojo. - -That's all, really! And remember, even if you create your Connector the 'easy' way, you can easily change the way things are set up later, without losing any of your work. - - - - -# How Connectors Work - - -As long as you have the API key from the tool you're trying to connect, a connector can be added in just a few minutes. Once the connection is working, DefectDojo will **Discover** your tool's environment to see how you're organizing your scan data. - - - -Let's say you have a BurpSuite tool, which is set up to scan five different repositories for vulnerabilities. Your Connector will take note of this organizational structure and set up **Records** to help you translate those separate repositories into DefectDojo's Product / Engagement / Test hierarchy. If you have **'Auto\-Map Records'** enabled, DefectDojo will learn and copy that structure automatically. - - - - -![](https://downloads.intercomcdn.com/i/o/1004622773/fe375ad7f2ee3717a3688901/Screenshot+2024-03-27+at+15_50_38+%281%29.png?expires=1729720800&signature=85f08ec969cd4a5301882380414de0c3dfd2bf15a949aaec061d45f28f58cbd4&req=dSAnEs98n4ZYWvMW1HO4zYmbfqRB1Lp1LMtjuVEv4eEqMiwOkI085QOf4I6W%0AxAQ%2B%0A) - -Once your **Record** mappings are set up, DefectDojo will start importing scan data on a regular basis. You'll be kept up to date on any new vulnerabilities detected by the tool, and you can start working with existing vulnerabilities immediately, using DefectDojo's **Findings** system. - - - -When you're ready to add more tools to DefectDojo, you can easily rearrange your import mappings to something else. Multiple tools can be set up to import vulnerabilities to the same destination, and you can always reorganize your setup for a better fit without losing any work. - - - - -# My Connector isn't supported - - -Fortunately, DefectDojo can still handle manual import for a wide range of security tools. Please see our [Supported Tool List](https://support.defectdojo.com/en/articles/9641650-supported-tool-list), as well as our guide to Importing data. - - - - -# **Next Steps** - - -* Check out the Connectors page by switching to DefectDojo's [Beta UI](https://support.defectdojo.com/en/articles/9056775-switching-to-the-beta-ui). -* Follow our guide to [create your first Connector](https://support.defectdojo.com/en/articles/9056787-add-or-edit-a-connector). -* Check out the process of [Discovering \& Mapping](https://support.defectdojo.com/en/articles/9056822-discovery-records) your security tools and see how they can be configured to import data. diff --git a/docs/content/en/connecting_your_tools/connectors/about_connectors.md b/docs/content/en/connecting_your_tools/connectors/about_connectors.md new file mode 100644 index 00000000000..5b30e4af7a7 --- /dev/null +++ b/docs/content/en/connecting_your_tools/connectors/about_connectors.md @@ -0,0 +1,68 @@ +--- +title: "About Connectors" +description: "Seamlessly connect DefectDojo to your security tools suite" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 0 +chapter: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +pro-feature: true +--- + +DefectDojo allows users to build sophisticated API integrations, and gives users full control over how their vulnerability data is organized. + +But everyone needs a starting point, and that's where Connectors come in. Connectors are designed to get your security tools connected and importing data to DefectDojo as quickly as possible. + +We currently support Connectors for the following tools, with more on the way: + +* **AWS Security Hub** +* **BurpSuite** +* **Checkmarx ONE** +* **Dependency\-Track** +* **Probely** +* **Semgrep** +* **SonarQube** +* **Snyk** +* **Tenable** + +These Connectors provide an API\-speed integration with DefectDojo, and can be used to automatically ingest and organize vulnerability data from the tool. + +## Connectors Quick\-Start + +If you're using DefectDojo's **Auto\-Map** settings, you can have your first Connector up and running in no time. + +1. Set up a [Connector](https://docs.defectdojo.com/en/connecting_your_tools/connectors/add_edit_connectors/) from a supported tool. +2. [Discover](https://docs.defectdojo.com/en/connecting_your_tools/connectors/operations_discover/) your tool's data hierarchy. +3. [Sync](https://docs.defectdojo.com/en/connecting_your_tools/connectors/operations_sync/) the vulnerabilities found with your tool into DefectDojo. + +That's all, really! And remember, even if you create your Connector the 'easy' way, you can easily change the way things are set up later, without losing any of your work. + +## How Connectors Work + +As long as you have the API key from the tool you're trying to connect, a connector can be added in just a few minutes. Once the connection is working, DefectDojo will **Discover** your tool's environment to see how you're organizing your scan data. + +Let's say you have a BurpSuite tool, which is set up to scan five different repositories for vulnerabilities. Your Connector will take note of this organizational structure and set up **Records** to help you translate those separate repositories into DefectDojo's Product / Engagement / Test hierarchy. If you have **'Auto\-Map Records'** enabled, DefectDojo will learn and copy that structure automatically. + +![image](images/_index.png) + +Once your **Record** mappings are set up, DefectDojo will start importing scan data on a regular basis. You'll be kept up to date on any new vulnerabilities detected by the tool, and you can start working with existing vulnerabilities immediately, using DefectDojo's **Findings** system. + +When you're ready to add more tools to DefectDojo, you can easily rearrange your import mappings to something else. Multiple tools can be set up to import vulnerabilities to the same destination, and you can always reorganize your setup for a better fit without losing any work. + +## My Connector isn't supported + +Fortunately, DefectDojo can still handle manual import for a wide range of security tools. Please see our [Supported Tool List](https://docs.defectdojo.com/en/connecting_your_tools/parsers/), as well as our guide to Importing data. + +# **Next Steps** + +* Check out the Connectors page by switching to DefectDojo's **Beta UI**. +* Follow our guide to [create your first Connector](https://docs.defectdojo.com/en/connecting_your_tools/connectors/add_edit_connectors/). +* Check out the process of [Discovering \& Mapping](https://docs.defectdojo.com/en/connecting_your_tools/connectors/operations_discover/) your security tools and see how they can be configured to import data. diff --git a/docs/content/en/connecting_your_tools/connectors/add_edit_connectors.md b/docs/content/en/connecting_your_tools/connectors/add_edit_connectors.md index de5c3428675..688473a7b5d 100644 --- a/docs/content/en/connecting_your_tools/connectors/add_edit_connectors.md +++ b/docs/content/en/connecting_your_tools/connectors/add_edit_connectors.md @@ -5,26 +5,19 @@ description: "Connect to a supported security tool" The process for adding and configuring a connector is similar, regardless of the tool you’re trying to connect. However, certain tools may require you to create API keys or complete additional steps. +Before you begin this process, we recommend checking our [tool-specific reference](https://docs.defectdojo.com/en/connecting_your_tools/connectors/connectors_tool_reference/) to find the API resources for the tool you're trying to connect. - -Before you begin this process, we recommend checking our [tool\-specific reference](https://support.defectdojo.com/en/articles/9056761-tool-specific-reference) to find the API resources for the tool you're trying to connect. - - - -1. If you haven't already, start by [switching to the Beta UI](https://support.defectdojo.com/en/articles/9056775-switching-to-the-beta-ui) in DefectDojo. -2. From the left\-side menu, click on the **API Connectors** menu item. This is nested under the **Import** header. +1. If you haven't already, start by **switching to the Beta UI** in DefectDojo. +2. From the left\-side menu, click on the **API Connectors** menu item. This is nested under the **Import** header. ​ - - -![](https://downloads.intercomcdn.com/i/o/991915026/296fa5c67043d0abb4e2860c/Screenshot+2024-03-14+at+3_41_33+PM.png?expires=1729720800&signature=454263ddd9ba6944c1aa25e40f04f6b8130c84f16becd427c0261deb236719f8&req=fSkmH8h7nYNZFb4f3HP0gOGM2TgIbGVR3EfvdJsMjdCRCO26w%2FUujN5NeNyz%0At28%3D%0A) +![image](images/add_edit_connectors.png) 3. Choose a new Connector you want to add to DefectDojo in **Available Connections**, and click the **Add Configuration** underneath the tool. ​ You can also edit an existing Connection under the **Configured Connections** header. Click **Manage Configuration \> Edit Configuration** for the Configured Connection you want to Edit. ​ +![image](images/add_edit_connectors_2.png) - -![](https://downloads.intercomcdn.com/i/o/991916807/64e7bdb93a079883a6e3ab00/Screenshot+2024-03-14+at+3_43_22+PM.png?expires=1729720800&signature=a481892cc1793c842ffd9adf3679b09a53237f2573dacec45f938d872c7b3f47&req=fSkmH8h4lYFYFb4f3HP0gGj91l%2Fky%2BN9vPwzBx%2FPhnP8bP3dLpQaBHMDBqps%0ADMg%3D%0A) -4. You will need an accessible URL **Location** for the tool, along with an API **Secret** key. The location of the API key will depend on the tool you are trying to configure. See our **[Tool\-Specific Reference](https://support.defectdojo.com/en/articles/9056761-tool-specific-reference)** for more details. +4. You will need an accessible URL **Location** for the tool, along with an API **Secret** key. The location of the API key will depend on the tool you are trying to configure. See our [Tool\-Specific Reference](https://docs.defectdojo.com/en/connecting_your_tools/connectors/connectors_tool_reference/) for more details. ​ 5. Set a **Label** for this connection to help you identify it in DefectDojo. ​ @@ -34,9 +27,8 @@ You can also edit an existing Connection under the **Configured Connections** he ​ 8. Click **Submit.** -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/988485966/e745529a9c3ade55fe1b1b9b/gRMI254yf9N8orh2k25z6VzW7ttWszvrSg1w_IIirHu3QfOWzTM6Ct84XRBE8-KkVxhYncqI_pGhk3w1HJcyZK1Y7YNKqSQ_k0QLosULR_vb59V42X-JbAgvc15-tMxUalbF8nwig3N_koW11W-zqDM?expires=1729720800&signature=bfe1a7891af553d6711345393f9090070d889a8d00570ccbe16097fa5bd598d9&req=fSgvEsF7lIdZFb4f3HP0gCWhPQoxsd9Oygc4cz%2Furk3F2DljlYx3PggsKpTL%0AOg8%3D%0A) +![image](images/add_edit_connectors_3.png) ## Next Steps - -* Now that you've added a connector, you can confirm everything is set up correctly by running a **[Discover](https://support.defectdojo.com/en/articles/9056822-discovery-records)** operation. +* Now that you've added a connector, you can confirm everything is set up correctly by running a [Discover](https://docs.defectdojo.com/en/connecting_your_tools/connectors/operations_discover/) operation. diff --git a/docs/content/en/connecting_your_tools/connectors/connectors_tool_reference.md b/docs/content/en/connecting_your_tools/connectors/connectors_tool_reference.md index 2963ee5239a..90e7726cb2f 100644 --- a/docs/content/en/connecting_your_tools/connectors/connectors_tool_reference.md +++ b/docs/content/en/connecting_your_tools/connectors/connectors_tool_reference.md @@ -13,7 +13,7 @@ Some tools will require additional API\-related fields beyond **Location** and * -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/988476659/ceba1d2432ceef4f8ddd43ab/E4fVPzan1qaSwnVt96hVz2yE_ByLc8_Db-vmEezGHdmEQfWWPiawiSCV3gl-01VaJgWOx63uotxQjGl9cj6TG-Pb9AScvyRV12Q5dEU0gt4Qr5aoEUwYYa0HPQF_5iLTbz7Av2tAKqIRgj_9vE13328?expires=1729720800&signature=959e698083b3f013ebf4f44d7cd171460891ce0f88bacbc1abf9725763656363&req=fSgvEs54m4RWFb4f3HP0gDOvGCQsUdne6p9SGA1J6JbofhdNIhHVi1tX81ms%0A7sI%3D%0A) +![image](images/connectors_tool_reference.png) Each tool has different API requirements, and this guide is intended to help you set up the tool's API so that DefectDojo can connect. @@ -137,7 +137,7 @@ DefectDojo's Checkmarx ONE connector calls the Checkmarx API to fetch data. ​ -![](https://downloads.intercomcdn.com/i/o/1109449914/5ea92d383f2d09af8459a6ed/Screenshot+2024-07-10+at+2_57_34+PM.png?expires=1729720800&signature=d72362ec01a93727039ea6b52e32856d8fca74fb8f8751de50665f5779842968&req=dSEnH816lIheXfMW1HO4zW3Rem0XHydNRIiZJHcwnXoqZgIXk5Jl9kZAXhIg%0A8EbF%0A) +![image](images/connectors_tool_reference_2.png) 2. Enter a valid API key. You may need to generate a new one: see [Checkmarx API Documentation](https://docs.checkmarx.com/en/34965-68618-generating-an-api-key.html#UUID-f3b6481c-47f4-6cd8-9f0d-990896e36cd6_UUID-39ccc262-c7cb-5884-52ed-e1692a635e08) for details. 3. Enter your tenant location in the **Location** field. This URL is formatted as follows: ​`https://.ast.checkmarx.net/` . Your Region can be found at the beginning of your Checkmarx URL when using the Checkmarx app. **** is the primary US server (which has no region prefix). diff --git a/docs/content/en/connecting_your_tools/connectors/edit_ignore_delete_records.md b/docs/content/en/connecting_your_tools/connectors/edit_ignore_delete_records.md index ec2178f44ad..4fc06df43cc 100644 --- a/docs/content/en/connecting_your_tools/connectors/edit_ignore_delete_records.md +++ b/docs/content/en/connecting_your_tools/connectors/edit_ignore_delete_records.md @@ -5,93 +5,55 @@ description: "" Records can be Edited, Ignored or Deleted from the **Manage Records \& Operations Page.** - - Although Mapped and Unmapped records are located in separate tables, they can both be edited in the same way. - - From the Records table, click the blue ▼ Arrow next to the State column on a given Record. From there, you can select **Edit Record,** or **Delete Record.** +![image](images/edit_ignore_delete_records.png) - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/991861519/038163776895e87723a52384/T6IvYbAUMdmrbVWj8fe_rYCn_MzgFXI9aEOu-PvVERtgZ7FjdurerkkobRY3R9uZfBuOO-7okvDSdEdjZLKpvEwbXAKlSHbiTEYOCfmfKXC-_eHsPXdX8sfMlQPL-A-NU9IiVJ5esQtdwcNSlsuD_u0?expires=1729720800&signature=f36d18c3de5b05361f4af20d4e7d3374f1d25358dfeffbf439f3462377d87054&req=fSkmHs9%2FmIBWFb4f3HP0gEja47GdQdb%2B%2BLFrIsBuvBMOnN0G6SdozTFKik%2BB%0AVx0%3D%0A) - -# Edit a Record - +## Edit a Record Clicking **Edit Record** will open a window which allows you to change the destination product in DefectDojo. You can either select an existing Product from the drop\-down menu, or you can type in the name of a new Product you wish to create. - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/991861534/aaf6ffb16062460fa2876879/TRC8bfnFqHV6U3TZgqM92vSVg81pP_WgV1PJ8V4DnZ3dAdHlNTr0jTJdz6ojNOjCI9YQtmpczZQu2nSKMeReW-PLn7fx_kXYdryw2JCpmmlLkzqCHTW-cKnkZmTosww7Yjgm50IIedC-cTD4okrMj28?expires=1729720800&signature=5e419291cf110bce4ca16eb2b22faffc9fedd19e3125b2a994a333d342048612&req=fSkmHs9%2FmIJbFb4f3HP0gIkWHYe6PkjxMsN25eARnSCqNIbbjH8DQpCnmqYa%0AYZQ%3D%0A) +![image](images/edit_ignore_delete_records_2.png) ## **Change the Mapping of a Record** - The scan data associated with a Record can be directed to flow into a different Product by changing the mapping. - - Select, or type in the name of a new Product from the drop\-down menu to the right. - - -## **Edit the State of a Record** - +### **Edit the State of a Record** The State of a Record can be changed from this menu as well. Records can be switched from Good to Ignored (or vice versa) by choosing an option from the **State** dropdown list. - - -### Ignoring a Record - +#### Ignoring a Record If you wish to ‘switch off’ one of the records or disregard the data it’s sending to DefectDojo, you can choose to ‘Ignore’ the record. An ‘Ignored’ record will move to the Unmapped Records list and will not push any new data to DefectDojo. - You can Ignore a Mapped Record (which will remove the mapping), or a New Record (from the unmapped Records list). - - -### Restoring an Ignored Record - +#### Restoring an Ignored Record If you would like to remove the Ignored status from a record, you can change it back to New with the same State dropdown menu. - * If Auto\-Map Records is enabled, the Record will return to its original mapping once the Discover operation runs again. -​ * If Auto\-Map Records is not enabled, DefectDojo will not automatically restore a previous mapping, so you’ll need to set up the mapping for this Record again. - - -# **Delete a Record** - +## **Delete a Record** You can also Delete Records, which will remove them from the Unmapped or Mapped Records table. - - Keep in mind that the Discover function will always import all records from a tool \- meaning that even if a Record is deleted from DefectDojo, it will become re\-discovered later (and will return to the list of Records to be mapped again). - - * If you plan on removing the underlying Vendor\-Equivalent Product from your scan tool, then Deleting the Record is a good option. Otherwise, the next Discover operation will see that the associated data is missing, and this Record will change state to 'Missing'. ​ * However, if the underlying Vendor\-Equivalent Product still exists, it will be Discovered again on a future Discover operation. To prevent this behaviour, you can instead Ignore the Record. -## Does this affect any imported data? - +### Does this affect any imported data? No. All Findings, Tests and Engagements created by a sync record will remain in DefectDojo even after a Record is deleted. Deleting a record or a configuration will only remove the data\-flow process, and won’t delete any vulnerability data from DefectDojo or your tool. - - - # Next Steps - -* If your Records have been mapped, learn how to import data via [Sync operations](https://support.defectdojo.com/en/articles/9124820-sync-operations). +* If your Records have been mapped, learn how to import data via [Sync operations](https://docs.defectdojo.com/en/connecting_your_tools/connectors/operations_sync/). diff --git a/docs/content/en/connecting_your_tools/connectors/manage_records.md b/docs/content/en/connecting_your_tools/connectors/manage_records.md index a14a4eb8984..5436061480d 100644 --- a/docs/content/en/connecting_your_tools/connectors/manage_records.md +++ b/docs/content/en/connecting_your_tools/connectors/manage_records.md @@ -5,149 +5,88 @@ description: "Direct the flow of data from your tool into DefectDojo" Once you have run your first Discover operation, you should see a list of Mapped or Unmapped records on the **Manage Records and Operations** page. - - - -# What's a Record? - +## What's a Record? A Record is a connection between a DefectDojo **Product** and a **Vendor\-Equivalent\-Product**. You can use your Records list to control the flow of data between your tool and DefectDojo. +Records are created and updated during the **[Discover](https://docs.defectdojo.com/en/connecting_your_tools/connectors/operations_discover/)** operation, which DefectDojo runs daily to look for new Vendor\-Equivalent Products. - -Records are created and updated during the **[Discover](https://support.defectdojo.com/en/articles/9056822-discover-operations)** operation, which DefectDojo runs daily to look for new Vendor\-Equivalent Products. - - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1004512180/25e5f0ff8bba23800a7c622d/l-b4Vm_oV1tyCZVwQPo2KJm2DTsVPZCOwQTSV2xXSw5CB9sc9OwBZDcKyNSGXqFjOBaDxaFADjbQ_tJGM_nVn6rFFr2Vdmdx7zMwRcMUIBT3aEjSKF5iMEksZwuJigydkUP2ZuxIUZlzQ9fVvmVYEpo?expires=1729720800&signature=6306cb7f1aa9afa737ccedcaa74cda82c3e2e8c3956166fa0891abce583e830f&req=dSAnEsx%2Fn4BXWfMW1HO4zcnC6uhR8d3wWPDnXoQJQeY5bTtW3w2ujN9NrzRk%0A4ZsY%0A) +![image](images/manage_records.png) Records have various attributes, including: - * The **State** of the Record * The **Product** the Record imports data to * When the Record was **First and Last Discovered** (by the **Discover** process) * When the Record mapping was **Finalized** by a user * A link to the DefectDojo **Product** +## How Records are Mapped -# How Records are Mapped - - -Each Record needs to have a Mapping assigned. The Mapping tells DefectDojo where to store the scan data from the tool. A Mapped Record assigns the Vendor\-Equivalent Product to a DefectDojo Product, and tells the Connector to start importing scan data to that location (as Engagements and Tests). - - +Each Record needs to have a Mapping assigned. The Mapping tells DefectDojo where to store the scan data from the tool. A Mapped Record assigns the Vendor-Equivalent Product to a DefectDojo Product, and tells the Connector to start importing scan data to that location (as Engagements and Tests). You can assign Mappings yourself, or you can have DefectDojo assign them automatically. +### Auto-Mapping +If you have **Auto-Mapping** enabled, new Records will be Mapped to Products automatically. Each time DefectDojo **Discovers** a new Record, a matching DefectDojo Product will be automatically created for each Record**.** That Record will be stored under **Mapped Records** to indicate that it is ready to import data to DefectDojo. -## Auto\-Mapping - - -If you have **Auto\-Mapping** enabled, new Records will be Mapped to Products automatically. Each time DefectDojo **Discovers** a new Record, a matching DefectDojo Product will be automatically created for each Record**.** That Record will be stored under **Mapped Records** to indicate that it is ready to import data to DefectDojo. - - - -If you don't have Auto\-Mapping enabled, you can make your own decisions about where you want data to flow. Each time the Connector finds a new Vendor\-Equivalent Product (via **Discover**), it will add a new Record to your **Unmapped Records** list, and you can then manually assign that Record to a new or existing Product in DefectDojo. - - - -### Mapping \- Example Workflow: +If you don't have Auto-Mapping enabled, you can make your own decisions about where you want data to flow. Each time the Connector finds a new Vendor-Equivalent Product (via **Discover**), it will add a new Record to your **Unmapped Records** list, and you can then manually assign that Record to a new or existing Product in DefectDojo. +#### Mapping - Example Workflow: David has just finished setting up a connector for his BurpSuite tool, and runs a Discover operation. David has Burp set up to scan 4 different 'Sites', and DefectDojo creates a new Record for each of those Sites. - -* If David decides to use Auto\-Mapping, DefectDojo will create a new Product for each Site. From now on, when DefectDojo runs a Synchronize operation, the Connector will import scan data directly from the Site into the Product (via the Record mapping) +* If David decides to use Auto-Mapping, DefectDojo will create a new Product for each Site. From now on, when DefectDojo runs a Synchronize operation, the Connector will import scan data directly from the Site into the Product (via the Record mapping) ​ -* If David leaves Auto\-Mapping off, DefectDojo will still discover those 4 Sites and create Records, but it won't import any data until David creates the Mappings himself. +* If David leaves Auto-Mapping off, DefectDojo will still discover those 4 Sites and create Records, but it won't import any data until David creates the Mappings himself. ​ -* David can always change how these mappings are set up later. Maybe he wants to consolidate the output of a few different Burp Sites into a single Product. Or maybe he's looking to have a Product which records scan data from a few different tools \- including Burp. It's easy for David to change where Burp scan data is stored into DefectDojo by changing the Mapping of these Records. - - - -# How Records interact with Products +* David can always change how these mappings are set up later. Maybe he wants to consolidate the output of a few different Burp Sites into a single Product. Or maybe he's looking to have a Product which records scan data from a few different tools - including Burp. It's easy for David to change where Burp scan data is stored into DefectDojo by changing the Mapping of these Records. +## How Records interact with Products Once a Record is Mapped, DefectDojo will be ready to import your tool’s scans through a Sync Operation. Connectors can work alongside other DefectDojo import processes or interactive testing. - -* Record Mappings are designed to be non\-invasive. If you map a Product to a Record which contains existing Engagements or Findings, those existing Engagements and Findings will not be affected or overwritten by the data sync process. -​ -* All data created via a connector will be stored under a single Engagement called **Global Connectors**. That Engagement will create a separate Test for each Connector mapped to the Product. +* Record Mappings are designed to be non-invasive. If you map a Product to a Record which contains existing Engagements or Findings, those existing Engagements and Findings will not be affected or overwritten by the data sync process. ​ +* All data created via a connector will be stored under a single Engagement called **Global Connectors**. That Engagement will create a separate Test for each Connector mapped to the Product. -![](https://downloads.intercomcdn.com/i/o/1013197785/3dbf123a6fda3b38a7185bc7/Connectors+A.jpg?expires=1729720800&signature=c7f75935ff962f5f2e688fae915642793b545842c26db385f3da67e60afefba9&req=dSAmFch3moZXXPMW1HO4zbyD24POnHMJT72woKj99bWzm7uSUFDBRDBKiIRK%0AM7Le%0A) -This makes it possible to send scan data from multiple Connectors to the same Product. All of the data will be stored in the same Engagement, but each Connector will store data in a separate Test. - - - -To learn more about Products, Engagements and Tests, see our [Core Data Classes Overview](https://support.defectdojo.com/en/articles/8545273-core-data-classes-overview). - - +![image](images/manage_records_2.jpg) +This makes it possible to send scan data from multiple Connectors to the same Product. All of the data will be stored in the same Engagement, but each Connector will store data in a separate Test. -# Record States \- Glossary +To learn more about Products, Engagements and Tests, see our [Product Hierarchy Overview](https://docs.defectdojo.com/en/working_with_findings/organizing_engagements_tests/product-hierarchy-overview/). +## Record States - Glossary Each Record has an associated state to communicate how the Record is working. - - ### New - -A New Record is an Unmapped Record which DefectDojo has Discovered. It can be Mapped to a Product or Ignored. To Map a new Record to a Product, see our guide on [Editing Records](https://support.defectdojo.com/en/articles/9072546-edit-ignore-or-delete-records). - - - +A New Record is an Unmapped Record which DefectDojo has Discovered. It can be Mapped to a Product or Ignored. To Map a new Record to a Product, see our guide on [Editing Records](https://docs.defectdojo.com/en/connecting_your_tools/connectors/edit_ignore_delete_records/). ### Good - -'Good' indicates that a Record is Mapped and operating correctly. Future Discover Operations check to see if the underlying Vendor\-Equivalent Product still exists, to ensure that the Sync operation will run correctly. - - - +'Good' indicates that a Record is Mapped and operating correctly. Future Discover Operations check to see if the underlying Vendor-Equivalent Product still exists, to ensure that the Sync operation will run correctly. ### Ignored - -'Ignored' Records have been successfully Discovered, but a DefectDojo user has decided not to map the data to a Product. If you wish to change a New or Mapped Record to Ignored, or re\-map an Ignored Record, see our guide on [Editing Records](https://support.defectdojo.com/en/articles/9072546-edit-ignore-or-delete-records). - - - +'Ignored' Records have been successfully Discovered, but a DefectDojo user has decided not to map the data to a Product. If you wish to change a New or Mapped Record to Ignored, or re-map an Ignored Record, see our guide on [Editing Records](https://docs.defectdojo.com/en/connecting_your_tools/connectors/edit_ignore_delete_records/). ## Warning States: Stale or Missing - If the connection between tool and DefectDojo changes, the state of a Record will change to let you know. - - ### Stale - A Mapping is moved to ‘Stale’ when a related Product, Engagement or Test has been deleted from DefectDojo. The mapping still exists, but there isn’t anywhere in DefectDojo for the Tool’s data to import to. - - Stale records can be remapped to an existing Product, or Ignored if the scan data is no longer relevant. - - ### Missing - If a Record has been Mapped, but the source data (or Vendor\-Equivalent Product) is not being detected by DefectDojo, the Record will be labeled as **Missing**. - - DefectDojo Connectors will adapt to name changes, directory changes and other data shifts, so this is possibly because the related Vendor\-Equivalent Product was deleted from the Tool you’re using. - - If you intended to remove the Vendor Equivalent Product from your tool, you can Delete a Missing Record. If not, you'll need to troubleshoot the problem within the Tool so that the source data can be Discovered correctly. - diff --git a/docs/content/en/connecting_your_tools/connectors/operations_discover.md b/docs/content/en/connecting_your_tools/connectors/operations_discover.md index 3f09eb18a79..e54a6760882 100644 --- a/docs/content/en/connecting_your_tools/connectors/operations_discover.md +++ b/docs/content/en/connecting_your_tools/connectors/operations_discover.md @@ -5,46 +5,27 @@ description: "Create Records, and direct the flow of scan data into DefectDojo" Once you have a Connector set up, you can start making decisions about how data will flow from the tool into DefectDojo. This is managed through the Discovery process. - - You can manage all of these processes from the **Manage Records \& Operations** page. From the **API Connectors** page, click the drop\-down menu on the Connector you wish to work with, and select Manage Records \& Operations. - - - -![](https://downloads.intercomcdn.com/i/o/991931761/2369607091f047ab7d9fc8f7/Screenshot+2024-03-14+at+3_58_06+PM.png?expires=1729720800&signature=a4514b13c28657c59684f62d83a2a341a021974c3039c4c1eb589378813803cd&req=fSkmH8p%2FmodeFb4f3HP0gD4PB4jnqjGHlvfM6JxkdxjjZLvtUsa3sBPCZn0%2F%0Au4Q%3D%0A) +![image](images/operations_discover.png) # Creating New Records - The first step a DefectDojo Connector needs to take is to **Discover** your tool's environment to see how you're organizing your scan data. - - - Let's say you have a BurpSuite tool, which is set up to scan five different repositories for vulnerabilities. Your Connector will take note of this organizational structure and set up **Records** to help you translate those separate repositories into DefectDojos Product/Engagement/Test hierarchy. - Each time your Connector runs a **Discover** operation, it will look for new **Vendor\-Equivalent\-Products (VEPs)**. DefectDojo looks at the way the Vendor tool is set up and will create **Records** of VEPs based on how your tool is organized. - - - -![](https://downloads.intercomcdn.com/i/o/1004625297/5617e086a605102544ec5e37/Screenshot+2024-03-27+at+15_50_38+%281%29.png?expires=1729720800&signature=39ed2d006535fe6f3734ded90af212341d18725ac189fd6c93ef22efe83f22f0&req=dSAnEs98mINWXvMW1HO4zTo0ZAoA6if8rY3f2TjKX%2F98dBmwNaEs4%2B5s07hV%0Ab4FT%0A) - +![image](images/operations_discover_2.png) ## Run Discover Manually - **Discover** operations will automatically run on a regular basis, but they can also be run manually. If you're setting up this Connector for the first time, you can click the **Discover** button next to the **Unmapped Records** header. After you refresh the page, you will see your initial list of **Records**. - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1004506539/8f01b33b93821550f5198bd5/v8-yUUR6-EVcDMgbo4hOYp_5Q8gT96Zua_yqvPK2yubDZS0s_SVwFBwfKq4lPjuUJEfYtaLOL5syqJi0y_jND2aQj89l2xogKQaD4lO_alleK76L4WRbttxODT2Edui0erbhJ1xQApA0pws8X-opzc4?expires=1729720800&signature=5514f4b5a2d991188e7053d287a8e61f60301eb83cdae8384090808f224577b3&req=dSAnEsx%2Bm4RcUPMW1HO4zXucwJiAhf5WfVviwSTTFchq7bwThIMffCCban%2Bv%0AzwFl%0A) +![image](images/operations_discover_3.png) # **Next Steps:** - -* Learn how to [manage the Records](https://support.defectdojo.com/en/articles/9073083-managing-records) discovered by a Connector, and start importing data. -* If your Records have already been mapped (such as through Auto\-Map Records), learn how to import data via [Sync operations](https://support.defectdojo.com/en/articles/9124820-sync-operations). +* Learn how to [manage the Records](https://docs.defectdojo.com/en/connecting_your_tools/connectors/manage_records/) discovered by a Connector, and start importing data. +* If your Records have already been mapped (such as through Auto\-Map Records), learn how to import data via [Sync operations](https://docs.defectdojo.com/en/connecting_your_tools/connectors/operations_sync/). diff --git a/docs/content/en/connecting_your_tools/connectors/operations_page.md b/docs/content/en/connecting_your_tools/connectors/operations_page.md index e5b63f1f02e..c62e6c7a582 100644 --- a/docs/content/en/connecting_your_tools/connectors/operations_page.md +++ b/docs/content/en/connecting_your_tools/connectors/operations_page.md @@ -5,28 +5,19 @@ description: "Check the status of your Connector's Discover & Sync Operations" The Operations Page provides an overview of your connector's Discover \& Sync Operations, along with additional details for each. These operations are tracked using a table. - - To access a Connector's Operations Page, open **Manage Records \& Operations** for the connector you wish to edit, and then switch to the **\ Operations From (tool)** tab. - - # The Operations Table +![image](images/operations_page.png) -![](https://downloads.intercomcdn.com/i/o/991827471/4d72c3317f0291cd32911fa5/Screenshot+2024-03-14+at+2_10_33+PM.png?expires=1729720800&signature=383e48f88441677a74ca34118c501306bab4113071dccf81990a7c9d90f74c23&req=fSkmHst5mYZeFb4f3HP0gOmBiHLaYOL69I6UJegg%2FgTo8pPwwq0puToKhHMk%0AtVk%3D%0A) Each entry on the Operations Table is a record of an operation event, with the following traits: - - * **Type** describes whether the event was a **Sync** or a **Discover** operation. * **Status** describes whether the event ran successfully. * **Trigger** describes how the event was triggered \- was it a **Scheduled** operation which ran automatically, or a **Manual** operation which was triggered by a DefectDojo user? * The **Start \& End Time** of each operation is recorded here, along with the **Duration**. - - # **Next Steps** - -* Learn more about [Discover](https://support.defectdojo.com/en/articles/9056822-discover-operations) and [Sync](https://support.defectdojo.com/en/articles/9124820-sync-operations) operations from our guides. +* Learn more about [Discover](https://docs.defectdojo.com/en/connecting_your_tools/connectors/operations_discover/) and [Sync](https://docs.defectdojo.com/en/connecting_your_tools/connectors/operations_sync/) operations from our guides. diff --git a/docs/content/en/connecting_your_tools/connectors/operations_sync.md b/docs/content/en/connecting_your_tools/connectors/operations_sync.md index 79b9e08175b..6789e16cde2 100644 --- a/docs/content/en/connecting_your_tools/connectors/operations_sync.md +++ b/docs/content/en/connecting_your_tools/connectors/operations_sync.md @@ -7,7 +7,7 @@ The primary ‘Job’ of a DefectDojo Connector is to import data from a securit On a daily basis, DefectDojo will look at each **Mapped** **Record** for new scan data. DefectDojo will then run a **Reimport**, which compares the state of each scan. -# The Sync Process +## The Sync Process ### Where is my vulnerability data stored? @@ -15,17 +15,16 @@ On a daily basis, DefectDojo will look at each **Mapped** **Record** for new sca * The **Global Connectors** Engagement will track each separate Connection associated with the Product as a **Test**. * On this sync, and each subsequent sync, the **Test** will store each vulnerability found by the tool as a **Finding**. -## How Sync handles new vulnerability data +### How Sync handles new vulnerability data Whenever Sync runs, it will compare the latest scan data against the existing list of Findings for changes. * If there are new Findings detected, they will be added to the Test as new Findings. * If there are any Findings which aren’t detected in the latest scan, they will be marked as Inactive in the Test. -To learn more about Products, Engagements, Tests and Findings, see our [Core Data Classes Overview](https://support.defectdojo.com/en/articles/8545273-core-data-classes-overview). +To learn more about Products, Engagements, Tests and Findings, see our [Product Hierarchy Overview](https://docs.defectdojo.com/en/working_with_findings/organizing_engagements_tests/product-hierarchy-overview/). - -# Running Sync Manually +## Running Sync Manually To have DefectDojo run a Sync operation off\-schedule: @@ -33,11 +32,10 @@ To have DefectDojo run a Sync operation off\-schedule: ​ 2. From this page, click the **Sync** button. This button is located next to the **Mapped Records** header. -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1004529047/60f9b6df50f0d760de32f4f8/tLFaONBcKeFaybG7_YPdNx0Pk8yU2aSaANDTWiWkRL1NK9LJKyw7YMOD9Q0W6KUj6rQT8G9WvSeQrpzmVFyHWPaCTN3H_pvvdNYQo3queMqyyiB33wdbJFzBDm_QDbUGdRpRcsr8gzIH4arl2_6zLeQ?expires=1729720800&signature=824ac56f5e429a6841c7230f3097512452145aeb02b356d875b7a527e3f15e72&req=dSAnEsx8lIFbXvMW1HO4zSTetF5h5nFufHIHQsC%2F9kC8JSzNlTSMZg1aDUs5%0A89TQ%0A) +![image](images/operations_sync.png) # Next Steps - -* Learn how to set up the flow of data into DefectDojo through a [Discover operation](https://support.defectdojo.com/en/articles/9056822-discover-operations). -* Adjust the schedule of your Sync and Discover operations by [Editing a Connector](https://support.defectdojo.com/en/articles/9056787-add-or-edit-a-connector). -* Learn about Engagements, Tests and Findings with our guide to [Core Data Classes](https://support.defectdojo.com/en/articles/8545273-core-data-classes-overview). +* Learn how to set up the flow of data into DefectDojo through a [Discover operation](https://docs.defectdojo.com/en/connecting_your_tools/connectors/operations_discover/). +* Adjust the schedule of your Sync and Discover operations by [Editing a Connector](https://docs.defectdojo.com/en/connecting_your_tools/connectors/add_edit_connectors/). +* Learn about Engagements, Tests and Findings with our guide to [Product Hierarchy](https://docs.defectdojo.com/en/working_with_findings/organizing_engagements_tests/product-hierarchy-overview/). diff --git a/docs/content/en/connecting_your_tools/connectors/run_operations_manually.md b/docs/content/en/connecting_your_tools/connectors/run_operations_manually.md index 96d80c88f3e..4a23c3c2612 100644 --- a/docs/content/en/connecting_your_tools/connectors/run_operations_manually.md +++ b/docs/content/en/connecting_your_tools/connectors/run_operations_manually.md @@ -16,13 +16,13 @@ Select the tool which you want to test from **Configured Connections,** and clic * To have DefectDojo search for, and import new records from the API, click the **🔎 Discover** button. This button is located next to the **Unmapped Records** header. -![](https://downloads.intercomcdn.com/i/o/991836936/76086dea0cb2846d58bcb1fa/Screenshot+2024-03-14+at+2_21_22+PM.png?expires=1729720800&signature=0bb6b3d68adae5492db7928dbedec8559f10756593583259b65e25026988177e&req=fSkmHsp4lIJZFb4f3HP0gF3QGQtZ8dVqHD%2BP1iSP%2FmzeYzCXZIgTZHepumPU%0ACGw%3D%0A) +![image](images/run_operations_manually.png) ## Run Sync Manually * To have DefectDojo import new data from each Mapped Record, click the **Sync** button. This button is located next to the **Mapped Records** header. -![](https://downloads.intercomcdn.com/i/o/991838900/4910dc9a0b353c218a5077e4/Screenshot+2024-03-14+at+2_23_17+PM.png?expires=1729720800&signature=3300a0e96e57dc864fc6b64ba8b87ecd5551f1c3cf5017b7bdb8bc9a276f1970&req=fSkmHsp2lIFfFb4f3HP0gK3OFXi%2B%2BLng5nWOhwpc%2BdJQdRYzv2w4BBZ%2BRIh5%0AXAE%3D%0A) +![image](images/run_operations_manually_2.png) If there are no Mapped Records associated with this Connector, DefectDojo will not be able to import any data via Sync. You may need to run a Discover operation first, or map each record to a Product. diff --git a/docs/content/en/connecting_your_tools/external_tools.md b/docs/content/en/connecting_your_tools/external_tools.md new file mode 100644 index 00000000000..d9a4408fb0d --- /dev/null +++ b/docs/content/en/connecting_your_tools/external_tools.md @@ -0,0 +1,265 @@ +--- +title: "Universal Importer / Dojo-CLI" +description: "Import files to DefectDojo from the command line" +draft: false +weight: 2 +--- + +## About Universal Importer + +Universal Importer and Dojo-CLI are command-line tools designed to seamlessly upload scan results into DefectDojo. It streamlines both the import and re-import processes of findings and associated objects. These tools are flexible and supports importing and re-importing scan results, making it ideal for users who need robust interaction with the DefectDojo API. + +Dojo-CLI has the same functionality as Universal Importer but also includes the ability to export Findings from DefectDojo to JSON or CSV. + + +## Installation +1. Use the DefectDojo UI to download the appropriate binary for your operating system from the platform. + +2. Locate “External Tools” from your User Profile menu: + +![image](images/external-tools.png) + +3. Extract the downloaded archive within a directory of your choice. +Optional: Add the directory containing the extracted binary to your system's $PATH for repeat access. + +**Note that Macintosh users may be blocked from running Dojo-CLI or Universal Importer as they are apps from an unidentified developer. See [Apple Support](https://support.apple.com/en-ca/guide/mac-help/mh40616/mac) for instructions on how to override the block from Apple.** + +## Configuration +The Universal Importer can be configured using flags, environment variables, or a configuration file. The most important configuration is the API token, which must be set as an environment variable: + +1. Add your API key to your environment variables. +You can retrieve your API key from: `https://YOUR_INSTANCE.cloud.defectdojo.com/api/key-v2` + +or + +Via the DefectDojo user interface +in the user dropdown in the top-right corner: + +![image](images/api-token.png) + +2. Set your environment variable for the API token. + `export DD_IMPORTER_DOJO_API_TOKEN=YOUR_API_KEY` + +Note: On Windows, use `set` instead of `export`. + +## Command Line Options +The following options can be used when calling the Universal Importer. + +### Common Options (applicable to all commands): + +``` +--verbose +Enable verbose output for more detailed logging. (default: false) +--no-emojis, --no-emoji +Disable emojis in the output. (default: false) +--no-color +Disable color output. (default: false) +--help, -h +Show help information for the command. +--version, -v +Print the version of the Universal Importer. +``` + +## Usage: Import / Reimport +The Universal Importer supports two main commands: import and reimport. Dojo-CLI supports those two commands, and also supports export. + +### Import Command +Use the import command to import new findings into DefectDojo. + +**Import Basic syntax:** +``` +universal-importer import [options] +``` + +**Import Example:** +``` +universal-importer import \ + --defectdojo-url "https://YOUR_INSTANCE.cloud.defectdojo.com/" \ + --scan-type "burp scan" \ + --report-path "./examples/burp_findings.xml" \ + --product-name "dev" \ + --engagement-name "dev" \ + --product-type-name "Research and Development" \ + --test-name "burp-test-dev" \ + --verified \ + --active \ + --minimum-severity "info" \ + --tag "dev" --tag "tools" --tag "burp" --tag "test-dev" \ + --test-version "0.0.1" \ + --auto-create-context +``` + +### Reimport Command +Use the `reimport` command to extend an existing Test with Findings from a new report. + +**Reimport Basic syntax:** +`universal-importer reimport [options]` + +**Reimport Example:** +``` +universal-importer reimport \ + --defectdojo-url "https://YOUR_INSTANCE.cloud.defectdojo.com/" \ + --scan-type "Nancy Scan" \ + --report-path "./examples/nancy_findings.json" \ + --test-id 11 \ + --verified \ + --active \ + --minimum-severity "info" \ + --tag "dev" --tag "tools" --tag "nancy" --tag "test-dev" \ + --test-version "1.0" \ + --auto-create-context +``` +### Import/Reimport Options +The following are the command parameters, definition, and supported environment variables for the Import function. + +``` +--defectdojo-url value, -u value +The URL of the DefectDojo instance to import findings into. +$DD_IMPORTER_DEFECTDOJO_URL +--report-path value, -r value +The path to the report to import. +$DD_IMPORTER_REPORT_PATH +--scan-type value, -s value +The scan type of the tool. +$DD_IMPORTER_SCAN_TYPE +--product-type-name value, --pt value: +The name of the Product Type to import findings into. +$DD_IMPORTER_PRODUCT_TYPE_NAME +--product-name value, -p value +The name of the Product to import findings into. +$DD_IMPORTER_PRODUCT_NAME +--engagement-name value, -e value +The name of the Engagement to import findings into. +$DD_IMPORTER_ENGAGEMENT_NAME +--test-name value, --tn value +The name of the Test to import findings into - Defaults to the name of the scan type. +$DD_IMPORTER_TEST_NAME +--active, -a +Dictates whether findings should be active on import. (default: true) +$DD_IMPORTER_ACTIVE +--minimum-severity value, --ms value +Dictates the lowest level severity that should be imported. +Valid values are: Critical, High, Medium, Low, Info. (default: "Info") +$DD_IMPORTER_MINIMUM_SEVERITY +--tag value, -t value +Any tags to be applied to the Test object (can be used multiple times) +$DD_IMPORTER_TAGS +--verified, -v +Dictates whether findings should be verified on import. (default: false) $DD_IMPORTER_VERIFIED +--test-version value, -V value +The version of the test. +$DD_IMPORTER_TEST_VERSION +--api-scan-configuration value, --asc value +The ID of the API Scan Configuration object to use when importing or reimporting (default: 0) +$DD_IMPORTER_API_SCAN_CONFIGURATION +--auto-create-context, --acc +If true, the importer automatically creates Engagements, Products, and Product_Types (default: false) +$DD_IMPORTER_AUTO_CREATE_CONTEXT +--config value, -c value +The path to the configuration file. +$DD_IMPORTER_CONFIG_FILE +--engagement-id value, --ei value +The ID of the Engagement to import findings into. (default: 0) +$DD_IMPORTER_ENGAGEMENT_ID +Reimport Specific - Reimport can create new tests or update an existing test of the same scan / scope. +--test-id value, --ti value +The ID of the Test to reimport findings into. (default: 0) +$DD_IMPORTER_TEST_ID +``` + +## Usage: Export Command +Note that this command is only available with Dojo-CLI. + +To export Findings from Dojo-CLI, you will need to supply a configuration file which contains details explaining which Findings you wish to export. This is similar to the GET Findings method via the API. + +For assistance use `defectdojo-cli export --help`. + +#### Export Example: +``` +defectdojo-cli export \ + --defectdojo-url "https://your-dojo-instance.cloud.defectdojo.com/" +``` + +### Set Output Destination + +Specify one or both of these options depending on the export format you want to use: + +``` + --csv "./path/to/findings.csv" \ + --json "./path/to/findings.json" +``` +Note that Dojo-CLI will attempt to create a .csv or .json file if one does not exist already - your directory will need **write permissions** in order to do this. + +You can also create the file in advance with `touch findings.csv`, for example. + +### Filter Findings for Export + +These flags are all optional and can be used to filter out a specific list of Findings to be included in the export file. You can use any or all of these flags. +``` + --active "true" \ + --created "Past 90 days" \ + --cvssv3-score 0.0 \ + --cwe 589 \ + --date "Past 7 days" \ + --discovered-on "2019-01-01" \ + --discovered-after "2019-01-01" \ + --discovered-before "2019-01-01" \ + --duplicate "false" \ + --epss-percentile 0.0 \ + --epss-score 0.0 \ + --false-positive "false" \ + --is-mitigated "false" \ + --mitigated "Today" \ + --mitigated-on "2019-01-01" \ + --mitigated-after "2019-01-01" \ + --mitigated-before "2019-01-01" \ + --mitigated-by-ids 1 \ + --mitigated-by-ids 2 \ + --mitigated-by-ids 3 \ + --mitigated-by-names "user1" \ + --mitigated-by-names "user2" \ + --mitigated-by-names "user3" \ + --not-tags "tag1" \ + --not-tags "tag2" \ + --not-tags "tag3" \ + --tags "tag4" \ + --tags "tag5" \ + --tags "tag6" \ + --out-of-scope "false" \ + --out-of-sla "false" \ + --product-name-contains "dev" \ + --risk-accepted "false" \ + --severity "info" \ + --test-id 1 \ + --engagement "engagement_name" \ + --product-name "product_name" \ + --product-type-ids 1 \ + --product-type-ids 2 \ + --product-type-ids 3 \ + --product-type-names "product_type1" \ + --product-type-names "product_type2" \ + --product-type-names "product_type3" \ + --title-contains "title" \ + --under-review "false" \ + --verified "false" \ + --vulnerability-id 1 +``` + +**Complete Example** +This example specifies the URL, export format and a few filter parameters to create a list of Findings. + +``` +defectdojo-cli export \ + --defectdojo-url "https://your-dojo-instance.cloud.defectdojo.com/" + --json "./path/to/findings.json" \ + --active "true" \ + --created "Past 90 days" +``` + +## Troubleshooting +If you encounter any issues, please check the following: +- Ensure you're using the correct binary for your operating system and CPU architecture. +- Verify that the API key is set correctly in your environment variables. +- Check that the DefectDojo URL is correct and accessible. +- When importing, confirm that the report file exists and is in the supported format for the specified scan type. You can review the supported scanners for Defect Dojo in the documentation https://documentation.defectdojo.com/integrations/parsers/file/. + diff --git a/docs/content/en/connecting_your_tools/import_intro.md b/docs/content/en/connecting_your_tools/import_intro.md index 55b5a249636..588b4826787 100644 --- a/docs/content/en/connecting_your_tools/import_intro.md +++ b/docs/content/en/connecting_your_tools/import_intro.md @@ -8,7 +8,7 @@ One of the things we understand at DefectDojo is that every company’s security DefectDojo allows you to connect your security tools in a flexible way to match those changes. -# Scan Upload Methods +## Scan Upload Methods When DefectDojo receives a vulnerability report from a security tool, it will create Findings based on the vulnerabilities contained within that report. DefectDojo acts as the central repository for these Findings where they can be triaged, remediated or otherwise addressed by you and your team. @@ -19,26 +19,22 @@ There are four main ways that DefectDojo can upload Finding reports: * Via **Connectors** for certain tools, an ‘out of the box’ data integration * Via **Smart Upload** for certain tools, an importer designed to handle infrastructure scans - -## Comparing Upload Methods +### Comparing Upload Methods | | **UI Import** | **API Import** | **Connectors** | **Smart Upload** | | --- | --- | --- | --- | --- | | **Supported Scan Types** | All (see **Supported Tools**) | All (see **Supported Tools**) | Snyk, Semgrep, Burp Suite, AWS Security Hub, Probely, Checkmarx, Tenable | Nexpose, NMap, OpenVas, Qualys, Tenable | | **Can it be automated?** | Not directly, though method can be automated through API | Yes, calls to API can be made manually or via script | Yes, Connectors is a natively automated process which leverages your tool’s API to rapidly import data | Yes, can be automated via /smart\_upload\_import API endpoint | - -## Product Hierarchy +### Product Hierarchy Each of these methods can create Product Hierarchy on the spot. Product Hierarchy refers to DefectDojo’s Product Types, Products, Engagements or Tests: objects in DefectDojo which help organize your data into relevant context. - * **Vulnerability data can be imported into an existing Product Hierarchy**. Product Types, Products, Engagements and Tests can all be created in advance, and then data can be imported to that location in DefectDojo. * **The contextual Product Hierarchy can be created at the time of import.** When importing a report, you can create a new Product Type, Product, Engagement and/or Test. This is handled by DefectDojo through the ‘auto\-create context’ option. # Next Steps - * If you have a brand new DefectDojo instance, learning how to use the **Import Scan Form** is a great starting point. -* If you want to learn how to translate DefectDojo’s organizational system into a robust pipeline, you can start by consulting our article on **[Core Data Classes](https://support.defectdojo.com/en/articles/8545273-core-data-classes-overview)**. -* If you want to set up Connectors to work with a supported tool, see our **[Introducing Connectors](https://support.defectdojo.com/en/articles/9072654-introducing-connectors)** article. +* If you want to learn how to translate DefectDojo’s organizational system into a robust pipeline, you can start by consulting our article on [Product Hierarchy](https://docs.defectdojo.com/en/working_with_findings/organizing_engagements_tests/product-hierarchy-overview/). +* If you want to set up Connectors to work with a supported tool, see our [About Connectors](https://docs.defectdojo.com/en/connecting_your_tools/connectors/about_connectors/) article. diff --git a/docs/content/en/connecting_your_tools/import_scan_files/api_pipeline_modelling.md b/docs/content/en/connecting_your_tools/import_scan_files/api_pipeline_modelling.md index ef71757e8c8..90d840aecb8 100644 --- a/docs/content/en/connecting_your_tools/import_scan_files/api_pipeline_modelling.md +++ b/docs/content/en/connecting_your_tools/import_scan_files/api_pipeline_modelling.md @@ -46,7 +46,7 @@ If you need to access an API token for a script or another integration, you can -![](https://downloads.intercomcdn.com/i/o/1194909638/703454b50036cf2ca1a81f32/AD_4nXfIr4WW26929_IyD_QPSwgKNOuCOGjAmWDgSG8xspkV9wTnaSoAAZfDALaryqiB2oveX28Q6vjDKHvwmb0ifQeLHgBu0wiBj_3koRlREsgeVlqoaCXQsF0aKrEFRvW9nHbAcN7j3sZ5CYBf8PAlyIVdUUrv?expires=1729720800&signature=e40de8269826823a00522ded678a3c30dc87de5a6e19eeea8fc3af90cad39c9b&req=dSEuEsB%2BlIdcUfMW1HO4zeLU2UHEgkjAHhhk9dUYCHZLgsIxMijLHi39L0MB%0AIeeQ%0A) +![image](images/api_pipeline_modelling.png) ## General API Considerations diff --git a/docs/content/en/connecting_your_tools/import_scan_files/import_scan_ui.md b/docs/content/en/connecting_your_tools/import_scan_files/import_scan_ui.md index fdd4663f29d..9d4f361fd87 100644 --- a/docs/content/en/connecting_your_tools/import_scan_files/import_scan_ui.md +++ b/docs/content/en/connecting_your_tools/import_scan_files/import_scan_ui.md @@ -5,45 +5,29 @@ description: "" If you have a brand new DefectDojo instance, the Import Scan Form is a logical first step to learn the software and set up your environment. From this form, you upload a scan file from a supported tool, which will create Findings to represent those vulnerabilities. While filling out the form, you can decide whether to: - - * Store these Findings under an existing Product Type / Product / Engagement **or** * Create a new Product Type / Product / Engagement to store these Findings It’s easy to reorganize your Product Hierarchy in DefectDojo, so it’s ok if you’re not sure how to set things up yet. - - For now, it’s good to know that **Engagements** can store data from multiple tools, which can be useful if you’re running different scans concurrently. - - -# Accessing the Import Scan Form - +## Accessing the Import Scan Form The Import Scan form can be accessed from multiple locations: - 1. Via the **Import \> Add Findings** menu option on the sidebar 2. From a **Product’s** **‘⋮’ (horizontal dots) Menu**, from a **Products Table** 3. From the **⚙️Gear Menu** on a **Product Page** +## Completing the Import Scan Form -# Completing the Import Scan Form - - - -![](https://downloads.intercomcdn.com/i/o/1194906679/a60baa110d050daaa532a102/AD_4nXcEnbN_x3AjBNKGsmncJsN8_L1IlYrBpTMJZxytGO_e_VB8WJku0fWpCRW0b1TsvEYkBgPgQzO9qa4qhfu1PNFZA8SVuUXbnITNbsOcy4I4VUa-r2biSV8HZQ8YkF6-ymWuVITT4yJr6faw2pU4YoeOK7v-?expires=1729720800&signature=850b7c98efd22ee1657f19fb2dbb322a31a44ba2ae5c6bd9d20c14ba4597b79b&req=dSEuEsB%2Bm4dYUPMW1HO4zU0nB9s5bQTJ2NRVzn8adEyCFbo8CH9pmXxFmv4P%0AqUkB%0A) +![image](images/import_scan_ui.png) The Import Scan form will create a new Test nested under an Engagement, which will contain a unique Finding for each vulnerability contained within your scan file. - - The Test will be created with a name that matches the Scan Type: e.g. a Tenable scan will be titled ‘Tenable Scan’. - - -## Form Options - +### Form Options * **Scan File:** by clicking on the Choose button, you can select a file from your computer to upload. * **Scan Date (optional):** if you want to select a single Scan Date to be applied to all Findings that result from this import, you can select the date in this field. @@ -54,23 +38,15 @@ If you do not select a Scan Date, Findings created from this report will use the * **Tags:** if you want to use tags to further organize your Test data, you can add Tags using this form. Type in the name of the tag you want to create, and press Enter on your keyboard to add it to the list of tags. * **Process Findings Asynchronously**: this field is enabled by default, but it can be disabled if you wish. See explanation below. -## Process Findings Asynchronously - +### Process Findings Asynchronously When this field is enabled, DefectDojo will use a background process to populate your Test file with Findings. This allows you to continue working with DefectDojo while Findings are being created from your scan file. - - When this field is disabled, DefectDojo will wait until all Findings have been successfully created before you can proceed to the next screen. This could take significant time depending on the size of your file. - - This option is especially relevant when using the API. If uploading data with Process Findings Asynchronously turned **off**, DefectDojo will not return a successful response until all Findings have been created successfully, - - -## Optional Fields - +### Optional Fields * **Minimum Severity**: If you only want to create Findings for a particular Severity level and above, you can select the minimum Severity level here. All vulnerabilities with lower severity than this field will be ignored. * **Active**: if you want to set all of the incoming Findings to either Active or Inactive, you can specify that here. Otherwise, DefectDojo will use the tool’s vulnerability data to determine whether the Finding is Active or Inactive. This option is relevant if you need your team to manually triage and verify Findings from a particular tool. @@ -79,13 +55,9 @@ This option is especially relevant when using the API. If uploading data with Pr * **Source Code Management URI** can also be specified. This form option must be a valid URI. * **Group By:** if you want to create Finding Groups out of this File, you can specify the grouping method here. - -## Next Steps - +# Next Steps Once your upload has completed, you should be redirected to the Test Page which contains the Findings found in the scan file. You can start working with those results right away, but feel free to consult the following articles: - - -* Learn how to organize your Product Hierarchy to manage different contexts for your Findings and Tests: **[Core Data Classes](https://support.defectdojo.com/en/articles/8545273-core-data-classes-overview)**. +* Learn how to organize your Product Hierarchy to manage different contexts for your Findings and Tests: [Product Hierarchy Overview](https://docs.defectdojo.com/en/working_with_findings/organizing_engagements_tests/product-hierarchy-overview/). * Learn how to add new Findings to this test: **Reimport Data To Extend a Test** diff --git a/docs/content/en/connecting_your_tools/import_scan_files/smart_upload.md b/docs/content/en/connecting_your_tools/import_scan_files/smart_upload.md index 7e037b6512c..9fafb21b1ba 100644 --- a/docs/content/en/connecting_your_tools/import_scan_files/smart_upload.md +++ b/docs/content/en/connecting_your_tools/import_scan_files/smart_upload.md @@ -33,7 +33,7 @@ The Smart Upload menu is stored in a collapsible section of the sidebar. * **Unassigned Findings lists all Findings from Smart Upload which have yet to be assigned to a Product.** -![](https://downloads.intercomcdn.com/i/o/1194910967/0360afc3606c62b972b29fb0/AD_4nXeghMk_jectcbz_xSEWILQ6TKfMAkJFaYqtLjaeCgjscW0-H0BAM5M2oFQxB4aY4-R6qRcFp4G1-6HP3z9uc7_mICl5JSkxw9lRnKtH4OQBkoRuRYFbtBKMhENVa0HRsuEmH8n-S3vc7s0F_3uTyPOh8Rk?expires=1729720800&signature=182c23fcf2186f97130f369f44608461240088b1545d6053de9e107a589b3ee0&req=dSEuEsB%2FnYhZXvMW1HO4zQ9CTDLAIv7psFxRziJwPE1a%2B1rCBkMxAnkniABG%0AsM3u%0A) +![image](images/smart_upload.png) ## The Smart Upload Form @@ -43,7 +43,7 @@ The Smart Upload Import Scan form is essentially the same as the Import Scan for -![](https://downloads.intercomcdn.com/i/o/1194910970/28b48ec77b1b3fd2ff19d0ea/AD_4nXddw4i_wM6uS34D1FgNp6XXc4jS-LymrQ6-CrkG2zle6mAq9Kwec0c_OrrNiyyBVfm6val4zOm6Luw_NpJcENyk2QX3eGDaPFjQDutPDHq8mbIW5UZ5wTM5va2FfKi9iJszc90_Mmv5aK6SY5wxtN_fuqGF?expires=1729720800&signature=d3665007fd8712695fb627563c2d805a1805cc9b23aaf12c4ddee2bece914413&req=dSEuEsB%2FnYhYWfMW1HO4zXr9jg9CVymHsc8jFHm%2BzRoBsZZTnkdGy3G57DLP%0A1xVl%0A) +![image](images/smart_upload_2.png) # Unassigned Findings @@ -60,7 +60,7 @@ Unassigned Findings are not included in the Product Hierarchy and will not appea -![](https://downloads.intercomcdn.com/i/o/1194910969/b302152dd308050bc2cabb3f/AD_4nXf4caWaw6HYn1LqY5zv42mQztXQyeNWMmDwQVFRZ7smFzH7rvmZ4NCmDEA3gMVBkGwl51bSvK4sSAf7o8NjtDtuaxVJsC9PLLLbLU5coe0SFHDkoAS_WnqCYSyQbDWmpoNx7dfkLoDQDg9yCj6n8mnuWXqi?expires=1729720800&signature=b68b7f0d6ad8b8761fbd5abd6e390626dbd1a5eefc32911cd11fd94ffb0eb669&req=dSEuEsB%2FnYhZUPMW1HO4zdffFk2MwOJJkdNLPpAJSJFznXtdp%2Fn2TAS3J7sE%0A5jzx%0A) +![image](images/smart_upload_3.png) You can select one or more Unassigned Findings for sorting with the checkbox, and perform one of the following actions: diff --git a/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md b/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md index 34cdf235aa0..72525ace37c 100644 --- a/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md +++ b/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md @@ -28,7 +28,7 @@ The Test will track and separate each scan version via **Import History,** so th -![](https://downloads.intercomcdn.com/i/o/1194908628/52e2f3805bfbc2ef483e80f6/AD_4nXd1WNxopcweiK0ewbROIATPwKW6I4wRkMf83VQHOp3VGnwFbx3PIF_dKM_bTXxeRWdyOZRnXvlAIQUX4yPEwb0fg3P6NQZeRWY2qj6JN0T5BRaz2GZXGvbg-hWPmq2fhPCQHGUDdUMhQgFLkYN901McsDSw?expires=1729720800&signature=92270ab31ae91539655a6579d7f0b64bb18780ba93039b9457970b66e20edfbe&req=dSEuEsB%2BlYddUfMW1HO4zXlQLIbdnHicZ5UbPT1ZwpIiIYEWtY3aCewJOpvL%0Ab%2FjM%0A) +![image](images/using_reimport.png) # Reimport Logic: Create, Ignore, Close or Reopen @@ -88,7 +88,7 @@ The **Re\-Import Findings** form can be accessed on any Test page, under the ** ## -![](https://downloads.intercomcdn.com/i/o/1194908627/eb05840e395795550e54466f/AD_4nXfOUJldIKEa6Yr3NsphqeCAnOa-VlBgyLTYw0z_daFCQjNzdt_1way4w0t8nrX2ggjnllNAVqv6SfCn3BTfytYjATb6cf0tb6u-9ccz4QC6Qg8p_21aXACIMF1dTy2LeTSnpYtYwHEos9JKD5Hz7Ui4JUP7?expires=1729720800&signature=522addc1e53490316243b947db3014fcda398cf1a328d60f3473168682d55871&req=dSEuEsB%2BlYddXvMW1HO4zY5Pd0UWoQFJUVi4V0iRH%2B%2BKw1%2BMkgb%2BSEFmSpeX%0Ac54n%0A)## +![image](images/using_reimport_2.png) The **Re\-import Findings** **Form** will **not** allow you to import a different scan type, or change the destination of the Findings you’re trying to upload. If you’re trying to do one of those things, you’ll need to use the **Import Scan Form**. @@ -108,7 +108,7 @@ This table shows each Import or Reimport as a single line with a **Timestamp**, -![](https://downloads.intercomcdn.com/i/o/1194908626/72dc8e30a9f35b80e50c45d7/AD_4nXdjK_vtcbopS89UxEkLbbTF5yaKjNaEKoEbm15zq6m_yQcs8RTZWhGpD_FzaKFyp3p9ubrHfQPG1Hxa7mCuJN71_eK8f7gpiFRFrtLQavLz04J4odtBoN2HODhX-2bXgdK6hXZTQs5eoKiMU42BWc2aD7_s?expires=1729720800&signature=7e53ae3bd29381e3a20b8fdb72dd909c5271530c278fb5b1827217b0571218fa&req=dSEuEsB%2BlYddX%2FMW1HO4zaYdUMRuJgJFAp64fyc3gN8EIWfxL2bJjLRubpH%2B%0Amq%2Bo%0A) +![image](images/using_reimport_3.png) ## Actions diff --git a/docs/content/en/connecting_your_tools/parsers/generic_findings_import.md b/docs/content/en/connecting_your_tools/parsers/generic_findings_import.md new file mode 100644 index 00000000000..fa65af9d2d5 --- /dev/null +++ b/docs/content/en/connecting_your_tools/parsers/generic_findings_import.md @@ -0,0 +1,118 @@ +--- +title: "Generic Findings Import" +toc_hide: true +--- + +You can use Generic Findings Import as a method to ingest JSON or CSV files into DefectDojo which are not already in the supported parsers list. + +Files uploaded using Generic Findings Import must conform to the accepted format with respect to CSV column headers / JSON attributes. + +These attributes are supported for CSV: +- Date: Date of the finding in mm/dd/yyyy format. +- Title: Title of the finding +- CweId: Cwe identifier, must be an integer value. +- Url: Url associated with the finding. +- Severity: Severity of the finding. Must be one of Info, Low, Medium, High, or Critical. +- Description: Description of the finding. Can be multiple lines if enclosed in double quotes. +- Mitigation: Possible Mitigations for the finding. Can be multiple lines if enclosed in double quotes. +- Impact: Detailed impact of the finding. Can be multiple lines if enclosed in double quotes. +- References: References associated with the finding. Can be multiple lines if enclosed in double quotes. +- Active: Indicator if the finding is active. Must be empty, TRUE or FALSE +- Verified: Indicator if the finding has been verified. Must be empty, TRUE, or FALSE +- FalsePositive: Indicator if the finding is a false positive. Must be TRUE, or FALSE. +- Duplicate: Indicator if the finding is a duplicate. Must be TRUE, or FALSE + +The CSV expects a header row with the names of the attributes. + +Example of JSON format: + +```JSON +{ + "findings": [ + { + "title": "test title with endpoints as dict", + "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau", + "severity": "Medium", + "mitigation": "Some mitigation", + "date": "2021-01-06", + "cve": "CVE-2020-36234", + "cwe": 261, + "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "file_path": "src/first.cpp", + "line": 13, + "endpoints": [ + { + "host": "exemple.com" + } + ] + }, + { + "title": "test title with endpoints as strings", + "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau2", + "severity": "Critical", + "mitigation": "Some mitigation", + "date": "2021-01-06", + "cve": "CVE-2020-36235", + "cwe": 287, + "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "file_path": "src/two.cpp", + "line": 135, + "endpoints": [ + "http://urlfiltering.paloaltonetworks.com/test-command-and-control", + "https://urlfiltering.paloaltonetworks.com:2345/test-pest" + ] + }, + { + "title": "test title", + "description": "Some very long description with\n\n some UTF-8 chars à qu'il est beau2", + "severity": "Critical", + "mitigation": "Some mitigation", + "date": "2021-01-06", + "cve": "CVE-2020-36236", + "cwe": 287, + "cvssv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "file_path": "src/threeeeeeeeee.cpp", + "line": 1353 + } + ] +} +``` + +This parser supports an attributes that accept files as Base64 strings. These files are attached to the respective findings. + +Example: + +```JSON +{ + "name": "My wonderful report", + "findings": [ + { + "title": "Vuln with image", + "description": "Some very long description", + "severity": "Medium", + "files": [ + { + "title": "Screenshot from 2017-04-10 16-54-19.png", + "data": "iVBORw0KGgoAAAANSUhEUgAABWgAAAK0CAIAAAARSkPJAAAAA3N<...>TkSuQmCC" + } + ] + } + ] +} +``` + +This parser supports an attribute `name` and `type` to be able to define `TestType`. Based on this, you can define custom `HASHCODE_FIELDS` or `DEDUPLICATION_ALGORITHM` in the settings. + +Example: + +```JSON +{ + "name": "My wonderful report", + "type": "My custom Test type", + "findings": [ + ] +} +``` + +### Sample Scan Data +Sample Generic Findings Import scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/generic). \ No newline at end of file diff --git a/docs/content/en/dashboard/How-To: Edit Dashboard Configuration.md b/docs/content/en/dashboard/How-To: Edit Dashboard Configuration.md deleted file mode 100644 index 9c8e2d1e135..00000000000 --- a/docs/content/en/dashboard/How-To: Edit Dashboard Configuration.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: "How-To: Edit Dashboard Configuration" -description: "Customize or reset your dashboard metrics" ---- - -Superusers can choose which Metrics Charts are displayed on the Dashboard. To do this, select the **Edit Dashboard Configuration** option from the top\-right hand gear menu. - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099199280/bc9d8ae838857adef92e54ca/AD_4nXc3l7uyP-HlvtpuJ1V0oThgRAXeYWH8ZCqAL2zuiRHe25KzXOPyKYRB4z7tIHEEqRplgForVyHuWh4vX2Gv8k61sIhbmAa9IVtV9oMA8kkxNScTnCt54nKJp3omWs2_BB8bX7py_ZFQe7t5wZ7wQkEg8_o?expires=1729720800&signature=2af3a168547993f2aa8fef2121a0871ac49642fd78872e4d21a88493006edd76&req=dSAuH8h3lINXWfMW1HO4zTF5VEnWxvN3pLYOUUsrEr56s%2BU6cAiJk6OGXdnT%0AMhFT%0A) -This will open the **Dashboard Configuration Settings** window. - - - - -## Dashboard Configuration Options - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099199299/83aced4a30064409a0876f06/AD_4nXffuQ5nDf72sTyNr_x9pryABKjQ7us0xFvKMyGPalbRT5gelfueA_-wwjzPdFKrylyLoDUg0sakMcpd_9ti3j4j0sP76yKoWWnUbcm4U9AgkQhZeuYvsr941fISWUFiT8178OkQ3rPsW-e3WZxcXsZZCKKS?expires=1729720800&signature=63de51f18166abd09450ee5a90f98d366887f2d88f4001645e53b7d625ddf07d&req=dSAuH8h3lINWUPMW1HO4zVE8KDjr%2BWghghM%2BEiv2czQ1pbK%2FLaHKY2M8Y16i%0AGOZv%0A) -* **Display Graphs** determines whether or not the **Historical Finding Severity** and **Reported Finding Severity** charts are visible. -* **Display Surveys determines whether or not the Unassigned Answered Engagement Questionnaires table is visible.** -* **Display Data Tables determines whether or not the Top 10 / Bottom 10 Graded Products tables are visible.** - - - -# Reset Dashboard Configuration - - -If you would like to reset your Dashboard to a default state, you can do so by selecting **Reset Dashboard Configuration** from the top\-right hand gear menu. - - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099199316/e3bab1241fa652fa8bd51efe/AD_4nXfFJArc_GW-f8MIU7G32pk1CGo3MQp7cIfem1SjRP0v62R4BPfJtCEuJY1y6sOBzB4nvZ5np0C2yzqo0RVXG3HyR6aB6c-Rwk0LScMILABS8VLP0R1yNZXUD8h3xbxUBhZBl6h6RPqnHymbHoHPagBaqlnS?expires=1719856800&signature=0526cd5859a78ad75bcc5b70fc34bd2b46765555dde08904f63573db108ed0bc) - - - - -**Note that this will remove any Custom Dashboard Tiles which have been added to your instance.** - - diff --git a/docs/content/en/dashboard/Introduction to Dashboard Features.md b/docs/content/en/dashboard/Introduction to Dashboard Features.md deleted file mode 100644 index c6972d12ab6..00000000000 --- a/docs/content/en/dashboard/Introduction to Dashboard Features.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: "Introduction to Dashboard Features" -description: "Working with the front page of DefectDojo" ---- - -The Dashboard is likely the first page you'll see when you open DefectDojo. It summarizes your team’s performance, and provides tracking tools to monitor specific areas of your vulnerability tracking environment. - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099248472/507630ebe46f1e8aa4503560/AD_4nXcg1v8DMwyfzjBMZqMwfrre_0aX5rw7_Z4Rq7ovChpHvGqB_bERY7NIn_BPgPk4ZpIwM8uYCH93XvhcOslUD1XMuD0z_4L-lLRAt0_0Vrdk2YfJ9JsLnIKl7LF9J5OR0yF6fvgUd0D3zxlTpPX_KJjKCBbe?expires=1729720800&signature=1dc969c7b9e11b3ada4107ba15574ee5eb1c3b40e58c887eac6885b86f5839d6&req=dSAuH8t6lYVYW%2FMW1HO4zQyzfdSpho9jzf%2F8gMxshllJM3C4gseuDDW%2BQOFz%0Azjj6%0A) -The dashboard has two components: - - -* **Customizable Dashboard Tiles**, which you can use to visualize the metrics which are relevant to you. -* **Pre\-built Dashboard Charts**, which visualize your team’s overall performance. - -Each team member shares a single dashboard, but the results of the dashboard are restricted by their role and Product Membership. Team members will only see calculated stats for the Products, Engagements, Findings or other objects that they have access to. For more information, see our guides on [User Permissions and Roles](https://support.defectdojo.com/en/collections/8390373-user-permissions-roles). - - - - -# Dashboard Tiles - - -Tiles are designed to provide relevant information and speed up navigation within DefectDojo. - - - -![](https://downloads.intercomcdn.com/i/o/1099198236/2a80ebc78dde48b6b2276c86/crop+ss.png?expires=1729720800&signature=0c2ea009bd4cf434beac07443747470548f5a8fd457fe5a05b90cfdad4c6fee7&req=dSAuH8h3lYNcX%2FMW1HO4zYPWwqce5gycIa4Y%2BA69PP9lKEHPdB5nWRXVCQVh%0A%2Bms1%0A) -Tiles can: - - -* Act as shortcuts for particular sets of Findings, Products, or other objects -* Visualize metrics related to your Product -* Provide alerts on particular activity, track SLA Violations, failing imports or new Critical Findings - - -Tiles are pinned to the top section of your **🏠 Home** page. - - - -For more information about creating and editing Dashboard Tiles, see our guides on this topic**:** - - -* **[Dashboard Tile Summary](https://support.defectdojo.com/en/articles/9548109-dashboard-tile-reference)** -* **[Add, Edit or Delete Dashboard Tiles](https://support.defectdojo.com/en/articles/9548086-add-edit-or-delete-dashboard-tiles)** - - - -# Dashboard Charts - - -Located beneath Dashboard Tiles, DefectDojo has five pre\-built charts: - - - -* **Historical Finding Severity** pie\-chart -* **Reported Finding Severity** histogram, by month -* **Unassigned Answered Engagement Questionnaires** table -* **Top 10 Graded Products** table -* **Bottom 10 Graded Products** table - - -These charts can be added or removed from the dashboard via **[Dashboard Configuration](https://support.defectdojo.com/en/articles/9547802-edit-dashboard-configuration)**. - - - - -## Historical Finding Severity - - - -This chart organizes all Findings created in DefectDojo by Severity, so that you can see the overall distribution of vulnerability levels in your environment. - - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099248482/420121f96a020863e0862f90/AD_4nXemOWvoO9eYna7zSoGOS_wden_SqCQu-5fm5d7oIojCZgDA7oED9XKc6nU1OwdfwJDSUAMg4mmmsWzOyp8pqQs6qgA-Zd5DFffC26XSVaNteSuwSPOVJeV3_Cia-IgZ3iE2nySVjoCIkf6W3z1etNAxXTQ?expires=1729720800&signature=6ecc5526be162686489dd05c5a059c8af334ccf3bdef1d4e09f05b5e501e5dcb&req=dSAuH8t6lYVXW%2FMW1HO4zYoeTWHpH1BMIBuK2kPbraKaCDwBpN%2F%2BOykGzGQT%0AjxW4%0A) - -## Reported Finding Severity - - -This chart allows you to monitor the volume and severity distribution of incoming Findings per month. - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099248496/1948ce9decd80d7769336eb1/AD_4nXf5qvd3rc9oWm-U_EH4tStUaE9DIpj95GTjy2c14fPuJruU9RVXqyC-HcPBATRl_wvjJqOJIIKNPKE6Ucrcmz4goaed80ccsxRJ_-NtOqVfQ2bZEJJP8JiqUXdxSJKAg2dTO-bP-5HnHM9ch35IKa6nWlo?expires=1729720800&signature=cabc0ed0d22e97a0d91432b39a72b2db750b8398b0ae4df149cf6bde937bcc5d&req=dSAuH8t6lYVWX%2FMW1HO4zbc0daBz9ubRr57LSAefv4CemogsXMj5xFtLdII9%0A3OBH%0A) - -## Unassigned Answered Engagement Questionnaires - - -If you have completed Engagement Questionnaires for review, those will be listed in this table. - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099248510/c6c8087c483bcaa001d8cedb/AD_4nXcdZ_8hVOsXfZwh9Mk5XrZ8VJZLzVjK8WdYczPtHExzAf7brfCq4cZ_F12_PCFRWsvU_5ICIzqctb6cD4AJZfM0oeeTIVH9Y_HRv66p0CWG95g7NAmqXKcomrP3Q66nnWmypGiA_pg5h7cVjck20JoCYgFk?expires=1729720800&signature=3645887938704e50f084e6e153703012ba481da6dcb6ee42d3a71b460b848ae8&req=dSAuH8t6lYReWfMW1HO4zZqw72Twjcx8DHx8cYYRoH7jyAeFYqxpwzZoJdT2%0ATURK%0A) - -## Top 10 / Bottom 10 Graded Products - - -This section summarizes the Graded performance of each Product in your instance, counting the Highest and Lowest scoring Products. - - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099248519/bb35260a29b3521223111a39/AD_4nXdbQ0hhxFdtwBJuHkjTKYKDYwDBHprXWq9eFmUc0Lq_dLXU4Wf1ntQQp_RrLENp4w9fVf2MpLJvz0xIJbXZIXnXvf0wpryX3dWycOYGqQqGEOMR7HXE_z3sfHJ3oCxWaRAvcvgo-upcO0f0-aGxBv5SK29Y?expires=1729720800&signature=6df3b486f4a5ae601a07d327395fd9241a4760c77215ed805adeeed5fc612725&req=dSAuH8t6lYReUPMW1HO4zfJ4ezP3qlX0vv4X6YptNnM7fTBJMOvXDSq7Lcza%0Am7WX%0A) -Finding Counts of each severity are calculated by the tile, but note that Product Grade is only assigned based on Active Findings, so there may be Inactive Findings counted in this table which do not contribute to the Grade. - - - -To understand how grades are calculated, see our guide to **[Product Health Grading](https://support.defectdojo.com/en/articles/9222109-product-health-grading)**. - - - - -# Next Steps - - -* Change or reset your dashboard display by **[editing your dashboard configuration](https://app.intercom.com/a/apps/tj2vh1ie/articles/articles/9547802/show)**. -* Learn how to customize your DefectDojo instance with **[custom Dashboard Tiles](https://app.intercom.com/a/apps/tj2vh1ie/articles/articles/9548109/show)**. diff --git a/docs/content/en/dashboard/Introduction_dashboard.md b/docs/content/en/dashboard/Introduction_dashboard.md new file mode 100644 index 00000000000..422f012e4fa --- /dev/null +++ b/docs/content/en/dashboard/Introduction_dashboard.md @@ -0,0 +1,78 @@ +--- +title: "Introduction to Dashboard Features" +description: "Working with the front page of DefectDojo" +--- + +The Dashboard is likely the first page you'll see when you open DefectDojo. It summarizes your team’s performance, and provides tracking tools to monitor specific areas of your vulnerability tracking environment. + +![image](images/Introduction_to_Dashboard_Features.png) +The dashboard has two components: + +* **Customizable Dashboard Tiles**, which you can use to visualize the metrics which are relevant to you. +* **Pre\-built Dashboard Charts**, which visualize your team’s overall performance. + +Each team member shares a single dashboard, but the results of the dashboard are restricted by their role and Product Membership. Team members will only see calculated stats for the Products, Engagements, Findings or other objects that they have access to. For more information, see our guides on [User Permissions and Roles](https://docs.defectdojo.com/en/user_management/about-permissions--roles/). + +# Dashboard Tiles + +Tiles are designed to provide relevant information and speed up navigation within DefectDojo. + +![image](images/Introduction_to_Dashboard_Features_2.png) + +Tiles can: + +* Act as shortcuts for particular sets of Findings, Products, or other objects +* Visualize metrics related to your Product +* Provide alerts on particular activity, track SLA Violations, failing imports or new Critical Findings + +Tiles are pinned to the top section of your **🏠 Home** page. + +For more information about creating and editing Dashboard Tiles, see our guides on this topic**:** + +* [Dashboard Tile Summary](https://docs.defectdojo.com/en/dashboard/about_custom_dashboard_tiles/) +* [Add, Edit or Delete Dashboard Tiles](https://docs.defectdojo.com/en/dashboard/add_edit_delete_dashboard_tiles/) + +## Dashboard Charts + +Located beneath Dashboard Tiles, DefectDojo has five pre\-built charts: + +* **Historical Finding Severity** pie\-chart +* **Reported Finding Severity** histogram, by month +* **Unassigned Answered Engagement Questionnaires** table +* **Top 10 Graded Products** table +* **Bottom 10 Graded Products** table + +These charts can be added or removed from the dashboard via **[Dashboard Configuration](https://docs.defectdojo.com/en/dashboard/how-to-edit-dashboard-configuration/)**. + +### Historical Finding Severity + +This chart organizes all Findings created in DefectDojo by Severity, so that you can see the overall distribution of vulnerability levels in your environment. + +![image](images/Introduction_to_Dashboard_Features_3.png) + +### Reported Finding Severity + +This chart allows you to monitor the volume and severity distribution of incoming Findings per month. + +![image](images/Introduction_to_Dashboard_Features_4.png) + +### Unassigned Answered Engagement Questionnaires + +If you have completed Engagement Questionnaires for review, those will be listed in this table. + +![image](images/Introduction_to_Dashboard_Features_5.png) + +### Top 10 / Bottom 10 Graded Products + +This section summarizes the Graded performance of each Product in your instance, counting the Highest and Lowest scoring Products. + +![image](images/Introduction_to_Dashboard_Features_6.png) + +Finding Counts of each severity are calculated by the tile, but note that Product Grade is only assigned based on Active Findings, so there may be Inactive Findings counted in this table which do not contribute to the Grade. + +To understand how grades are calculated, see our guide to **[Product Health Grading](https://docs.defectdojo.com/en/working_with_findings/organizing_engagements_tests/product-health-grade/)**. + +# Next Steps + +* Change or reset your dashboard display by **[editing your dashboard configuration](https://docs.defectdojo.com/en/dashboard/how-to-edit-dashboard-configuration/)**. +* Learn how to customize your DefectDojo instance with **[custom Dashboard Tiles](https://docs.defectdojo.com/en/dashboard/about-custom-dashboard-tiles/)**. diff --git a/docs/content/en/dashboard/About Custom Dashboard Tiles.md b/docs/content/en/dashboard/about_custom_dashboard_tiles.md similarity index 52% rename from docs/content/en/dashboard/About Custom Dashboard Tiles.md rename to docs/content/en/dashboard/about_custom_dashboard_tiles.md index 36553fc2c9f..7969b0ced90 100644 --- a/docs/content/en/dashboard/About Custom Dashboard Tiles.md +++ b/docs/content/en/dashboard/about_custom_dashboard_tiles.md @@ -5,36 +5,28 @@ description: "How to make Dashboard Tiles work for you, with examples" Dashboard Tiles are customizable sets of filters for your DefectDojo instance, which can be added to your 🏠 **Home** dashboard. Tiles are designed to provide relevant information and speed up navigation within DefectDojo. +![image](images/About_Custom_Dashboard_Tiles.png) - -![](https://downloads.intercomcdn.com/i/o/1099250898/404bca1e149473568dff200d/crop+ss.png?expires=1729720800&signature=47755368f0a8dbdca29e39525f65564a22b025d67e9b51796368e16018d77ad2&req=dSAuH8t7nYlWUfMW1HO4zXvTdcWRXscEwUdV8OwjwmK0av2hoFfHDgIB50xI%0AUOa8%0A) Tiles can: - * Act as shortcuts for particular sets of Findings, Products, or other objects * Visualize relevant metrics related to your Product * Provide alerts on particular activity, track SLA Violations, failing imports or new Critical Findings - -# Tile Components - +## Tile Components Each Tile contains four main components: +![image](images/About_Custom_Dashboard_Tiles_2.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245892/8c5490bb29d7b4f030a18ef9/AD_4nXfwA_eCPCfAA35-lMO4ffSlKcvHfRXwVCfFDwhhILI4jjUZMzwGrpuze1U96t0j4qyHvA1qas-A2uyPNjTezdaiyifnvU0ek_M0u6cQrEy_5l6q-VHfH3GOyqKu9xMCwgptjGZ2seU0MFI1Xkcu9dR1kI9h?expires=1729720800&signature=41cd9a22f70dc51017855672d3c10ed400370dce7729030fcacb9a30bbfdb670&req=dSAuH8t6mIlWW%2FMW1HO4zTGMWjMSWgYAIBlHC20hq4YJxOp35zLpAV2AKudY%0AxcC2%0A)1. **A customizable icon**. You can choose an icon and color for the Tile. If you wish, you can also have an icon’s color dynamically change from Green \-\> Yellow \-\> Red based on a value range. 2. **A count of each object** that meets the Tile’s filter conditions. For example, a Findings Tile will count the number of Findings filtered by the Tile. 3. **A customizable Header** which can be set to describe the function of the tile. 4. **A customizable Footer** which brings you to the related list of objects. For example, a Findings Tile’s footer will bring you to a list of Findings filtered by the Tile. - -# Types of Dashboard Tiles - +## Types of Dashboard Tiles There are eight Tiles which you can choose from. These Tiles are explained in more detail below, along with examples of usage. - * **Product Tile** * **Engagement Tile** * **Test Tile** @@ -43,103 +35,66 @@ There are eight Tiles which you can choose from. These Tiles are explained in mo * **Scan Time Violation Tile** * **Product Grade Tile** - -## Product, Engagement or Test Tile - +### Product, Engagement or Test Tile These Tiles allow you to quickly select a list of Products, Engagements or Tests based on the filter parameters you set. You can use this tile for ease in navigation. +![image](images/About_Custom_Dashboard_Tiles_3.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245901/b112e4dad8eb3e5049511371/AD_4nXe9B73G54RwB-G88nnS6oWo96n7-ggZLSbxb03a3DTZFdOgK6pZCJ83ExAHSmm_rWeexZhloErMfRDwdAHXjspkQcOPNths4hog-Q8j-rYMNEZWwG3TL-14qN2aGsbiEDQ4MfL5LEhY59tAjd9KSwMZXKsu?expires=1729720800&signature=d41ebdcc51f9fa05c6b486bca83ed159f1a822d06b30eb37f8db6259bac98588&req=dSAuH8t6mIhfWPMW1HO4zdZejHhWdEsouZLWNlyGuZ1y1tEPtQosw3hz%2FaB8%0ANP1g%0A) The number on the tile represents the count of objects (Products, Engagement or Tests) contained within the tile’s filter parameters. Clicking the footer will take you to a filtered list of those objects. - - - -### Example: Monitoring Engagements In Progress - +#### Example: Monitoring Engagements In Progress If you want to create a list of your In\-Progress Engagements in DefectDojo, you can set up an Engagement tile which filters for that condition. - - * Create an Engagement tile, and from the Tile Filters set **Engagement Status** to **In Progress**. * To make sure your Tile is accurately labeled, set the Header of your tile to ‘**Engagements In Progress**’. - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245912/fbc3e96d9d0fcb6d5f36876a/AD_4nXcAxJNLB-hf2RqEhI0ApBz5EqzvIX-MB9MW_viUJbAPM0NXSIo4kk4ajQbYTctDUFnUpIaSPxbg1eaajU9Ao5hypkRwk9hyyKIlwR2j7htrHO8PnRMzzFqMa0NbnhwvwMi6Z75k-xwtept8fAWjH_q7mSs?expires=1729720800&signature=2ee53595f377fca87ebddf6c7bab00ea121a652ab5dc910d75e9a9764394d220&req=dSAuH8t6mIheW%2FMW1HO4zb%2BODrc%2FMT4hTmvrqb%2F4TR81TT64e2rou8sF0eVH%0AIROi%0A) +![image](images/About_Custom_Dashboard_Tiles_4.png) You could also create Engagement tiles for one or more other states, such as **Blocked** or **Completed**. - - - -## Finding Tiles - +### Finding Tiles Finding tiles provide a count of Findings based on the filter parameters you set. As with other tiles, clicking the Footer will take you to a list of the Findings set by the tile. +![image](images/About_Custom_Dashboard_Tiles_5.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245918/c31bd5f3c478f0794684ed8c/AD_4nXdQgDy4rs29A5pCHDk6WlmKCYsvYajy44FSDTk9aSNPGvozAtvwO7XB8TI0K3xOAk3C1IHNJ1CqaphczS9LofLi2z_omnckucKgoYruz1Sdu_WgAisjkeBfauB_lbxmM837lqYzu4bb17GNO9256vGWB8j2?expires=1729720800&signature=73a1f802703e4119f8ff8ef835fa97f67d6ffb75e8b3b15f65d56645fa578f5a&req=dSAuH8t6mIheUfMW1HO4zePORVTEqkdK7iVtN6jVbCivpEjFJfAY6ZTPQhS2%0ABCjN%0A) Using filter parameters you can track Findings in a particular state or time period. - - - -### Example: Monitoring Critical Findings - +#### Example: Monitoring Critical Findings If you wanted to be able to quickly access all of your Critical Findings in DefectDojo, you could do this by creating a tile. - * Create a Finding tile, and from the Tile Filters set **Severity** to **Critical**. * To make sure your Tile is accurately labeled, set the Header of the tile to ‘**Critical Findings**’. - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245930/9d5a6973c9366eae8dd6d4fd/AD_4nXcOjKshzyqeUHif7KrbeORDKe6FM4G7JvOBPWho1gZ0uR1hifDZXCklCQEUI4ulYkDPqjEUUBNgD5MX_hD7LMbrIP2YGgHEVIdw41o-z3j3C7VXegFZeCzpH5_RBr71aPDKnvRZnSwRqQW2ewml3_xDOp_Q?expires=1729720800&signature=93c118122b6efb5a518410e4a2cbf70556ffef24a1e494a29702c40a51079f03&req=dSAuH8t6mIhcWfMW1HO4zds8nsJ%2BgxUjuYiv%2BPz4Mwo2u3E6reaEF5MS7Xh8%0A902S%0A) +![image](images/About_Custom_Dashboard_Tiles_6.png) You can add additional filter parameters to make this tile more functional for your use\-case. For example, if you wanted this tile to only track Open Findings (and ignore any Mitigated Findings) you could set the **Active** filter to **Yes.** - - - -## Endpoint Tiles - +### Endpoint Tiles If you need to keep track of particular Endpoints, you can set up a Tile to quickly navigate to a filtered list. This tile can be set up to filter by Host, Product, Tags or other parameters that are relevant to the Endpoints you want to track. +![image](images/About_Custom_Dashboard_Tiles_7.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245937/ad144be9ff33a8b4444ff590/AD_4nXepUNZnVXHIVsbpfvfC2h13w6jXUANG9sQft3ZvHGvSIBqFrbm7AYjHTdAdUXO4IhJHm-oECJLF2YoadKyiS3w5FUPlXBhtimVZs0NCARKipuX-ej0GYxT-i3W2Y07qTmZRYvPUa0OLzQ4seyWPLURoINu2?expires=1729720800&signature=481c9153d83cdea99fab30278788d03f09773f2d7f91c72d37d63757d2ecccd0&req=dSAuH8t6mIhcXvMW1HO4zQSsYYNUM4kbREMXvQBnaYsMgeVUTYM8epzxTFjX%0AHCqU%0A) Clicking the footer on this tile brings us to a filtered list of Endpoints which displays their status. DefectDojo will only create and track Endpoints with related vulnerabilities, so this will not include any Endpoints which have no vulnerabilities reported. - - - -### Example: Monitor All Endpoints With Same Host - +#### Example: Monitor All Endpoints With Same Host If you wanted to use Endpoints to look at vulnerabilities on a certain part of your architecture, regardless of the associated Product, you could use an Endpoint Tile to filter for a particular URL. From there, you could see all Findings associated with that part of your network. - * Create an Endpoint tile. For this example, we are setting the Host Contains field to **‘centralaction\-items’**, as that string is part of many Endpoint URLs in our infrastructure.​ * Set your Header to a title which describes the intended function of your tile. In this example, we used **‘Host: centralaction\-items’**. +![image](images/About_Custom_Dashboard_Tiles_8.png) -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245947/ac7f51e4310dde5b009dc512/AD_4nXec8wyXhKtfWyVct5icqvYQd1nWnE5iNqtad32P_fhIUOq7k_k7WCo2CiMoWYER9z61ZtohDHWe3OMThel5ZYr4BeV2uq64R4RiMmwh1mNY8OIHryj13mrFuuce3ubctxNoI1BUd3dc2YuOxPC5mD6is2VE?expires=1729720800&signature=72bfb702926099be4ca954ebfa9fca7e549329e16711abe9523273b76efcdc33&req=dSAuH8t6mIhbXvMW1HO4zbw1aZZSF3S5xTEJsUC0GtABK4hktPq3myVycpsp%0AHWm9%0A) - -## SLA Violation Tile - +### SLA Violation Tile This Tile counts Findings which are at risk of violating SLA. It can be set to track all Products, or specific Products chosen from a list. - - - -### Example: Findings Approaching SLA Violation - +#### Example: Findings Approaching SLA Violation If you want to create a filter for Findings which are within 7 days of SLA expiration, you can set up your filter parameters to track this. When setting the Filter parameters for the SLA Violation tile, set **‘Days Before Expiration’** to **7**. Select either All Products, or a list of specific Products. @@ -147,87 +102,50 @@ If you want to create a filter for Findings which are within 7 days of SLA expir Set the Header to describe the filter you’re applying, for example ‘SLA Violation \- 3 Days Or Less’. - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245955/8576606b4010df4c361aa1fa/AD_4nXdGwX6vqdPr4ITjvsq5rJsgO8MwddFTN86EnUq9JKUtibQkXX5xZxVX1IDU3UeZ6WhMIj1dGz_GvxxdgyABTq4rFD0GlDRNvLsqioGJ4NLisrE5xIFjYyHwly9HywdgQc7vuu5WzGzzjv5_4x6vU0FiPutW?expires=1729720800&signature=ac8049bcc6095a8ae237a61e0cbb83eab4c3f1ff71d5b5d8e430f7358b071eb1&req=dSAuH8t6mIhaXPMW1HO4zfBDR3ICj1QmtNLC6aB8BxNW6Qwmak%2FkhLOGcbI4%0Alc78%0A) +![image](images/About_Custom_Dashboard_Tiles_9.png) Clicking on the footer will bring you to a list of these Findings for you to address. This tile only tracks Active Findings, but will also track Findings with an expired SLA. - -## - - -## Scan Time Violation Tile - +### Scan Time Violation Tile This Tile is used to track specific Products to ensure that new scan data is being added on a regular basis. - - -If there are particular Products which you’re scanning on a regular interval, you can use this tile to ensure your tools and imports are running as expected. - - +ere are particular Products which you’re scanning on a regular interval, you can use this tile to ensure your tools and imports are running as expected. This Tile will return a count and related list of Products which have **not** had new scan data added in the interval you’ve defined. - - - -### Example: Automation Tracking - - +#### Example: Automation Tracking If you have scanning tools set to run on a weekly basis, you can use this tile to make sure those automated processes are working correctly. - * From the Tile filters, select the target Products where the scan data will be imported via automation. Set the Days Since Last Scan field to ‘Past Week’. * Set a descriptive name in the Header which communicates the interval you’re testing. - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245967/9745f21ae3614d9e6406f93a/AD_4nXcVb37xVMoICT7P7w1L8p0VjGYhfGFZZh7m4tO8wfatKebv8pvDhML9sZsuIJ-okh-Oyg9Cahd5M408PtzTbM0ym0qHKwNW99lB9uWiivL9PtD2vPS7NDLG0ZS09ldr7fX-iRB1q5noG0dVGcXIaJ6yvV1P?expires=1729720800&signature=1579ee824aab9d78f6d9125625c48f9162927bb4fb3fc6d861dd707392afa122&req=dSAuH8t6mIhZXvMW1HO4zXyP7F7Ov9ecGvye0gQcHXd8pHK41FspsCfWSlpI%0AUS2o%0A) +![image](images/About_Custom_Dashboard_Tiles_10.png) If you have multiple scanning intervals that you want to monitor, you can set up multiple tiles to track each one. - - - -## Product Grade Title - +### Product Grade Title This Tile compares the Product Grade of all Products on your instance, so that you can track any Products which do not meet your grading standard. - - This tile uses a comparison operator (\<, \=, \<\=, \>\=) to track Products which equal, exceed or fail to meet the Product Grade which you want to monitor. - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245976/c64f3cd3a4ba9c82a287d9e4/AD_4nXfzYr-U2z4sQS5f5jzQdW-tGdUKipO2kXoznkzRP8sbGQ9rz_OW0glHfS21OrlrFxkOOVZdkZckwMnbjwrVU4UIxdMzUUjw_PwTMQ9waw6O29lynkHKh1vl2aSkt7vGq4VlIdTutW3qCYyxESOREJI4eMU?expires=1729720800&signature=ed32f49d6a96f11c7871b35f2efdfa70024e72c4397cba6044c772daffd1ca3e&req=dSAuH8t6mIhYX%2FMW1HO4zUlOMyAwa%2FpBhtlqZBy0rpjWQWAVKiIeJ7OUh0%2Ft%0A%2BpJ%2B%0A) -For more information on how Product Grades are calculated, see our article on [Product Health Grading](https://support.defectdojo.com/en/articles/9222109-product-health-grading). - - - +![image](images/About_Custom_Dashboard_Tiles_11.png) +For more information on how Product Grades are calculated, see our article on [Product Health Grading](https://docs.defectdojo.com/en/working_with_findings/organizing_engagements_tests/product-health-grade/). ### Example: Track Failing Products - If you want to quickly access Products in your instance which do not meet your Grading standard, you can set up a Tile which handles that calculation. The Grading standard used in this example is ‘Less Than C’: we want our tile to flag any Products with a Grade of D or lower. - * Create a Product Grade Tile. From the Filters list, set the Grade which you consider ‘failing’. In this case we’ll select C. * In the Filters list, set a **Comparison Operator** to determine the logic used in counting your failing Products. In this case, we’ll select **‘Less Than’**. - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245981/9235ca4f8edd03d04806bd4c/AD_4nXemS4UCV0AVT6i_1iVxwaYBT6aowID4cBzTB5Nmea3Y5HR2YlfmG88L0I7YLoBcXg_0r7CRiK2ZKGCrUlh5uspt7BNu8HHbE30uFedUPqXwAh03n5fMOsiFy5AWe9D7Dm3g1b_8lGJllo_wNU7BAjpGLoR9?expires=1729720800&signature=c78666efc2b09a6f852441e9ded672fb57406790f12dfe7ae6221dc84bba2423&req=dSAuH8t6mIhXWPMW1HO4zUEUoC3vBLQ%2FkccLXG3isEf2Dqdz%2BHIVM%2BRSJM2u%0ANk%2Fh%0A) +![image](images/About_Custom_Dashboard_Tiles_12.png) As with other Product related Tiles, you can set the Tile to look at All Products in your instance, or only a specific list of Products. - - # **Next Steps:** - -* Learn how to **[Add, Edit or Delete your Dashboard Tiles](https://support.defectdojo.com/en/articles/9548086-add-edit-or-delete-dashboard-tiles)**. -* For more detailed descriptions of Tile Filters, see our **[Tile Filter Index](https://support.defectdojo.com/en/articles/9548086-add-edit-or-delete-dashboard-tiles#h_0339dd313b)**. - - +* Learn how to [Add, Edit or Delete your Dashboard Tiles](https://docs.defectdojo.com/en/dashboard/how-to-add-edit-or-delete-dashboard-tiles/). +* For more detailed descriptions of Tile Filters, see our [Tile Filter Index](https://docs.defectdojo.com/en/dashboard/add_edit_delete_dashboard_tiles/#tile-filter-index). diff --git a/docs/content/en/dashboard/How-To: Add, Edit or Delete Dashboard Tiles.md b/docs/content/en/dashboard/add_edit_delete_dashboard_tiles.md similarity index 87% rename from docs/content/en/dashboard/How-To: Add, Edit or Delete Dashboard Tiles.md rename to docs/content/en/dashboard/add_edit_delete_dashboard_tiles.md index e479131a47c..c6b2a86e713 100644 --- a/docs/content/en/dashboard/How-To: Add, Edit or Delete Dashboard Tiles.md +++ b/docs/content/en/dashboard/add_edit_delete_dashboard_tiles.md @@ -5,108 +5,69 @@ description: "Set up custom filters to track your work" Custom Dashboard Tiles can be added, edited or deleted by any user with **Superuser** Permissions. - - - -# Adding a new Dashboard Tile - +## Adding a new Dashboard Tile New Dashboard tiles can be added by opening the **\+** (plus icon)menu on the Dashboard. New Dashboard tiles will always be created at the bottom of the Dashboard Tiles section. - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099242883/d09d09f605fa9c0c98d48da0/AD_4nXffF2tsgbJPbwaqtzDJsLNehJTI5sVTtweUKKcjlZSbYW6mGSGG3-p5lwnhzvjID3ILgUJY5zp5eIhdfcNkXE22WQSAUZZLL3IPN2NWvP9LPQkdjZjwj4PyttAzEVlv6NsL6SDr681vc1HjlQsJUwyWg5Y?expires=1729720800&signature=fda39a3ac402f593b4de9106165c30ecba372d0639a621d9183a68da5e89f865&req=dSAuH8t6n4lXWvMW1HO4zZXQQjy5PbqnpMBkHB25%2BKjWEA6rK2wKVSwRBNjm%0A4Yn%2B%0A) +![image](images/How-To_Add,_Edit_or_Delete_Dashboard_Tiles.png) Select the kind of Tile you want to add, which will then bring you to the Add Dashboard Tile form. - - - ### Editing a Dashboard Tile - If you wish to edit a Dashboard Tile, you can click the Header of the Tile, which will also open the Dashboard Tile form. - - - ## Add / Edit Dashboard Tile form - From here you can set your Dashboard Tile’s options: +![image](images/How-To_Add,_Edit_or_Delete_Dashboard_Tiles_2.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099242892/0f6d28c17eb945dc9a664f12/AD_4nXfwA_eCPCfAA35-lMO4ffSlKcvHfRXwVCfFDwhhILI4jjUZMzwGrpuze1U96t0j4qyHvA1qas-A2uyPNjTezdaiyifnvU0ek_M0u6cQrEy_5l6q-VHfH3GOyqKu9xMCwgptjGZ2seU0MFI1Xkcu9dR1kI9h?expires=1729720800&signature=c1f05273e9a6b61f544c2e7f553d40964e42b4ee754cfda648f04da8f88e335f&req=dSAuH8t6n4lWW%2FMW1HO4zfHMOEzjomzC7%2FartNm051WDmNHk8wVBaG7sAp8N%0A5VWd%0A)* Select an **Icon** for your tile (**1\)** * Set the **Header** textfor your tile **(3\)** * Set the **Footer** textfor your tile * Set the **Color** of your icon -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099242903/bb5ab796524526528cd1d7fd/AD_4nXeXuNIrQ5AXGATNXhoh6Z5hXpLdx7yp-_7A64YDXxXvnWfmYmK6BYTGsecP_z7ZPCVJoNELKotvd-zwwF1yCiQkgq8K4JY6eMUo6Nt8y0oGuHiZWs5x0EvkfgVRDHfwIEgt9VqCfshIYXtwOGjlOsn3kRjJ?expires=1729720800&signature=d3ee3511691e6818c6e3da833f64365971ca7a3167c290acf2775d4c73cbc1e4&req=dSAuH8t6n4hfWvMW1HO4zQZnKZov%2FceWz7096CXLjrLzFiy69E4isnopgvGw%0AHYNn%0A) +![image](images/How-To_Add,_Edit_or_Delete_Dashboard_Tiles_3.png) ## Dynamic Color Tile - If you want to set your tile to change color based on the associated count of Findings, Products or other objects returned by the filter, you can enable **Dynamic Color Tile** in this menu. The color of the tile Icon will change from Green \-\> Yellow \-\> Red as the object count changes. - * **Dynamic Color Minimum is the bottom of the range. If the Object count is equal to or less than this number, the tile Icon will be set to Green.** * **Dynamic Color Maximum** is the top of the range. If the Object count is equal to or greater than this number, the tile Icon will be set to Red. * Any number between the Minimum or the Maximum will set the filter to Yellow. - - ### **Example 1: Critical Findings Count** - Say you wanted to set up a Dynamic Color Tile to track our Critical Findings. You can set your Dynamic Color parameters as follows: - * Set **Dynamic Color Minimum** to 0\. As long as you have 0 active Critical Findings, this tile will be **Green**. * Set **Dynamic Color Maximum** to 5\. If you have 5 or more Critical Findings active in our environment, the tile will turn **Red** to indicate there’s timely action required to address these Findings. * If you have 1\-4 Critical Findings in your instance, the filter will be **Yellow** to indicate that we’re not in an ‘emergency’ situation but we should be aware of these Findings. - Of course, your team’s standards and acceptable range for this kind of filter may differ from our example. - - ## Inverted Maximum and Minimum - If your Maximum is lower than your Minimum, the range will still compute correctly. - - **Example 2: Passing Products Count** - Say you wanted to set up a Tile which tracks your Passing Products with a Dynamic Color. An acceptable count of Passing Products for you is 5 or more, and a ‘failing’ state is 2 or fewer Passing Products. - - You can set your **Dynamic Color Maximum** of 2, and a **Dynamic Color Minimum** of 5, the Tile will apply colors as follows: - - * If the filter returns 2 Objects or fewer , the tile will be **Red**, indicating that very few of your Products are passing. * If the filter returns 5 Objects or greater, the tile will be **Green**, indicating that a healthy amount of your Products are passing. * If the filter returns a value between those two numbers, the tile will be **Yellow**, indicating that a significant, but non\-critical amount of your Products are not passing. - -# Tile Filter Index - +## Tile Filter Index To set a specific context for your tile, you can set various Tile Filters. Click the **Tile Filters \+** button at the bottom of the form to expand the Tile Filters menu. - - Filters are optional. Each Tile has a different set of relevant filters which can be selected. - - -## Product Tile - +### Product Tile * **Product Name Contains**: type in one or more partial matches of Product Names, separated by commas * **Product Name Exact**: type in one or more exact matches of Product Names, separated by commas @@ -122,10 +83,7 @@ Filters are optional. Each Tile has a different set of relevant filters which ca * **Tag Contains:** type in one or more partial matches of tags, separated by commas * **Outside of SLA**: Yes/No - - -## Engagement Tile - +### Engagement Tile * **Product Name Contains**: type in one or more partial matches of Product Names, separated by commas * **Product Type**: Select one or more options from the list @@ -141,9 +99,7 @@ Filters are optional. Each Tile has a different set of relevant filters which ca * **Does Not Have Tags**: type in one or more exact matches tags to ignore, separated by commas * **Tag Does Not Contain**: type in one or more partial matches of tags to ignore, separated by commas - -## Test Tile - +### Test Tile * **Test Name Contains**: type in one or more partial matches of Test Names, separated by commas * **Test Type**: select a single Test Type from the list @@ -162,10 +118,7 @@ Filters are optional. Each Tile has a different set of relevant filters which ca * **Does Not Have Tags**: type in one or more exact matches tags to ignore, separated by commas * **Tag Does Not Contain**: type in one or more partial matches of tags to ignore, separated by commas - - -## Finding Tile - +### Finding Tile * **Name Contains**: enter a partial match of a Finding Name from the menu * **Component Name Contains**: enter a partial match of a Component Name from the menu @@ -218,11 +171,7 @@ Filters are optional. Each Tile has a different set of relevant filters which ca * **Product Tags**: type in one or more exact matches of tags, separated by commas * **Product Does Not Have Tags**: type in one or more exact matches of tags to ignore, separated by commas - - - -## Endpoint Tile - +### Endpoint Tile * **Protocol Contains**: type in a partial match of a Protocol from the menu * **User Info Contains**: type in a partial match of User Info from the menu @@ -238,29 +187,19 @@ Filters are optional. Each Tile has a different set of relevant filters which ca * **Does Not Have Tags**: type in one or more exact matches tags to ignore, separated by commas * **Tag Does Not Contain**: type in one or more partial matches of tags to ignore, separated by commas - - - -## SLA Violation Tile - +### SLA Violation Tile * **Days Before Expiration**: select an option from the menu * **Include All Products**: Yes/No * **Included Products**: select one or more Products from the menu - - -## Scan Time Violation Tile - +### Scan Time Violation Tile * **Days Since Last Scan**: select an option from the menu * **Include All Products**: Yes/No * **Included Products**: select one or more Products from the menu - - -## Product Grade Tile - +### Product Grade Tile * **Product Grade**: select a single Product Grade from the menu * **Comparison Operator**: select a Comparison Operator from the menu, related to Product Grade diff --git a/docs/content/en/dashboard/edit_dashboard_configuration.md b/docs/content/en/dashboard/edit_dashboard_configuration.md new file mode 100644 index 00000000000..59519729432 --- /dev/null +++ b/docs/content/en/dashboard/edit_dashboard_configuration.md @@ -0,0 +1,25 @@ +--- +title: "How-To: Edit Dashboard Configuration" +description: "Customize or reset your dashboard metrics" +--- + +Superusers can choose which Metrics Charts are displayed on the Dashboard. To do this, select the **Edit Dashboard Configuration** option from the top\-right hand gear menu. + +![image](images/How-To_Edit_Dashboard_Configuration.png) +This will open the **Dashboard Configuration Settings** window. + +## Dashboard Configuration Options + +![image](images/How-To_Edit_Dashboard_Configuration_2.png) + +* **Display Graphs** determines whether or not the **Historical Finding Severity** and **Reported Finding Severity** charts are visible. +* **Display Surveys determines whether or not the Unassigned Answered Engagement Questionnaires table is visible.** +* **Display Data Tables determines whether or not the Top 10 / Bottom 10 Graded Products tables are visible.** + +## Reset Dashboard Configuration + +If you would like to reset your Dashboard to a default state, you can do so by selecting **Reset Dashboard Configuration** from the top\-right hand gear menu. + +![image](images/How-To_Edit_Dashboard_Configuration_3.png) + +**Note that this will remove any Custom Dashboard Tiles which have been added to your instance.** diff --git a/docs/content/en/jira_integration/Add a Connected Jira Project to a Product.md b/docs/content/en/jira_integration/add_jira_to_product.md similarity index 66% rename from docs/content/en/jira_integration/Add a Connected Jira Project to a Product.md rename to docs/content/en/jira_integration/add_jira_to_product.md index 01f378d4ad5..426032ea283 100644 --- a/docs/content/en/jira_integration/Add a Connected Jira Project to a Product.md +++ b/docs/content/en/jira_integration/add_jira_to_product.md @@ -3,232 +3,143 @@ title: "Add a Connected Jira Project to a Product" description: "Set up a DefectDojo Product to push Findings to a JIRA board" --- - If you haven't already set up DefectDojo's Jira Configuration, you'll need to start by linking one or more Jira instances to DefectDojo. ​ -See this guide for more information: [https://support.defectdojo.com/en/articles/8766815\-connect\-defectdojo\-to\-jira](https://support.defectdojo.com/en/articles/8766815-connect-defectdojo-to-jira) - - +See this guide for more information: [Connect DefectDojo To Jira](https://docs.defectdojo.com/en/jira_integration/connect-defectdojo-to-jira/) Once a Jira configuration is connected to a Product, Jira and the Product will communicate to do the following: - * Use DefectDojo Findings to create Jira Issues, which automatically contain all relevant Finding information and links * Bidirectional Sync, allowing for status updates and comments to be created on both the Jira and DefectDojo side. - -# Adding a Jira Configuration to a Product - +## Adding a Jira Configuration to a Product Each Product in DefectDojo has its own settings which govern how Findings are converted to JIRA Issues. From here, you can decide the associated JIRA Project and set the default behaviour for creating Issues, Epics, Labels and other JIRA metadata. - - * In the UI, you can find this page by clicking the " **📝 Edit**" button under **Settings** on the Product page (defectdojo.com/product/{id}) \- see below. ​ - - -![](https://downloads.intercomcdn.com/i/o/856486761/0295eab4cbcddfaa8580113e/Screenshot+2023-10-18+at+12.52.03+PM.png?expires=1729720800&signature=ced06369d81e12da314378ddff554bb9858e56531b1ddb422b1d5afef67c67cd&req=fCUhEsF4modeFb4f3HP0gDRlwxrKQ7C1qGDGvem7%2FE8Fb%2FJraeTPIbL7fcZA%0AaNw%3D%0A) +![image](images/Add_a_Connected_Jira_Project_to_a_Product.png) * You can link to a Product Settings page directly via **yourcompany.**defectdojo.com/product/{id}/settings.​ - -# List of Jira Settings - +## List of Jira Settings Jira settings are located near the bottom of the Product Settings page. +![image](images/Add_a_Connected_Jira_Project_to_a_Product_2.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/856508823/52f747935f1a459e3e86fc8e/hF1hafMVlC5WgEQwsw3pikonDUk2YOTvriOUQ5IwYZSdBziMEMIjH1UU5jax7WBhq0-QMDlJ9XMlLgCLLWZKqpkWnVXCbe94huW0j9f_dIjyqs56_U_HkIfMyz4kTBfd5lVY9ojiSa5vkL27PzECJQk?expires=1729720800&signature=1016af7fb9854a97d063e8efe0fd71fb586dc3347f3800adbf58c7bd63356872&req=fCUhE8l2lYNcFb4f3HP0gPWOml2mPNmyR7jtT%2B5VWWMM%2B4IShk0FMDvNFDHv%0AKsA%3D%0A) #### **Jira Instance** - If you have multiple instances of Jira set up, for separate products or teams within your organization, you can indicate which Jira Project you want DefectDojo to create Issues in. Select a Project from the drop\-down menu. - - If this menu doesn't list any Jira instances, confirm that those Projects are connected in your global Jira Configuration for DefectDojo \- yourcompany.defectdojo.com/jira. - - #### **Project key** - This is the Jira Key that you want to use for DefectDojo\-related Issues. You can set this Key to whatever you prefer for identifying DefectDojo Issues (e.g. if you set this key to “DEF” then Jira issues will be keyed as DEF\-1, DEF\-2\.. etc). +![image](images/Add_a_Connected_Jira_Project_to_a_Product_3.png) - -![](https://downloads.intercomcdn.com/i/o/856497270/70e6eaf428a1b87f255b750a/Screenshot+2023-10-18+at+1.04.42+PM.png?expires=1729720800&signature=6abc48a2008e34caa111a70203a44977286f8978911352bb4ae510c06736c62f&req=fCUhEsB5n4ZfFb4f3HP0gN9ny5WxtErhtTvx45WDDjl2vYFz0OHr62iGOzKK%0Asdw%3D%0A) #### **Issue template** - Here you can determine how much DefectDojo metadata you want to send to Jira. Select one of two options: - * **jira\_full**: Issues will track all of the parameters from DefectDojo \- a full Description, CVE, Severity, etc. Useful if you need complete Finding context in Jira (for example, if someone is working on this Issue who doesn't have access to DefectDojo). + Here is an example of a **jira\_full** Issue: ​ +![image](images/Add_a_Connected_Jira_Project_to_a_Product_4.png) - -![](https://downloads.intercomcdn.com/i/o/1124824955/66b150adaeba64b051ec1077/Screenshot+2024-07-25+at+2_03_46+PM.png?expires=1729720800&signature=24a1684a6df4b18b60b9992fa2f30f50b90b9d0ffd4e3070ead8651c375c5ef6&req=dSElEsF8mYhaXPMW1HO4zeHByIiE4CpUnjTjHiKUwy58XRyEJWLONZyASfZl%0A9yVY%0A) * **Jira\_limited:** Issues will only track the DefectDojo link, the Product/Engagement/Test links, the Reporter and Environment fields. All other fields are tracked in DefectDojo only. Useful if you don't require full Finding context in Jira (for example, if someone is working on this Issue who mainly works in DefectDojo, and doesn't need the full picture in JIRA as well.) ​ ​**Here is an example of a jira\_limited Issue:**​ -![](https://downloads.intercomcdn.com/i/o/1124826652/d84213e22b916af53c7165ca/Screenshot+2024-07-25+at+2_05_20+PM.png?expires=1729720800&signature=b3f08859314e7065b3f6ec4bef26ae49e4863b3afb734b4c79643bb43008e7c0&req=dSElEsF8m4daW%2FMW1HO4zQ5XnsQRrja7Wwx%2FASOHGd4Z1JOMBHolBt2BU7Ym%0A%2Fg75%0A) -#### **Component** +![image](images/Add_a_Connected_Jira_Project_to_a_Product_5.png) +#### **Component** If you manage your Jira project using Components, you can assign the appropriate Component for DefectDojo here. - - **Custom fields** - If you don’t need to use Custom Fields with DefectDojo issues, you can leave this field as ‘null’. - - However, if your Jira Project Settings **require you** to use Custom Fields on new Issues, you will need to hard\-code these mappings. - - **Jira Cloud now allows you to create a default Custom Field value directly in\-app. [See Atlassian's documentation on Custom Fields](https://support.atlassian.com/jira-cloud-administration/docs/configure-a-custom-field/) for more information on how to configure this.** - - - Note that DefectDojo cannot send any Issue\-specific metadata as Custom Fields, only a default value. This section should only be set up if your JIRA Project **requires that these Custom Fields exist** in every Issue in your project. - -Follow **[this guide](https://support.defectdojo.com/en/articles/8490775-handling-custom-fields-with-jira-issues)** to get started working with Custom Fields. - - +Follow **[this guide](https://docs.defectdojo.com/en/jira_integration/using-custom-fields/)** to get started working with Custom Fields. **Jira labels** - Select the relevant labels that you want the Issue to be created with in Jira, e.g. **DefectDojo**, **YourProductName..** +![image](images/Add_a_Connected_Jira_Project_to_a_Product_6.png) - -![](https://downloads.intercomcdn.com/i/o/856515252/2cb04638b743857035dfdb9f/Screenshot+2023-10-18+at+1.23.40+PM.png?expires=1729720800&signature=7e5276009204e295a410631bdcee70917418272c49a4f4f63d19c6faaae913a3&req=fCUhE8h7n4RdFb4f3HP0gHbMvU3o1kdacSZ2Nc1ZRCBbJmbD2fOk72C%2BJjDp%0ASqM%3D%0A) #### **Default assignee** - The name of the default assignee in Jira. If left blank, DefectDojo will follow the default behaviour in your Jira Project when creating Issues. - - #### Checkbox options +![image](images/Add_a_Connected_Jira_Project_to_a_Product_7.png) -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/856508853/1a12cd990af07464277c71de/yHarpjkd7J_yXpCangrpDyYVtKpiYti-n2ttCdUU07nrxdiganAVBwlVtUO-IIMCCZhUJQ7cwf175TBbqx9o7hGMJqe_a6nseoH5NNy7tI9AIzFoIWpbcJYidspZ_-oE3BgVZr50bd_Pov-TWo67aF8?expires=1729720800&signature=cbcfcc460248cf5f066f4915cc6b7c83ccccf35a918f9618ab238a04385b53ad&req=fCUhE8l2lYRcFb4f3HP0gNME15wuQsqmPhYPiUQHyBoxIJPyVMVZdGuEiZ2s%0AMZs%3D%0A) #### **Add vulnerability Id as a Jira label** - This allows you to add the Vulnerability ID data as a Jira Label automatically. Vulnerability IDs are added to Findings from individual security tools \- these may be Common Vulnerabilities and Exposures (CVE) IDs or a different format, specific to the tool reporting the Finding. - - #### **Enable engagement epic mapping** - In DefectDojo, Engagements represent a collection of work. Each Engagement contains one or more tests, which contain one or more Findings which need to be mitigated. Epics in Jira work in a similar way, and this checkbox allows you to push Engagements to Jira as Epics. - - * An Engagement in DefectDojo \- note the three findings listed at the bottom. ​ - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/856508863/092011ca4636698d8001739b/7KRYqjCnbJFewjwbcicU0_TH1VX9E2driWLX-xd3L-zu1EQxKT0JG_E1LuVpxNFO9G_h4xcpcEHPpFCpWckPBZugNuK3iTdasDWFCp5zoWAtmzOFtFfVd3MMsqOlNHUm6T8Rv0Gd7RdRV4FzuyBcpsA?expires=1729720800&signature=2326ebe98fe0170236c5daeeeb86e436b6409ab329f81978c4a826090b23dec2&req=fCUhE8l2lYdcFb4f3HP0gAHfpVH32nbFvLmNZ74UKjCXKVEWwZhqdey%2BfxEQ%0ANqo%3D%0A) +![image](images/Add_a_Connected_Jira_Project_to_a_Product_8.png) * How the same Engagement becomes an Epic when pushed to JIRA \- the Engagement's Findings are also pushed, and live inside the Engagement as Child Issues. - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/856508874/70aa304d531b9b75bd147ae3/3YGWST-hUhnmwJVvjB2dOw3zyHV11WIP4RdscZX2LBxtkK1FMiSoIxe2yZ1-eqfVYtezXXKNS3cWhn-KZxQ7g3PkVYktM38yMsU5DomxTXMbIIQgvQpHDu1A2oQcdD0iYm8toGZUgM941kEfxb3Jk6M?expires=1729720800&signature=5781b9ab9165d385fde4f613193964464fab4605794f32588d6d64260810386e&req=fCUhE8l2lYZbFb4f3HP0gGUUkcJqUBbI%2F%2BQ%2FqslyI6BfMNNrkIa20wNQYPJF%0AYNg%3D%0A) - +![image](images/Add_a_Connected_Jira_Project_to_a_Product_9.png) #### **Push All Issues** - If checked, DefectDojo will automatically push any Active and Verified Findings to Jira as Issues. If left unchecked, all Findings will need to be pushed to Jira manually. - - #### **Push notes** - If enabled, Jira comments will populate on the associated Finding in DefectDojo, under Notes on the issue(screenshot), and vice versa; Notes on Findings will be added to the associated Jira Issue as Comments. - - #### **Send SLA notifications as comment?** - If enabled, any Issue which breaches DefectDojo’s Service Level Agreement rules will have comments added to the Jira issue indicating this. These comments will be posted daily until the Issue is resolved. - - Service Level Agreements can be configured under **Configuration \> SLA Configuration** in DefectDojo and assigned to each Product. - - #### **Send Risk Acceptance expiration notifications as comment?** - If enabled, any Issue where the associated DefectDojo Risk Acceptance expires will have a comment added to the Jira issue indicating this. These comments will be posted daily until the Issue is resolved. - - - # Testing \& Troubleshooting the Jira integration - - ## Test 1: Do Findings successfully push to Jira? - In order to test that the Jira integration is working properly, you can add a new blank Finding to the Product associated with Jira in DefectDojo. **Product \> Findings \> Add New Finding.** - - Add whatever title severity and description you wish, and then click “Finished”. The Finding should appear as an Issue in Jira with all of the relevant metadata. - - - If Jira Issues are not being created correctly, check your Notifications for error codes. - * Confirm that the Jira User associated with DefectDojo's Jira Configuration has permission to create and update issues on that particular Jira Project. - - - - ## Test 2: Jira Webhooks send and receive updates from DefectDojo - In order to test the Jira webhooks, add a Note to a Finding which also exists in JIRA as an Issue (for example, the test issue in the section above). - - If the webhooks are configured correctly, you should see the Note in Jira as a Comment on the issue. - - If this doesn’t work correctly, it could be due to a Firewall issue on your Jira instance blocking the Webhook. - * DefectDojo's Firewall Rules include a checkbox for **Jira Cloud,** which needs to be enabled before DefectDojo can receive Webhook messages from Jira. - - - # Next Steps - -Learn how to create Jira Issues from your Product with **[this guide](https://support.defectdojo.com/en/articles/8712582-creating-issues-in-jira).** - +Learn how to create Jira Issues from your Product with **[this guide](https://docs.defectdojo.com/en/jira_integration/creating-issues-in-jira/).** diff --git a/docs/content/en/jira_integration/Configuring the Jira <> DefectDojo Webhook.md b/docs/content/en/jira_integration/configure_jira_dojo_webhook.md similarity index 86% rename from docs/content/en/jira_integration/Configuring the Jira <> DefectDojo Webhook.md rename to docs/content/en/jira_integration/configure_jira_dojo_webhook.md index b1d09d6ebef..0e1ca714186 100644 --- a/docs/content/en/jira_integration/Configuring the Jira <> DefectDojo Webhook.md +++ b/docs/content/en/jira_integration/configure_jira_dojo_webhook.md @@ -15,7 +15,7 @@ Your Jira Webhook is located on the System Settings form under **Jira Integratio -![](https://downloads.intercomcdn.com/i/o/1124842050/a844a3ca5bb139961e1e5f55/Screenshot+2024-07-25+at+2_11_59+PM.png?expires=1729720800&signature=4e310776d71ec2d5692e730256dac89ccd3dbcec84bdc9b54d046445353df34f&req=dSElEsF6n4FaWfMW1HO4zUvviECqSfGZgBjFH42oXvwEqut4AG4Qfkmo4x%2Fd%0AmwA%2F%0A) +![image](images/Configuring_the_Jira_DefectDojo_Webhook.png) # Configuring Jira to send updates to your Webhook diff --git a/docs/content/en/jira_integration/Connect DefectDojo to Jira.md b/docs/content/en/jira_integration/connect_to_jira.md similarity index 78% rename from docs/content/en/jira_integration/Connect DefectDojo to Jira.md rename to docs/content/en/jira_integration/connect_to_jira.md index f76351c4c21..d00e8549349 100644 --- a/docs/content/en/jira_integration/Connect DefectDojo to Jira.md +++ b/docs/content/en/jira_integration/connect_to_jira.md @@ -5,42 +5,26 @@ description: "Set up a Jira Configuration in DefectDojo - step 1 of working with Jira Configurations are the starting point for DefectDojo’s Jira integration. You can add multiple configurations to a DefectDojo instance, to allow for many different linked Jira Projects and boards. +Adding a configuration does not cause any Findings to push right away \- this is simply the first step. Once the Jira Configuration is created, it must be added to a Product before any information will push to Jira. See **[this guide](https://docs.defectdojo.com/en/jira_integration/add-a-connected-jira-project-to-a-product/)** for help with adding this integration to a Product. - - -Adding a configuration does not cause any Findings to push right away \- this is simply the first step. Once the Jira Configuration is created, it must be added to a Product before any information will push to Jira. See **[this guide](https://support.defectdojo.com/en/articles/8490492-add-jira-integration-to-a-product)** for help with adding this integration to a Product. - - - - -# The Jira Configuration Page - +## The Jira Configuration Page The first step of setting up a Jira configuration is to add a Project to DefectDojo. - - 1. If you have not already done so, navigate to the System Settings page and check the box on **Enable Jira Integration**. You will need to do this before the ⚙️ **Configuration \> JIRA** option shows up on the sidebar. ​ 2. Navigate to the ⚙️**Configuration \> JIRA** page from the DefectDojo sidebar. ​ +![image](images/Connect_DefectDojo_to_Jira.png) -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/923276103/2e774b44ee315e9f1fe41b82/CS6sI6mueuFgwwSbGtaqfxEbPRnlIzgfznaIsJIJWgbxgqvD2FPOy6PXxiuoYKrXCvw4iRCvOJyjEudrQHuseFZoBmFAAYp0Dg-NB-nVYdXA39tPOj2fEauP4SucvbaIYR7HQlb0s6-3Hew-pVpA5vY?expires=1729720800&signature=365f08fd7d42e19ebe17ab88fb023b7300567cbaea867f08b4153367e90597ac&req=fSIkFM54nIFcFb4f3HP0gCxFHutEmNqH7jYG931BvciUfy74oWsSnQSSvalx%0A5%2Fo%3D%0A) - -​ 3. You will see a list of all currently configured JIRA Projects which are linked to DefectDojo. To add a new Project Configuration, click the wrench icon and choose either the **Add JIRA Configuration (Express)** or **Add JIRA Configuration** options. - -# Add JIRA Configuration (Express) - +## Add JIRA Configuration (Express) The Express method allows for a quicker method of linking a Project. Use the Express method if you simply want to connect a Jira Project quickly, and you aren’t dealing with a complex Jira workflow. - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/923276110/e56e505a6376018b2122b7fe/Ctw3ngxgjcN7GtRhu3UQvuXL6kRB7KXN8hrXgvmKIDsU48fDs2_YykUh_TsnbLzPwS0tmYWE92ESBPZyJUIThf4JcE0iMI3djceRKMoRAK54cuO9ywYZQTuS08D1KOzzb_SPO7t1_G6yigZ6X-EIMpM?expires=1729720800&signature=2e0fa3eb0ed45007c00921a283becb9861dda2d02d8ec30dc8ee3d70e704c9ee&req=fSIkFM54nIBfFb4f3HP0gKND0q%2BqhfaNsoM%2F9w6HI86zepJ7GdfOwgfRYqPB%0A34s%3D%0A) +![image](images/Connect_DefectDojo_to_Jira_2.png) 1. Select a name for this Jira Configuration to use on DefectDojo. ​ @@ -66,53 +50,34 @@ If you leave this field blank, it will default to **Jira\_full.** ​ 10. Select your Issue key. In Jira, this is the string associated with an Issue (e.g. the word **‘EXAMPLE’** in an issue called **EXAMPLE\-123**). If you don’t know your issue key, create a new Issue in the Jira Project. In the screenshot below, we can see that the issue key on our Jira Project is **DEF**. ​ - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/923276116/18a309f58113bed538edef5c/qtggrY2_20z4Jp6uz7dxaohMrHzmJn9DXelFKtR2wGnD8ByE8ROC1SiWcEtuR1qKqkDPhXGbzHHKd6NnQ-uHpQKUTfEQ253GTmbxAEWYiKRue7SVKdzJTj3BB2EBKrRg1ersE6Yi_Xzxbh9W98LFC4w?expires=1729720800&signature=f918416686d1ccbe7ba658303ad0567c5bd97d202e5583e0fd49549664c2e73e&req=fSIkFM54nIBZFb4f3HP0gIg8xes%2B%2Baq6uUPJoKLs5nKEcgU4E2h07lSJKI99%0Apd0%3D%0A) +![image](images/Connect_DefectDojo_to_Jira_3.png) ​ 11. Click **Submit.** DefectDojo will automatically look for appropriate mappings in Jira and add them to the configuration. You are now ready to link this configuration to one or more Products in DefectDojo. - -# Add Jira Configuration (Standard) - +## Add Jira Configuration (Standard) The Standard Jira Configuration adds a few additional steps to allow for more precise control over Jira mappings and interactions. This can be changed after a Jira configuration has been added, even if it was created using the Express method. ​ - - ## Additional Configuration Options - * **Epic Name ID:** If you have multiple Epic types in Jira, you can specify the one you want to use by finding its ID in the Jira Field Spec. ​ To obtain the 'Epic name id' visit https://\/rest/api/2/field and search for Epic Name. Copy the number out of cf\[number] and paste it here. -​ -​ +​ ​ * **Reopen Transition ID:** If you want a specific Jira Transition to Reopen an issue, you can specify the Transition ID here. If using the Express Jira Configuration, DefectDojo will automatically find an appropriate Transition and create the mapping. -​ +​ Visit https://\/rest/api/latest/issue/\/transitions? expand\-transitions.fields to find the ID for your Jira instance. Paste it in the Reopen Transition ID field. -​ ​ * **Close Transition ID:** If you want a specific Jira Transition to Close an issue, you can specify the Transition ID here. If using the **Express Jira Configuration**, DefectDojo will automatically find an appropriate Transition and create the mapping. ​ Visit https://\/rest/api/latest/issue/\/transitions? expand\-transitions.fields to find the ID for your Jira instance. Paste it in the Close Transition ID field. -​ ​ * **Mapping Severity Fields:** Each Jira Issue has an associated Priority, which DefectDojo will automatically assign based on the Severity of a Finding. Enter the names of each Priority which you want to map to, for Info, Low, Medium, High and Critical Severities. -​ -​ -* **Finding Text** \- if you want to add additional standardized text to each Issue created, you can enter that text here. This is not text that maps to any field in Jira, but additional text that is added to the Issue Description. "**Created by DefectDojo**" for example. +* **Finding Text** \- if you want to add additional standardized text to each Issue created, you can enter that text here. This is not text that maps to any field in Jira, but additional text that is added to the Issue Description. "**Created by DefectDojo**" for example. Comments (in Jira) and Notes (in DefectDojo) can be kept in sync. This setting can be enabled once the Jira configuration has been added to a Product, via the **Edit Product** form. - - - - - # Next steps - -Now that you've set up your Jira Configuration, **[link it to one or more of your Products](https://support.defectdojo.com/en/articles/8490492-add-jira-integration-to-a-product)** to have your Findings populate into Jira. - +Now that you've set up your Jira Configuration, **[link it to one or more of your Products](https://docs.defectdojo.com/en/jira_integration/add-a-connected-jira-project-to-a-product/)** to have your Findings populate into Jira. diff --git a/docs/content/en/jira_integration/Creating Issues in Jira.md b/docs/content/en/jira_integration/create_issues_in_jira.md similarity index 63% rename from docs/content/en/jira_integration/Creating Issues in Jira.md rename to docs/content/en/jira_integration/create_issues_in_jira.md index 12496589752..a37f7e33cd3 100644 --- a/docs/content/en/jira_integration/Creating Issues in Jira.md +++ b/docs/content/en/jira_integration/create_issues_in_jira.md @@ -3,121 +3,77 @@ title: "Creating Issues in Jira" description: "Pushing DefectDojo Findings to a linked Jira Project" --- +Before you can create an Issue in Jira, you'll need to have: -Before you can create an Issue in Jira, you'll need to have - - -* **[a Jira integration configured](https://support.defectdojo.com/en/articles/8766815-set-up-a-jira-integration)** -* **[that same Jira integration linked to a Product](https://support.defectdojo.com/en/articles/8490492-add-jira-integration-to-a-product)** - +* **[a Jira integration configured](https://docs.defectdojo.com/en/jira_integration/connect-defectdojo-to-jira/)** +* **[that same Jira integration linked to a Product](https://docs.defectdojo.com/en/jira_integration/add-a-connected-jira-project-to-a-product/)** Please see the guides above for help with this process. - - -# How Findings are pushed to Jira - - +## How Findings are pushed to Jira A Product with a JIRA mapping can push Findings to Jira as Issues. This can be managed in two different ways: - * Findings can be created as Issues manually, per\-Finding. * Findings can be pushed automatically if the '**Push All Issues**' setting is enabled on a Product. (This applies only to Findings that are **Active** and **Verified**). Additionally, you have the option to push Finding Groups to Jira instead of individual Findings. This will create a single Issue which contains many related DefectDojo Findings. - - - -# Pushing a Finding to Jira Manually - +## Pushing a Finding to Jira Manually 1. From a Finding page in DefectDojo, navigate to the **JIRA** heading. If the Finding does not already exist in JIRA as an Issue, the JIRA header will have a value of '**None**'. ​ 2. Clicking on the arrow next to the **None** value will create a new Jira issue. The State the issue is created in will depend on your team's workflow and Jira configuration with DefectDojo. If the Finding does not appear, refresh the page. -​ ​ +![image](images/Creating_Issues_in_Jira.png) - -![](https://downloads.intercomcdn.com/i/o/910784359/572d851c9d8292d34dd7acc7/Screenshot+2023-12-15+at+10.11.32+AM.png?expires=1729720800&signature=1b913080cd7ccd29c6193cf33923c10c80925daa92143022a3f8d0cacff4245b&req=fSEnEcF6noRWFb4f3HP0gC6hrwobes4KCfUutw28q8xS3rYZCA9CZZvLlsRZ%0Avro%3D%0A) - -​ 3. Once the Issue is created, DefectDojo will create a link to the issue made up of the Jira key and the Issue ID. This link will also have a red trash can next to it, to allow you to delete the Issue from Jira. ​ +![image](images/Creating_Issues_in_Jira_2.png) - -![](https://downloads.intercomcdn.com/i/o/910793636/2a9cd7316f118ef3e108a26a/Screenshot+2023-12-15+at+10.22.25+AM.png?expires=1729720800&signature=ff6f8c8c5ab7f7b50aa64795924805e04779cbfd9eb1991458b52c187fbe460f&req=fSEnEcB9m4JZFb4f3HP0gGKdXeVgqwRYF%2FvyituVBDqN28dqVMi%2FhmEppluu%0AUys%3D%0A) 4. Clicking the Arrow again will push all changes made to an issue to Jira, and update the Jira Issue accordingly. If '**Push All Issues**' setting is enabled on the Finding's associated Product, this process will happen automatically. - - -# How Jira Issues and Findings interact - +## How Jira Issues and Findings interact Jira issues will impact their associated Finding in certain ways. - - -## Jira Comments - +### Jira Comments * If a comment is added to a Jira Issue, the same comment will be added to the Finding, under the **Notes** section. * Likewise, if a Note is added to a Finding, the Note will be added to the Jira issue as a comment. -## Jira Status Changes - +### Jira Status Changes The Jira Configuration on DefectDojo has entries for two Jira Transitions which will trigger a status change on a Finding. - * When the **'Close' Transition** is performed on Jira, the associated Finding will also Close, and become marked as **Inactive** and **Mitigated** on DefectDojo. DefectDojo will record this change on the Finding page under the **Mitigated By** heading. ​ +![image](images/Creating_Issues_in_Jira_3.png) - -![](https://downloads.intercomcdn.com/i/o/910797138/74e1c5ce3e09507d5c78b499/Screenshot+2023-12-15+at+10.26.37+AM.png?expires=1729720800&signature=01166d7f9f4ee3ed293e8ffc02afad7d4f519b7f72ba382a53b34e9754aeabaf&req=fSEnEcB5nIJXFb4f3HP0gKGxM4Pk6KLvrG1xOEGdbJCk%2FhkZvQmPj2YpZd%2F3%0AOXE%3D%0A) * When the **'Reopen' Transition** is performed on the Jira Issue, the associated Finding will be set as **Active** on DefectDojo, and will lose its **Mitigated** status. -# Push Finding Groups as Jira Issues - +## Push Finding Groups as Jira Issues If you have Finding Groups enabled, you can push a Group of Findings to Jira as a single Issue rather than separate Issues for each Finding. - - The Jira Issue associated with a Finding Group cannot be interacted with or deleted by DefectDojo, however. It must be deleted directly from the Jira instance. - - -## **Automatically Create and Push Finding Groups** - +### **Automatically Create and Push Finding Groups** With Auto\-Push To Jira Enabled, and a Group By option selected on import: - - As long as the Finding Groups are being created successfully, the Finding Group is what will automatically push to Jira as an Issue, not the individual Findings. +![image](images/Creating_Issues_in_Jira_4.png) - -![](https://downloads.intercomcdn.com/i/o/910810290/ac1144f3e392c0f116ce31d2/Screenshot+2023-12-15+at+10.42.58+AM.png?expires=1729720800&signature=a7806351286be98a7502fbeb96a63169eb12800589253109a69141fa72457dc0&req=fSEnHsh%2Bn4hfFb4f3HP0gIyL3dh8pgNDPRYkuGHdr6COFAOSTngChYgp1zWa%0A%2FLU%3D%0A) - -# Change Jira settings for a specific Engagement - +## Change Jira settings for a specific Engagement Different Engagements within a Product can have different underlying Jira settings as a result. By default, Engagements will '**inherit Jira settings from product'**, meaning that they will share the same Jira settings as the Product they are nested under. - - However, you can change an Engagement's **Product Key**, **Issue Template, Custom Fields, Jira Labels, Default Assignee** to be different from the default Product settings - You can access this page from the **Edit Engagement** page: **your\-instance.defectdojo.com/engagement/\[id]/edit**. - - The Edit Engagement page can be found from the Engagement page, by clicking the ☰ menu next to the engagement's Description. - - -![](https://downloads.intercomcdn.com/i/o/937440895/19a20d2976703a88fd1ec03d/Screenshot+2024-01-18+at+2.36.46+PM.png?expires=1729720800&signature=bec87928877d2ac08278b3bf55c4adad51fe790eb6f8afce0375281e539b14e6&req=fSMgEs1%2BlYhaFb4f3HP0gN%2FyTRYP9aPTp26R2XB063sOp%2BXtCV4UWdbUjbpa%0AawI%3D%0A) \ No newline at end of file +![image](images/Creating_Issues_in_Jira_5.png) diff --git a/docs/content/en/jira_integration/Using Custom Fields.md b/docs/content/en/jira_integration/using_custom_fields.md similarity index 93% rename from docs/content/en/jira_integration/Using Custom Fields.md rename to docs/content/en/jira_integration/using_custom_fields.md index b29c2dca885..62d637e6385 100644 --- a/docs/content/en/jira_integration/Using Custom Fields.md +++ b/docs/content/en/jira_integration/using_custom_fields.md @@ -80,7 +80,7 @@ The JSON returned from this URL will contain all of your Jira custom fields, mos -![](https://downloads.intercomcdn.com/i/o/882536565/71741c46128f8c200eb369d5/Screenshot+2023-11-13+at+11.34.09+AM.png?expires=1729720800&signature=612c1c48aacf9036950b2a32be5de4b8e556bdb9f32d3c306af32959d8ffebdf&req=fCglE8p4mIdaFb4f3HP0gIHfoSgHpBIypMppgUBUzbLDThlL4NbgBKy13LHV%0As7g%3D%0A)⬆ Here is an example of a Custom URL Field on an issue, how the Custom URL Field appears in the JSON output. +![image](images/Using_Custom_Fields.png) @@ -122,7 +122,7 @@ As before, API output will contain lots of `customfield_##` object parameters wi -![](https://downloads.intercomcdn.com/i/o/856601116/bd33f642bb614d0baddfb47e/Screenshot+2023-10-18+at+3.14.28+PM.png?expires=1729720800&signature=b7ec0c6e661235aedbc07cf80dd4338d46ace4929aa5737efd43af8a950ecd6b&req=fCUhEMl%2FnIBZFb4f3HP0gNDIh6YnvjmzgZRTCVsNiixkS%2BgiAgilIPc87YcO%0AJVg%3D%0A) +![image](images/Using_Custom_Fields_2.png) **Example:** We know that `customfield_10050` represents the DefectDojo Custom URL Field because we recorded it in Step 2\. We can now see that `customfield_10050` contains a value of `“https://google.com”` in the `EXAMPLE-123` issue. diff --git a/docs/content/en/notifications/About In-App Alerts.md b/docs/content/en/notifications/about_inapp_alerts.md similarity index 67% rename from docs/content/en/notifications/About In-App Alerts.md rename to docs/content/en/notifications/about_inapp_alerts.md index ab7aeff6078..76fc27823d3 100644 --- a/docs/content/en/notifications/About In-App Alerts.md +++ b/docs/content/en/notifications/about_inapp_alerts.md @@ -20,7 +20,7 @@ You can open your Alerts List by clicking on the **🔔▼ icon** on the top rig # -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962184118/22deeae73e389cbdd474abc6/Y_0qjtDeqEFCUJETy5UEB1kHEHntla7U21Any2QxOuwxjDmesuJjU1_iBo6GKYkNQjDwqZXjGvL_e8I88ObYoIWVkK7LooXpPMM0hTFFN-Tal_PRghpRuP4ilUWSZ4lN7dcPXItzUOGi8B4D9I3ijdA?expires=1729720800&signature=fcade9f5e7166ab4063d0898a5b6951cc070de5e5774fc866fce55b71fc6f53c&req=fSYlF8F6nIBXFb4f3HP0gAGoBPbnXU8sHMlGXmUcr%2BRTENXVZNLvnsUFJsy6%0A9os%3D%0A)# +![image](images/About_In-App_Alerts.png) @@ -40,7 +40,7 @@ The Alerts Page stores all of your Alerts in DefectDojo with additional detail. -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962184130/6835c7c1086d4145b0545b15/-2ZNGBc8OdCgW6jL7J2NEPP0AajeSKSBSn6k2OUWESpFOWD5GiePp907MWUSCIRyKEDGEHUE2FyDLxkyvxsYbHtiO1eV3R6XMV7WzXae3V1ZURA646O-0T33pDp-7XiMEmoAWg35wPidaKjIbjuT2GA?expires=1729720800&signature=773ae84506e9f08f3ca1bd7c0e1e1cb05cf43d048b3b92c89b8a5c4f7548ffac&req=fSYlF8F6nIJfFb4f3HP0gF%2BL0c%2FfyijSnUdI0Ho5vAzSilHO8lb8QLQHsSdu%0A6mU%3D%0A) +![image](images/About_In-App_Alerts_2.png) To remove one or more Alerts from the Alerts Page, check the empty box next to it, and then click the **Remove selected** button in the bottom\-right corner of the Page. diff --git a/docs/content/en/notifications/About Notifications.md b/docs/content/en/notifications/about_notifications.md similarity index 54% rename from docs/content/en/notifications/About Notifications.md rename to docs/content/en/notifications/about_notifications.md index 114c2ec5114..dcdfc2b188d 100644 --- a/docs/content/en/notifications/About Notifications.md +++ b/docs/content/en/notifications/about_notifications.md @@ -5,33 +5,21 @@ description: "" DefectDojo keeps you up to date in a variety of ways. Notifications can be sent for upcoming Engagements, user Mentions, SLA expiry, and other events in the software. - - This article contains an overview of notifications at both System\-wide and Personal levels. - - - -# Notification Types - +## Notification Types DefectDojo handles notifications in two different ways:: - * **System\-Wide Notifications** are sent to all users. * **Personal Notifications are set by individual users, and will be received in addition to any System\-Wide Notifications.** -In both cases, [Role\-Based Access Control](https://support.defectdojo.com/en/collections/6542284-user-management) rules apply, so users will not receive activity notifications for Products or Product Types (or their related objects) which they don’t have access to. - - - - -# Notification Delivery Methods +In both cases, [Role\-Based Access Control](https://docs.defectdojo.com/en/user_management/about-permissions--roles/) rules apply, so users will not receive activity notifications for Products or Product Types (or their related objects) which they don’t have access to. +## Notification Delivery Methods There are four delivery methods for DefectDojo notifications: - * DefectDojo can share **🔔 Alerts,** stored as a list in the DefectDojo interface * DefectDojo can send notifications to an **Email** address * DefectDojo can send notifications to **Slack,** in either a shared or individual channel @@ -39,26 +27,13 @@ There are four delivery methods for DefectDojo notifications: Notifications can be sent to multiple destinations simultaneously. - - - Receiving Slack and Teams notifications will require you to have a working integration. For more info, see our articles: - -* [Slack Integration](https://support.defectdojo.com/en/articles/8944899-slack-integration) -* [Teams Integration](https://app.intercom.com/a/apps/tj2vh1ie/articles/articles/8944917/show) - - - - - - ---- - +* [Slack Integration](https://docs.defectdojo.com/en/notifications/configure-a-slack-integration/) +* [Teams Integration](https://docs.defectdojo.com/en/notifications/configure-a-microsoft-teams-integration/) **Next Steps:** - -* **[Learn more about DefectDojo's internal](https://support.defectdojo.com/en/articles/8944921-defectdojo-alerts) 🔔 [Alerts](https://support.defectdojo.com/en/articles/8944921-defectdojo-alerts)** -* **[Set up a Slack integration for DefectDojo](https://support.defectdojo.com/en/articles/8944899-slack-integration)** -* **[Set up a Teams integration for DefectDojo](https://app.intercom.com/a/apps/tj2vh1ie/articles/articles/8944917/show)** +* **[Learn more about DefectDojo's internal 🔔 Alerts](https://docs.defectdojo.com/en/notifications/configure-a-slack-integration/)** +* [Set up a Slack integration for DefectDojo](https://docs.defectdojo.com/en/notifications/configure-a-microsoft-teams-integration/) +* [Set up a Teams integration for DefectDojo](https://docs.defectdojo.com/en/notifications/configure-a-microsoft-teams-integration/) diff --git a/docs/content/en/notifications/Configure a Microsoft Teams Integration.md b/docs/content/en/notifications/configure_msteams.md similarity index 65% rename from docs/content/en/notifications/Configure a Microsoft Teams Integration.md rename to docs/content/en/notifications/configure_msteams.md index e0aa271d762..401cb61745c 100644 --- a/docs/content/en/notifications/Configure a Microsoft Teams Integration.md +++ b/docs/content/en/notifications/configure_msteams.md @@ -15,13 +15,13 @@ Like with Slack, Microsoft Teams can receive notifications to a specific channel ​ -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962180558/8d817d194ca71a420ec7f194/6Iw6VyzxVrgYJmEKYZ5gvkZgNbz5H5A5VzC41oeyNeLTkY3h24xjx-IlfhjQBJbbKtF9SdMp4VlL968WZ4BAs2FNCKABVvqKN6H7ysiFkIrAWll4CTZrYCzSvs0gJg4jFrWtWVDMQozMB5BTv-uE-5Y?expires=1729720800&signature=e8830debf4a2ce0cfe37bbd0db34f2546a384cc2d1cdb7da74a626a6d179d19b&req=fSYlF8F%2BmIRXFb4f3HP0gPLFIDf%2BmJ2lTnC0cGqSE%2BrN2f0NGLhZCqcGa4go%0AkPo%3D%0A) +![image](images/Configure_a_Microsoft_Teams_Integration.png) 2. In DefectDojo, navigate to **Configuration \> System Settings** from the sidebar. 3. Check the **Enable Microsoft Teams notifications** box. This will open a hidden section of the form, labeled **‘Msteams ur**l’. ​ -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962180570/66d613918362dd0e07f3cf34/K0Fx__nnRpEPf01jo0QQjOOeIo8wBFOew5ZbA4S3SE7loW1qfS9YxvUlS2f2OF1E52SgPiefP3eozh7Rmpee_f5AjS8sBrIHHYSpAYl7h0dUNPn6i89k48ulQk8eSl28q3S_kK7KafjZMJ2VRu7A_PM?expires=1729720800&signature=45dfcd45785169b13d866c71902efbadf0d6752e4992e5fc0af58e3f4ee7682b&req=fSYlF8F%2BmIZfFb4f3HP0gBC6zfYgJ9CJ7kYYs0o3vgn66vKuoG2LaE7wC0J2%0AdS4%3D%0A) +![image](images/Configure_a_Microsoft_Teams_Integration_2.png) 4. Paste the webhook.office.com URL (created in Step 1\) in the **Msteams url** box. Your Teams app will now listen to incoming Notifications from DefectDojo and post them to the channel you selected. diff --git a/docs/content/en/notifications/Configure a Slack Integration.md b/docs/content/en/notifications/configure_slack.md similarity index 66% rename from docs/content/en/notifications/Configure a Slack Integration.md rename to docs/content/en/notifications/configure_slack.md index 21ef46075f6..1c80e4bb668 100644 --- a/docs/content/en/notifications/Configure a Slack Integration.md +++ b/docs/content/en/notifications/configure_slack.md @@ -5,35 +5,25 @@ description: "Set up Slack to receive notifications from DefectDojo" DefectDojo can post Slack notifications in two different ways: - * System\-wide notifications, which will be sent to a single Slack channel * Personal notifications, which will only be sent to specific users. Here is an example of a Slack Notification sent from DefectDojo: ​ - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962178718/43edf527dd90ff3cdb9091d2/R4qt835O2gUnuDNS77H-7sIbmyOMPUy4V5H74MtLMGA9bQsINUdNYvzQTSkf1HQqvUfGHpCU3Qv0xIqkjqD3rlAMvoPleJv6RzZMzVSQRbQT5byXCezD_Sa-NzHQvpGu6ul7KAi_79io_HMfTPLLcL4?expires=1729720800&signature=cb78397a3593ea0ea17310b2aa4fc2a975cffcd207e869bfdf53b64fd55c793d&req=fSYlF852moBXFb4f3HP0gN2UAA5Sb1IfVjD8vnOmZttQHSPf7f6HcXfGzZbM%0AeFM%3D%0A) +![image](images/Configure_a_Slack_Integration.png) DefectDojo does not have a dedicated Slack app, but one can be easily created for your workspace by following this guide. A Slack app is required for both System and Personal notifications to be sent correctly. - - - ## Create a Slack application - To set up a Slack connection to DefectDojo, you’ll need to create a custom Slack app. - 1. Begin this process from the Slack Apps page: . 2. Click ‘**Create New App**’. 3. Select ‘**From App Manifest**’. 4. Select your Slack workspace from the menu. 5. Enter your App Manifest \- you can copy and paste this JSON file, which includes all the permission settings required to allow the Slack integration to run. ​ - - ``` { "_metadata": { @@ -42,7 +32,7 @@ To set up a Slack connection to DefectDojo, you’ll need to create a custom Sla }, "display_information": { "name": "DefectDojo", - "description": "Notifications from DefectDojo. See https://support.defectdojo.com/en/articles/8863522-configure-slack for configuration steps.", + "description": "Notifications from DefectDojo. See https://docs.defectdojo.com/en/notifications/configure-a-slack-integration/ for configuration steps.", "background_color": "#0000AA" }, "features": { @@ -68,68 +58,45 @@ To set up a Slack connection to DefectDojo, you’ll need to create a custom Sla } ``` - Review the App Summary, and click Create App when you’re done. Complete the installation by clicking the **Install To Workplace** button. - - - ## Configure your Slack integration in DefectDojo - You’ll now need to configure the Slack integration on DefectDojo to complete the integration. - - **You will need Superuser access to access DefectDojo's System Settings page.** - - 1. Navigate to the App Information page for your Slack App, from . This will be the app that was created in the first section \- **Create a Slack application**. ​ 2. Find your OAuth Access Token. This can be found in the Slack sidebar \- **Features / OAuth \& Permissions**. Copy the **Bot User OAuth Token. ​** +![image](images/Configure_a_Slack_Integration_2.png) -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962178744/a59023b7d47dedbcbb7cd3d4/na4CvmsQk_CMrPS2ZvVvVebWIjUkx9GE7NntAIC7Wb1u5vuHByReMjwuYNIekAZIL-tFkYZ9g7c2OS2sP-p9DAUSHlFsE_kkojG5QvjZ1iLO4GYWUa_ZUox2v7yCFNHu46cZyJLAeuC00CogZxsszq4?expires=1729720800&signature=97966950516e644f0268e0286c505926b19b66fa2f719ef53a279a73bd34e7f5&req=fSYlF852moVbFb4f3HP0gOK4lfqm2vEPAzPt%2FdIJ5HOzq9vFYtr%2BpYja6TZI%0A6R8%3D%0A) 3. Open DefectDojo in a new tab, and navigate to **Configuration \> System Settings** from the sidebar. 4. Check the **Enable Slack notifications** box. 5. Paste the **Bot User OAuth Token** from Step 1 in the **Slack token** field. 6. The **Slack Channel** field should correspond to the channel in your workspace where you want your notifications to be written by a DefectDojo bot. 7. If you want to change the name of the DefectDojo bot, you can enter a custom name here. If not, it will use **DefectDojo Notifications** as determined in the Slack App Manifest. -Once this process is complete, DefectDojo can send System\-wide notifications to this channel. Select the Notifications which you want to send from the [System Notifications page](https://support.defectdojo.com/en/articles/8944889-defectdojo-notifications#h_225047bdae). - - +Once this process is complete, DefectDojo can send System\-wide notifications to this channel. Select the Notifications which you want to send from the [System Notifications page](). -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962178761/a5f24f6490b1a043a188441c/R4qt835O2gUnuDNS77H-7sIbmyOMPUy4V5H74MtLMGA9bQsINUdNYvzQTSkf1HQqvUfGHpCU3Qv0xIqkjqD3rlAMvoPleJv6RzZMzVSQRbQT5byXCezD_Sa-NzHQvpGu6ul7KAi_79io_HMfTPLLcL4?expires=1729720800&signature=d43c41e2c6db5c91e49f9c56cbfd21b97e7d84003c3523e65ea07d6d8c154d93&req=fSYlF852modeFb4f3HP0gCrJC5g33foXGAruLI5W3hglBldbY7jvtb8I8wvC%0AwQ0%3D%0A) +![image](images/Configure_a_Slack_Integration_3.png) ## Notes on System\-Wide Notifications in Slack**:** - Slack cannot apply any RBAC rules to the Slack channel that you are creating, and will therefore be sharing notifications for the entire DefectDojo system. There is no method in DefectDojo to filter system\-wide Slack notifications to a Product Type, Product or Engagement. - - If you want to apply RBAC\-based filtering to your Slack messages, enabling personal notifications from Slack is a better option. - - - ## Send Personal notifications to Slack - If your team has a Slack integration enabled (through the above process), individual users can also configure notifications to send directly to your personal Slackbot channel. - 1. Start by navigating to your personal Profile page on DefectDojo. Find this by clicking the 👤 **icon** in the top\-right corner. Select your DefectDojo Username from the list. (👤 **paul** in our example) ​ +![image](images/Configure_a_Slack_Integration_4.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962178777/e91b86cd53793fdfd1b9e9e5/P8dPmKcDtxlXDUHl0gndW0vV_7yYSYczHwF2YkB7Q_xBIvww8ezjJfvu9FIY-4AJn7LWHHZRNY285MmC-5jHQmbwd2O251o_0iOVIbJ_BTnErP4gH_9kfV1Jz1CGtBVqDe9lnIGxbqErHGvnElDvekM?expires=1729720800&signature=69aaeabbb05167d590c91797a44a3e204bd8053091482f9d3b969bf2e1db68ec&req=fSYlF852moZYFb4f3HP0gLhK3cg%2BSrGOEvpkHTnb%2BmHfKk8Tj4wCUH9CmhTy%0AfqI%3D%0A) 2. Set your **Slack Email Address** in the menu. This field is nested underneath **Additional Contact Information** in DefectDojo. - -You can now [set specific notifications](https://support.defectdojo.com/en/articles/8944889-defectdojo-notifications) to be sent to your personal Slackbot channel. Other users on your Slack channel will not receive these messages. - - +You can now [set specific notifications](https://docs.defectdojo.com/en/notifications/about-notifications/) to be sent to your personal Slackbot channel. Other users on your Slack channel will not receive these messages. diff --git a/docs/content/en/notifications/Configure System & Personal Notifications.md b/docs/content/en/notifications/configure_system_notifs.md similarity index 66% rename from docs/content/en/notifications/Configure System & Personal Notifications.md rename to docs/content/en/notifications/configure_system_notifs.md index 0673ace01fc..043ce8b1c02 100644 --- a/docs/content/en/notifications/Configure System & Personal Notifications.md +++ b/docs/content/en/notifications/configure_system_notifs.md @@ -11,7 +11,7 @@ Both your account’s Personal Notifications and the global System Notifications -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962171746/9af3408bde158d43b69606ef/8bOsrZDbI3Jv84cIYM__Mq4Ni4kAD9h1OHis_l69njgePVCIqOo4TOuTbnBW0QDl3rTjJnrFHJ-A_egFUnvkNArVgX4hklFv001nCGhkvSZv-jmIP30KtnOT0UWNmc9hzo8YCqB2oHkwfyKsYDGA83c?expires=1729720800&signature=5cd73122c8a3653130671a90861d323b90ef974ce9bf98061bac5c93356990d5&req=fSYlF85%2FmoVZFb4f3HP0gIsH4DGb8qq8lEaQ9JV7Jg73SGLBgCUn%2BAJK3Ef7%0AfLM%3D%0A) +![image](images/Configure_System_&_Personal_Notifications.png) # Configure System notifications @@ -26,7 +26,7 @@ Both your account’s Personal Notifications and the global System Notifications 4. Check the notification delivery method which you wish to use for each type of notification. You can select more than one. -![Notification settings](https://defectdojo-inc.intercom-attachments-7.com/i/o/962171756/781c4e9d72e150ca150c066c/ZN3QFH1kLyi6ZXc_feqlHTLCYtuRK02DrsKY-JkZtNPWJxmFdu-Xhb-pn4XDs2Bxv5PfNSo77Mtqz58wAV1I99qicz3N0j0VVw3kAHa57uuiU245OnLvu3HG2jQMKrdW0Iq9j6xCKigG5iJpLzDNLHo?expires=1729720800&signature=ad0e4b39f6c3a1186f0b5f2b147bb12dc709a56b134482d05751b6a636523e85&req=fSYlF85%2FmoRZFb4f3HP0gLdWfg0nBIZI5mYeAe%2Bou5OYadwX2Iohcq%2F7%2Fgw4%0AW4s%3D%0A) +![image](images/Configure_System_&_Personal_Notifications_2.png) # Configure Personal notifications @@ -52,7 +52,7 @@ In addition to standard personal notifications, DefectDojo Users can also receiv -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962171765/a70a5c32dfb0eece12ea1962/71DyfI6Gc9rdYlVWaTsa12sUFML215k-VEm2_QVZBXS_1s7l2uKykDTEVAqqzZ7EELeP9ERRfpajZnBrXl95b3QX423EbDvg-DnbdKW0QwSvgBB3fmXZOti1KtDqQBLNa8eHmnBCGVb940ZF38saTZQ?expires=1729720800&signature=cf613e2a0b6168a2ad3ae909d978a357588f198499a8d92724dbb13a573adfb4&req=fSYlF85%2FmodaFb4f3HP0gDl17An72KnPVmRLq%2FLdfPhoV3aySF8a%2BS9q9W3b%0Ajag%3D%0A) +![image](images/Configure_System_&_Personal_Notifications_3.png) This configuration can be changed from the **Notifications** section on the **Product** page: e.g. **your\-instance.defectdojo.com/product/{id}**. diff --git a/docs/content/en/open_source/archived_docs/integrations/social-authentication.md b/docs/content/en/open_source/archived_docs/integrations/social-authentication.md index 97d052d4fac..db2a536f775 100644 --- a/docs/content/en/open_source/archived_docs/integrations/social-authentication.md +++ b/docs/content/en/open_source/archived_docs/integrations/social-authentication.md @@ -86,12 +86,24 @@ to be created. Closely follow the steps below to guarantee success. DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = ['example.com', 'example.org'] {{< /highlight >}} + As an environment variable: + + {{< highlight python >}} + DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = example.com,example.org + {{< /highlight >}} + or {{< highlight python >}} DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = [''] {{< /highlight >}} + As an environment variable: + + {{< highlight python >}} + DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = email@example.com,email2@example.com + {{< /highlight >}} + ## OKTA In a similar fashion to that of Google, using OKTA as a OAuth2 provider diff --git a/docs/content/en/open_source/upgrading/2.36.md b/docs/content/en/open_source/upgrading/2.36.md index ceaa8c77d14..86671001e0d 100644 --- a/docs/content/en/open_source/upgrading/2.36.md +++ b/docs/content/en/open_source/upgrading/2.36.md @@ -5,7 +5,7 @@ weight: -20240603 description: Breaking Change for HELM deployments with PostgreSQL --- -Previous HELM deployments (HELM chart `<=1.6.136`, DefectDojo `<=2.35.4`) used a pinned version of PostgreSQL in versions `11.x`. These are incompatible with Django in version `4.2` (used from DefectDojo version `3.36.0`; HELM chart `1.6.137`). Because of this, it is necessary to upgrade PostgreSQL to version `12.x` or higher. DefectDojo in version `3.36.1` (HELM chart `1.6.138`) uses this new version of PostgreSQL. +Previous HELM deployments (HELM chart `<=1.6.136`, DefectDojo `<=2.35.4`) used a pinned version of PostgreSQL in versions `11.x`. These are incompatible with Django in version `4.2` (used from DefectDojo version `2.36.0`; HELM chart `1.6.137`). Because of this, it is necessary to upgrade PostgreSQL to version `12.x` or higher. DefectDojo in version `2.36.1` (HELM chart `1.6.138`) uses this new version of PostgreSQL. Unfortunately, an upgrade of PostgreSQL is not enough because PostgreSQL does not support automatic migration of data structures in the filesystem. Because of this, migration is needed. There are different ways (many of them similar to migration between different database backends (e.g. from MySQL to PostgreSQL)). Please find inspiration and the best fitting way for you in: diff --git a/docs/content/en/open_source/upgrading/upgrading_guide.md b/docs/content/en/open_source/upgrading/upgrading_guide.md new file mode 100644 index 00000000000..e7662f7e575 --- /dev/null +++ b/docs/content/en/open_source/upgrading/upgrading_guide.md @@ -0,0 +1,70 @@ +--- +title: "Upgrading Guide" +description: "Release specific upgrading instructions" +draft: false +sidebar: + collapsed: true +weight: -900000000 +--- + +## Docker compose + +When you deploy a vanilla docker compose, it will create a persistent +volume for your Postgres database. As long as your volume is there, you +should not lose any data. + +### Using docker images provided in DockerHub + +If you\'re using `latest`, then you need to pre pull the `latest` from +DockerHub to update. + +The generic upgrade method for docker compose are as follows: +- Pull the latest version + + ``` {.sourceCode .bash} + docker pull defectdojo/defectdojo-django:latest + docker pull defectdojo/defectdojo-nginx:latest + ``` + +- If you would like to use a version other than the latest, specify the version (tag) you want to upgrade to: + + ``` {.sourceCode .bash} + docker pull defectdojo/defectdojo-django:1.10.2 + docker pull defectdojo/defectdojo-nginx:1.10.2 + ``` + +- If you would like to use alpine based images, you specify the version (tag) you want to upgrade to: + + ``` {.sourceCode .bash} + docker pull defectdojo/defectdojo-django:1.10.2-alpine + docker pull defectdojo/defectdojo-nginx:1.10.2-alpine + ``` + +- Go to the directory where your docker-compose.yml file lives +- Stop DefectDojo: `./dc-stop.sh` +- Re-start DefectDojo, allowing for container recreation: + `./dc-up-d.sh` +- Database migrations will be run automatically by the initializer. + Check the output via `docker compose logs initializer` or relevant k8s command +- If you have the initializer disabled (or if you want to be on the + safe side), run the migration command: + `docker compose exec uwsgi /bin/bash -c "python manage.py migrate"` + +### Building your local images + +If you build your images locally and do not use the ones from DockerHub, +the instructions are the same, with the caveat that you must build your images +first. +- Pull the latest DefectDojo changes + + ``` {.sourceCode .bash} + git fetch + git pull + git merge origin/master + ``` + +Then replace the first step of the above generic upgrade method for docker compose with: `docker compose build` + +## godojo installations + +If you have installed DefectDojo on "iron" and wish to upgrade the installation, please see the [instructions in the repo](https://github.com/DefectDojo/godojo/blob/master/docs-and-scripts/upgrading.md). diff --git a/docs/content/en/pro_reports/Using the Report Builder.md b/docs/content/en/pro_reports/using_the_report_builder.md similarity index 50% rename from docs/content/en/pro_reports/Using the Report Builder.md rename to docs/content/en/pro_reports/using_the_report_builder.md index b67117095f8..524183a1c26 100644 --- a/docs/content/en/pro_reports/Using the Report Builder.md +++ b/docs/content/en/pro_reports/using_the_report_builder.md @@ -3,221 +3,147 @@ title: "Using the Report Builder" description: "Build and publish custom reports for external audiences, or your own records" --- -DefectDojo allows you to create Custom Reports for external audiences, which summarize the Findings or Endpoints that you wish to report on. Custom Reports can include branding and boilerplate text, and can also be used as **[Templates](https://support.defectdojo.com/en/articles/9367528-working-with-generated-reports)** for future reports. - - - -# Opening the Report Builder +DefectDojo allows you to create Custom Reports for external audiences, which summarize the Findings or Endpoints that you wish to report on. Custom Reports can include branding and boilerplate text, and can also be used as **[Templates](https://docs.defectdojo.com/en/pro_reports/working-with-generated-reports/)** for future reports. +## Opening the Report Builder The Report Builder can be opened from the **📄Reports** page on the sidebar. - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668657/d149242028cea25e8114b666/qiA-SC4CLojnPIBQFJ7HkqQ5P7QQT-Hbo_4ZL1U5SLtvOjauQfK5nr276tyG28BWkHWpxbXyBlRyKEMoBJhIU05923KW7do0TdloBdZ339JIVvjTSRKC_FFW1FpUnG2xnM3LgKKXuOsgMvn5vQ-7yYo?expires=1729720800&signature=86da67f31863d06a6d6066e37461ebc3ab4fa7d1ed1e31d78dccdb6ae091293a&req=dSAiH894lYdaXvMW1HO4zYTHA4kYzFbXGD3pjms%2FaPWm4NRJKHCIfFYxrKIu%0APBVL%0A) +![image](images/Using_the_Report_Builder.png) The report builder page is organized in two columns. The left **Report Format** column is where you can design your report, using widgets from the right **Available Widgets** column. +![image](images/Using_the_Report_Builder_2.png) +## Step 1: Set Report Options -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668681/fc43eee902f2d9892c2858ad/di7AqHpuoVBD527GMbmUU4g3xViyrzF4nDIZRmKKLXKmgpu5FJU837mn-Txa0egjF7gqs10vl1ls8b6zZHFmmu4Ceu33gPd7R9LPzHXLU79-_QDiVjXNkJHOmjl6uGPmzvkrtrJmMT3bacpoRo7-a4k?expires=1729720800&signature=474de3f5c935cad8cb4564e89868ee57da2368fc8492dbe7c4f56eb5332fe0f2&req=dSAiH894lYdXWPMW1HO4zUkXPkPuwVumZ1gLKNFFUSpoSVwSph0rDjPojnwd%0Af6RA%0A) +![image](images/Using_the_Report_Builder_3.png) -# Step 1: Set Report Options - - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668702/757104b09b49cbcf83d3b6fc/Zl2lKAU3KWuVtlCunSK2bVyrw398CQeh8CCAOY72GVW5WMxlME59qTrQawLiuq5e8E0Da6elvpBs0Fo9HIMfMaV1O7Uvkvj_lK4uciDFgA1puiyWwss5MCWEyrLaiy6ijUoK9iJ7ygzb5afbJ4dBkKo?expires=1729720800&signature=9d421bb96e18b0407be5a6ab4b113f63a7059e469a31251d1c1d58a779632bf6&req=dSAiH894lYZfW%2FMW1HO4zd38o20biDfaLBNaWL2wZpj9WooJDzcHaIKkCAIv%0AJ%2BmV%0A) From the Report Options section, you can take the following actions: - * Set a **Report Name** for the Report or Template * Include user\-created **Finding Notes** in the report * Include **Finding Images** in the report * Upload a header **Image** to the report - -## Select a header image for your report - +### Select a header image for your report To add an image to the top of your report, click the **Choose File** button and upload an image to DefectDojo. - - The image will automatically resize to fit the document, and will render directly above your **Report Name**. +![image](images/Using_the_Report_Builder_4.png) - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668715/d62e5d01e6322c4de5753c46/75kSgNSTofd59iGYCZvmGKYKc68QCGuKvihvQ1Ghd3jwJRdbLp6YAlqa7EIUQWVk8X6scpk-ctAPx4ON67i64AeaKXtMulH4B_J41A-4PiFxPssV3yPital5bahMDRnq8BYJvA78cpzZynq07Fo5dTM?expires=1729720800&signature=dd455f58ada29c952a3bd0ff8054837692bacd7f52500f8c7c3c9d50df514dd2&req=dSAiH894lYZeXPMW1HO4zaIJOBeuo49c5ejU69mXwasRIZ6a6Gft8W1Oux2i%0AoHQt%0A) - -# Step 2: Add content to your report with Widgets - +## Step 2: Add content to your report with Widgets Once you have set your Report Options, you can begin to design your report using DefectDojo’s widgets. - - Widgets are content elements of a report which can be added by dragging and dropping them into the Report Format column. The final Report will be generated based on the position of each Widget, with the **Report Name** and **Header Image** rendered at the top. - * The elements of your report can be reordered by dragging and dropping your widgets into a new order. * To remove a widget from a report, click and drag it back to the right column. * Widgets can also be collapsed by clicking on the grey header, for ease in navigation through a report builder. * The Findings Widget, WYSIWYG Widget and the Endpoints widget can be used more than once. - -## Cover Page Widget - +### Cover Page Widget The Cover Page Widget allows you to set a Heading, Sub heading and additional metadata for your report. You can only have a single Cover Page for a given Report. +![image](images/Using_the_Report_Builder_5.png) -## - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668733/2522de823fd048e072c972f8/Z06otmw5EcLKbfx6JzBDqqrvkO8T6AHAgMrYYsS3RCd3PqoKZ2lL-tSoTrA-MMvnSuhPTO7kwIWbBFg6yGCKR-HpyCFCWiCztoOUVYQ7oQTJGZPTkFLpKiK_dolIHCjHRlmaZVlXpI4I0IbmGoNVGgQ?expires=1729720800&signature=1a0e94643a63175a9203668f2de2eb1ba324e9d0f4ba4402be7c8f31826a8267&req=dSAiH894lYZcWvMW1HO4zTwHGAjzTDMbJMT9RA4HP84r3prZFbAKtBemB7fA%0AD0%2B8%0A) -## Executive Summary Widget - +### Executive Summary Widget The Executive Summary widget is intended to summarize your report at a glance. It contains a Heading (defaults to Executive Summary), as well as a text box which can contain whatever information you feel is required to summarize the report. +![image](images/Using_the_Report_Builder_6.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668750/9ef673c9e58e4648397a72d7/Q9_fk5LqZlgHS2N4tL2HyVB1lg5RW7ek0mipaOEWUFgi0sHmQCmJYBKngawpR7Oo7NrEuebFbWIIMHpaTEHIgB0tyCuWMgSUTqtYDi9CSZCATrobCSFvNI5fxq4xKyGJFvN9RQOpBw-ISDZfkXZoX2w?expires=1729720800&signature=d2af7dc8ca8926eddd8c3c0e6fc4b3e3800bdc6c6a75261ab4c3e797a17e4e1e&req=dSAiH894lYZaWfMW1HO4zSgZrnEu4v9f8iDvHdpabgdb31RLyLi%2B5lw286sJ%0AQXqH%0A) You can also **Include SLAs** in your executive summary. To add images, markup formatting or anything beyond pure text, consider adding a **WYSIWYG Content Widget** immediately after the executive summary. - * You can only have a single Executive Summary for a given Report. * If your Report contains multiple SLA configurations (I.E. you have Findings from separate Products which each have their own standards for SLA) each SLA configuration will be listed on the Executive Summary as a separate row. - -## Severities Widget - +### Severities Widget As each organization will have different definitions for each severity level, the Severities Widget allows you to define the Severity Levels used in your report for ease of understanding. +![image](images/Using_the_Report_Builder_7.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668769/4ed67d61b24d76230e199027/vBzduetm_xuyj-Id_ea3XrWj39N90ZRakQsQTJAeghNhZjIlVJlbNiwI8DnjPkEcc0h_c7QA_Bt90bv0j4tlLbZH5Tov5Dtzp8twGcHMmWRgzuOrVbiESxHTZhA5ZHhUL-tJ32L4FzlfB4qVLtL69HM?expires=1729720800&signature=3708e508a8a083efd2b06dcf93e1c747ba81f281a92d65c0562394dc5c317465&req=dSAiH894lYZZUPMW1HO4zWi%2FMsH6d%2BF7zDGqlenGyd1o7J6UGLbpIIAdseIH%0Ax%2Buj%0A) -## Table Of Contents Widget - +### Table Of Contents Widget The Table Of Contents Widget creates a list of each Finding in your report, for quicker access to specific Findings. The table of contents will create a separate heading for each Severity contained within the report. Each Finding listed in the table of contents will have an anchor link attached to quickly jump to the Finding in the report. +![image](images/Using_the_Report_Builder_8.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668783/ac40a1a4cf6754b045f2a95d/z6MDXX6XbQULSPzJ7pS334JRAsqj_ozIuEiKD4t6yYSEywEA66N-u0rLZtx4wYvUtVv0LcIgLgB7cnmvPLKJURndFWwvcmr5u_LBPdOlILkwjig1_VNqRrCTcUruAYkiaT8qzloYx9Qk8vFbzVA-g_A?expires=1729720800&signature=f3cfefa777f03101e6c2317a84ab4b68830b21d60b0467d876658109db3711ff&req=dSAiH894lYZXWvMW1HO4zTVqo38kvEyYe4VstbFGMYhKkv9412DDgaRnG631%0Ak%2BgB%0A)* Set an optional **Heading** for your Table Of Contents if you wish. * You can add a section of **Custom Content**, which will add text underneath the Heading. * You can upload an image to the Table Of Contents by clicking the **Choose File** button next to the **Image** line. The uploaded image will render directly above the **Heading** selected. Images will be resized to fit the document. - -## WYSIWYG Content Widget - +### WYSIWYG Content Widget The WYSIWYG (What You See Is What You Get) widget can be used to add a section containing text and images in your report. Multiple copies of this Widget can be added to add context to other sections of your report. +![image](images/Using_the_Report_Builder_9.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668799/7e2d199dfb523e6e9b8575e0/Zl0xqUXPzqIAHnxPqoti3dIi9Ok8BsUpVBiYj3WEy3R24b3y9t2dP4tL3CFsfRW88Py0FQL64i4X-uDL9hRUUI1CAzUOriTOmqYEYEjR7WD2PtbeDo0iN8a6SiFn2gBRGw9y36zTqol6zAE-KlNI56I?expires=1729720800&signature=669d522b6f16047bbe7e71394143d3f55fbe39fdbb35964f6ab10d2d39a1b7ee&req=dSAiH894lYZWUPMW1HO4zTHuMUGRWo1X3HdWDZf%2FwZLsh3h5gPVX4gN0Sqv7%0AO6Mu%0A) * WYSIWYG Content can include an optional Heading. * Images can be added to a WYSIWYG widget by dragging and dropping them directly into the **Content** box. Images inserted into the Content box will render at their full resolution. * You can add multiple WYSIWYG widgets to a report. - -## Findings Widget - +### Findings Widget The Findings Widget provides a list and summary of each Finding you want to include in your report. You can set the scope of the Findings you wish to include with Filters. - - The Findings Widget is divided into two sections. The upper section contains a list of filters which can be used to determine which Findings you want to include, and the lower section contains the resulting list of Findings after filters are applied. - - To apply filters to your Findings widget, set the filter parameters and click the **Apply Filter** button at the bottom. You can preview the results of your filter by checking the Findings list located underneath the Filters section. +![image](images/Using_the_Report_Builder_10.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668827/54fbccc5dc6c37e974544f67/9tAorgi2LtsrutVn2oAi---8TxULQRm3WdUBXXYnG4Un8Hxvn-lLMF9YeyZprenDpMpn_pXlfqV0HPCxMleeKrAAfISpqCakc9DWGtChyWpy1fSTDKDJKhUqbZhXK853ILnOodbMRPMUOW3JMWyRmmA?expires=1729720800&signature=07e89018412575f5452488734e335ca52ec7c5c386a3c5b4820ed72ea44264b6&req=dSAiH894lYldXvMW1HO4zeRXczzna2ND%2FjJ5fjQdd42%2BX0Al7y0N38CoHXcQ%0ArAOZ%0A)* The resulting list of Findings will be split up into sections by **Severity Level**. Note that DefectDojo data model components (Test, Engagement or Product) will not be represented in the report, only a list of Findings. * As with Widgets, the Filters section can be expanded and collapsed by clicking the gret Filters header. * You can add multiple separate Findings Widgets to your report with different filter parameters if you want the report to contain more than one list of Findings. -* Only the Findings you are authorized to view are included in these listings, with respect to Role\-Based Access Control - -## - - -### Example Rendered Finding List - - +* Only the Findings you are authorized to view are included in these listings, with respect to Role\-Based Access Control. -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668863/33ab8747223d12cc74452025/JGKDzkDo79C7U2L2T0cC9_UKd0aCrI2R3NWZA3bAo1lcAtH3TsSNirvToX15TpDLIzdZ6qVOTWAa9tpE0bXpeZ6OLgTCA3_nMUerraHYsrhu7ZbAINVWNkd-sWs_MMg3ZwhE5Q4RYWj1_xWrcD2A1Zk?expires=1729720800&signature=9bd3481d52352937f34305772f9eb7ea6a79c191a9f2268785ce15c8dc4b32cf&req=dSAiH894lYlZWvMW1HO4zV%2Bgt3R5%2FTAnT7RYCBj%2Frv4IjWgmaLlIyRPCTtWH%0Am%2F%2Ff%0A) +#### Example Rendered Finding List -## Vulnerable Endpoints Widget +![image](images/Using_the_Report_Builder_11.png) +### Vulnerable Endpoints Widget The Vulnerable Endpoints widget is similar to the Findings widget. You can use this widget to list all Findings for specific Endpoints, and sort the Finding list by Endpoint instead of by Severity level. - - The **Vulnerable Endpoints** widget will list each active Finding for the Endpoints selected. Rather than creating a single list of unsorted Findings this feature will separate them into their Endpoint context. - - As with the Findings Widget, the Vulnerable Endpoints Widget is divided into a Filter section and a list of resulting Endpoints from the filter parameters. +![image](images/Using_the_Report_Builder_12.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668880/0e1efc285e326249be4179e0/Szk-7f4eMk_NKNKPAUpkzRsO5VNFwwYAGFco85IbJg4lCEHYObQFHTm0vooxwV4750IKjLkcelCD6UqYP3j2Mw2io9KGGWWxGZfLmNrL4gCIeSz91yMPVCXf4K6GKQM1sLRbwG-avNp3_OlrsFTNJeA?expires=1729720800&signature=27d50b0bb16547abf2882c11ce905c850748330b931813277d046e46b29de2fb&req=dSAiH894lYlXWfMW1HO4zVU6RSjhv0UByCQSNwvLkLTsBMiDy%2FB3c%2F2aDaSl%0AI2gy%0A) Select the parameters for the Endpoints you wish to include here and click the **Apply Findings** button at the bottom. You can preview the results of your filter by checking the Endpoints list located underneath the Filters section. - * You can add multiple separate Vulnerable Widgets to your report with different filter parameters if you want the report to contain more than one list. * Only the Findings you are authorized to view are included in these listings, with respect to Role\-Based Access Control. - -## \-\-\-\-\-\-\-\-\-\-\-\-\-\- (separator) Widget - - +### ---- (separator) Widget This Widget will render a light grey horizontal line to divide between sections. +![image](images/Using_the_Report_Builder_13.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668908/6329423a4a2af18a5c1d4a7b/LUGV4_gdfMrrqWEYcVUipme5N2vHUyhHTq1K6I04-sYnApm2F7GmmgJ-WXOZBVG2hh9HqJ3szm_OipCW2jh6KLY5I3w2viOUZYhWLdduoBFeeNq5qG99Ct0erE1KJVK-NCJx03hw05roWuxsQtQGhnU?expires=1729720800&signature=f311c841a18fa3c43ace8dff97da3ecfc0d592f245e49e9588eec50c1cbcc61b&req=dSAiH894lYhfUfMW1HO4zSn2LKgUlf6SVJsVNa7AJPTnjquPDCFg66OloIGc%0ACs%2F0%0A) - -# Step 3: Publishing and viewing your Report - +## Step 3: Publishing and viewing your Report Once you have finished building your report, you can generate it by clicking the green ‘**Run’** button at the bottom of the **Report Format** section. - - This will automatically take you to the Generated Reports page, and your report will begin to generate in the background. You can check on the Status of your report by reading the Status column next to it, and refreshing the page periodically. - - Once your report has generated, you can view it by either clicking on the **Status** (which will be set to ‘Complete: View Report’), or by opening the **⋮** menu next to your report and selecting **View Report**. +![image](images/Using_the_Report_Builder_14.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668933/94b598eda87056948041d01a/3p-IVZqmk3TFbZth5i8j8E6nAn4U4PRCGIZ1kUiPLqCmFXXB0VQr4r5Fod0I4Z5cgxaFtaFq1JuQJvWaxpiOEIPCUyYBsOLWEaSEsDs6gFhtSrZ3ryiVolap1Cr7Z0w0jmzufsLe_3Lfgv78U1CAALE?expires=1729720800&signature=efd7cced529fbcdf08ea0fb6c91c2dd96fa15104bc2e69abb811542f3bf4f42b&req=dSAiH894lYhcWvMW1HO4zU7eIAlzp8yFaVkMjW00jNSD7WxnDKf7klUA3Vaw%0Avkcv%0A) - -# Step 4: Exporting a Report - +## Step 4: Exporting a Report Only DefectDojo users will have access to Reports stored in the software, but Reports are set up in a way where they can be exported or printed easily. - - The easiest method to use is to Print To PDF \- with an HTML Report open, open a **Print** dialog in your browser and set **Save To PDF** as the **Print Destination**. +![image](images/Using_the_Report_Builder_15.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668954/b704c7ddaac96d4eb64cf5e4/JKKw_F3C8W6glSYytDhXMkewmRpKoxjwLzkU32E_YJEanOvfHEpcwnEILqet46Sep5cRqS2F4KkrwjXqF2Wu6en0d1RtfctRP-_-Sva2pbcqvHwZb3L51y6iKX1uORlK1MAjsyPxIgL1B3C2bCNxiXk?expires=1729720800&signature=a111990b482823eafc2bff32c1d23233ec1520d3ab1794c3a5c72dc526287782&req=dSAiH894lYhaXfMW1HO4zf8CfRrJhPkgv7slZsXFhSnKeIbnMRCyo37GDmYC%0ADPz1%0A) - -# Report formatting suggestions - +## Report formatting suggestions * WYSIWYG sections can be used to contextualize or summarize Finding lists. We recommend using this widget throughout your report in between Findings or Vulnerable Endpoints widgets. - diff --git a/docs/content/en/pro_reports/Working with Generated Reports.md b/docs/content/en/pro_reports/working_with_generated_reports.md similarity index 66% rename from docs/content/en/pro_reports/Working with Generated Reports.md rename to docs/content/en/pro_reports/working_with_generated_reports.md index 6b4af34e6d9..fc49e0c8cd3 100644 --- a/docs/content/en/pro_reports/Working with Generated Reports.md +++ b/docs/content/en/pro_reports/working_with_generated_reports.md @@ -10,7 +10,7 @@ Once you have created one or more **Reports** in DefectDojo you can take further * Re\-running a report with updated data * Deleting an old or unused reportsa -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059671281/7eebaaae55e5e8fb36a381af/3p-IVZqmk3TFbZth5i8j8E6nAn4U4PRCGIZ1kUiPLqCmFXXB0VQr4r5Fod0I4Z5cgxaFtaFq1JuQJvWaxpiOEIPCUyYBsOLWEaSEsDs6gFhtSrZ3ryiVolap1Cr7Z0w0jmzufsLe_3Lfgv78U1CAALE?expires=1729720800&signature=6877ef645bcd73141676996d52389b6b683b7c3874debd5cf651de9121942c39&req=dSAiH895nINXWPMW1HO4zWepnUDyncjCPKq3%2FkKW0dqikTePlld1Oi%2BUMCy5%0AbeAB%0A) +![image](images/Working_with_Generated_Reports.png) # Use a report as a Template @@ -33,7 +33,7 @@ Both of these pages can be found in the 📄 **Reports** tab on the sidebar. -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059671304/ccd08efd53df3d0970c451ba/SXnDhXKLNvsz3gPfQwW9ek2RLJ_TydFt3FNWemB1kSNTkyl0tXPmq493HmbFKMwKiMLyHSMF2d9gq6kYDwH0xRxm-heHzUmAalQv7LHkj2jnfHSPeQru-kgrt1qXqHbz-UElAFbwpQZu6p0gpmJlVZM?expires=1729720800&signature=a4ab9f2e4a32458a21e2e9894fa6056310cd22086d2844411782060e861ff6f1&req=dSAiH895nIJfXfMW1HO4zUL7Ism3uP7AGXfgyZwij4MGHxy3uKUdnG4sCf7w%0AZarK%0A) +![image](images/Working_with_Generated_Reports_2.png) To access the **Report Templates** page, open 📄**Reports \> Report Templates** from the sidebar. From that table, you can open the report builder by clicking the **⋮** menu next to the report you wish to use as a template. @@ -58,7 +58,7 @@ Selecting this option will create a new report in the **Generated Reports** list -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059671323/e1d821fba1ace5d7896bf482/jxJ7QWWvw1CKOUnS7zc5FI7UjCRKJ3qobQNSTC8lTHi663VJoqe_XbVboGcAEFR5Lulk9c0HPhfmmqaPUAxqQ54mggQG8WtpdtPSXQKOuiSXMRmREcItfJLmmqkX2l_aIcXQUbJLMGflmWIkbPTgc78?expires=1729720800&signature=acd68b15972699601dda8c6954e0fd8b812411a76f4bea58b1a37cb83dc56086&req=dSAiH895nIJdWvMW1HO4zffauUxOD2Xn6VQCrLltw35ImuPGf8piwAMDmWJL%0AHA6J%0A) +![image](images/Working_with_Generated_Reports_3.png) # Deleting a Report diff --git a/docs/content/en/user_management/About Permissions & Roles.md b/docs/content/en/user_management/about_perms_and_roles.md similarity index 90% rename from docs/content/en/user_management/About Permissions & Roles.md rename to docs/content/en/user_management/about_perms_and_roles.md index 2b965f1d854..76c5f1bef9a 100644 --- a/docs/content/en/user_management/About Permissions & Roles.md +++ b/docs/content/en/user_management/about_perms_and_roles.md @@ -5,15 +5,10 @@ description: "Summary of all DefectDojo permission options, in detail" If you have a team of users working in DefectDojo, it's important to set up Role\-Based Access Control (RBAC) appropriately so that users can only access specific data. Security data is highly sensitive, and DefectDojo's options for access control allow you to be specific about each team member’s access to information. - - - -# Types of Permissions - +## Types of Permissions DefectDojo manages four different kinds of permissions: - * Users can be assigned as **Members** to **Products or Product Types**. A Product Membership comes with a **Role** which allows your users to view and interact with Data Types (Product Types, Products, Engagements, Tests and Findings) in DefectDojo. Users can have multiple Product or Product Type memberships, with different levels of access. ​ * Users can also have **Configuration Permissions** assigned, which allow them to access configuration pages in DefectDojo. Configuration Permissions are not related to Products or Product Types, and are not associated with Roles. @@ -22,29 +17,18 @@ DefectDojo manages four different kinds of permissions: ​ * Users can be set up as **Superusers**: administrator level roles which give them control and access to all DefectDojo data and configuration. - Each of these Permission types can also be assigned to **User** **Group**. If you have a large number of users in DefectDojo, such as a dedicated testing team for a particular Product, Groups allow you to set up and maintain permissions quickly. - - - -# Product/Product Type Membership \& Roles - +## Product/Product Type Membership \& Roles When users are assigned as members to a Product or Product Type, they also receive a role which controls how they interact with the associated Finding data. - - -## Role Summaries - +### Role Summaries Users can be assigned a role of Reader, Writer, Maintainer, Owner or API Importer, either globally or within a Product / Product Type. - - ‘Underlying data’ refers to all Products, Engagements, Tests, Findings or Endpoints nested under a Product, or Product Type. - * **Reader Users** can view underlying data on any Product or Product Type they are assigned to, and add comments. They cannot edit, add or otherwise modify any of the underlying data, but they can export Reports and add Notes to data. ​ * **Writer Users** have all Reader abilities, plus the ability to Add or Edit Engagements, Tests and Findings. They cannot add new Products, and they cannot Delete any underlying data. @@ -55,31 +39,20 @@ Users can be assigned a role of Reader, Writer, Maintainer, Owner or API Importe ​ * **API Importer** **Users** have limited abilities. This Role allows limited API access without exposing the majority of the API endpoints, so is useful for automation or users who are meant to be ‘external’ to DefectDojo. They can view underlying data, Add / Edit Engagements, and Import Scan Data. -For detailed information on Roles, please see our **[Role](https://support.defectdojo.com/en/articles/8955600-user-permission-charts#h_ee05c5f5df)** [**Permission Chart**](https://support.defectdojo.com/en/articles/8955600-user-permission-charts#h_ee05c5f5df)**.** - - - -## Global Roles +For detailed information on Roles, please see our **[Role Permission Chart](https://docs.defectdojo.com/en/user_management/user-permission-charts/)**. +### Global Roles Users with **Global Roles** can view and interact with any Data Type (Product Types, Products, Engagements, Tests and Findings) in DefectDojo depending on their assigned Role. - - -## Group Memberships - +### Group Memberships User Groups can be added as Members of a Product or Product Type. Users who are part of the Group will inherit access to all associated Products or Product Types, and will inherit the Role assigned to the Group. - - - -### Users with multiple roles - +#### Users with multiple roles * If a User is assigned as a member of a Product, they are not granted any associated Product Type permissions by default. - * A User's Product Role always supersedes their 'default' Product Type Role. ​ * A User's Product / Product Type Role always supersedes their Global Role within the underlying Product or Product Type. For example, if a User has a Product Type Role of Reader, but is also assigned as an Owner on a Product nested under that Product Type, they will have additional Owner permissions added for that Product only. @@ -88,51 +61,28 @@ User Groups can be added as Members of a Product or Product Type. Users who are ​ * Superuser status always supersedes any Roles assigned. - - -# Superusers - +## Superusers Superusers (Admins) have no limitations in the system. They can change all settings, manage users and have read / write access to all data. They can also change access rules for all users in DefectDojo. Superusers will also receive notifications for all system issues and alerts. - - By default, the first account created on a new DefectDojo instance will have Superuser permissions. That user will be able to edit permissions for all subsequent DefectDojo users. Only an existing Superuser can add another superuser, or add a Global Role to a user. - - - -# Configuration Permissions - +## Configuration Permissions Configuration Permissions, although similar, are not related to Products or Roles. They must be assigned separately from Roles. **Regular** **users do not have any Configuration Permissions by default, and assigning these configuration permissions should be done carefully.** - - Users can have Configuration Permissions assigned in different ways: - 1. Users can be assigned Configuration Permissions directly. Specific permissions can be configured directly on a User page. -​ + 2. User Groups can be assigned Configuration Permissions. As with Roles, specific Configuration Permissions can be added to Groups, which will give all Group members these permissions. Superusers have all Configuration Permissions, so they do not have a Configuration Permission section on their User page. - - -## Group Configuration Permissions - +### Group Configuration Permissions If users are part of a Group, they also have Group Configuration Permissions which control their level of access to a Group’s configuration. Group Permissions do not correspond to the Group’s Product or Product Type membership. - - If users create a new Group, they will be given the Owner role of the new Group by default. - - -For more information on Configuration Permissions, see our **[Configuration Permissions Chart](https://support.defectdojo.com/en/articles/8955600-user-permission-charts)**. - - - - +For more information on Configuration Permissions, see our **[Configuration Permissions Chart](https://docs.defectdojo.com/en/user_management/user-permission-charts/)**. diff --git a/docs/content/en/user_management/Configure Single-Sign On Login.md b/docs/content/en/user_management/configure_sso.md similarity index 67% rename from docs/content/en/user_management/Configure Single-Sign On Login.md rename to docs/content/en/user_management/configure_sso.md index 35fe1bec91f..019dd9c41d1 100644 --- a/docs/content/en/user_management/Configure Single-Sign On Login.md +++ b/docs/content/en/user_management/configure_sso.md @@ -30,12 +30,12 @@ If you would like to add DefectDojo to your SAML Identity Provider, here is the ​ -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962203362/711708ba18887c909eb7e315/9UD98h1gZT6IlhmTeHCFrypNcbJnRjqXLvrL4YOShDvR5DPTrr1sG8ohEkWS8d0NSPs2-Kz7jRM3CKvMfmO3CVx6V8OpiT98V75L8IyEA5iq4m1YIZmiBSsYshvuFZYcppzueBz3pA7A_5q_BuQSj2A?expires=1729720800&signature=d0240c843f37d66039cb98dd73ebee04e450002e9e31644517a207a0c54c7565&req=fSYlFMl9noddFb4f3HP0gNqGPNxDYkTTpt0uyAWrCi5EKyiDsGePVH3rfF2a%0AjNo%3D%0A) +![image](images/Configure_Single-Sign_On_Login.png) 2. Open the SAML tab from this page to configure your sign\-on settings. ​ -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962203371/122013c5bd92a17058bffcc9/WxdWys-zS52WnnWj8hN_MSd181XqoLt0ovx28_1TxiXGngclO0rZx3rHM1d6NBvbAuZLzT9YNjsrIPhlJx7UOOLkftWL2fcUzFwKzEzHxzhp30cqaECI-XTwiTekk7UNCofh7xyDyMJ4E7-MjqhEApM?expires=1729720800&signature=8783a41b09e02104c10c696be712ce843d80406da16acc9091b843057d41bb50&req=fSYlFMl9noZeFb4f3HP0gOOiXRyUrpec5LNNWeTj47Yz9rMjGNIySCYTH1xh%0AiKE%3D%0A) +![image](images/Configure_Single-Sign_On_Login_2.png) 3. Complete the SAML form. Start by setting an **Entity ID** \- this is either a label or a URL which your SAML Identity Provider can point to, and use to identify DefectDojo. This is a required field. ​ 4. If you wish, set **Login Button Text** in DefectDojo. This text will appear on the button or link users click to initiate the login process. @@ -65,7 +65,7 @@ This is a required field for this form. 11. Finally, check the **Enable SAML** checkbox at the bottom of this form to confirm that you want to use SAML to log in. Once this is enabled, you will see the **Login With SAML** button on the DefectDojo Login Page. -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962203378/5569f32d153fb51d9a725e54/OCJmjuI1gLuEbNaMjpore21_xlbVFZCfcChthYdnXjkDE1W_-HyfSTDbJfASHNZX0myFYWWL0eqV0oyQ-4gOBJrSCtwn47SXDli8dPopFNZb34k9i4T2GfPfkhPi1-1J-X9-Op0EVIRvx41BPx3w0Yw?expires=1729720800&signature=512df502470da5028b0e41bfb4e1b3671260b9292f5e49ec1bc72298259fb602&req=fSYlFMl9noZXFb4f3HP0gDNvSgyDTmnMnfcjRvKa660M%2BhNfabgrDzvgB6QV%0AiX4%3D%0A) +![image](images/Configure_Single-Sign_On_Login_3.png) ## Additional SAML Options: @@ -103,12 +103,12 @@ This is a required field for this form. ​ -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962203384/0f0a7284a08e975fc6d274ad/9UD98h1gZT6IlhmTeHCFrypNcbJnRjqXLvrL4YOShDvR5DPTrr1sG8ohEkWS8d0NSPs2-Kz7jRM3CKvMfmO3CVx6V8OpiT98V75L8IyEA5iq4m1YIZmiBSsYshvuFZYcppzueBz3pA7A_5q_BuQSj2A?expires=1729720800&signature=ebc69ccc466b50855ef4e021678302c910e5122b1efe85a4f3177125c13d4818&req=fSYlFMl9nolbFb4f3HP0gDJIgX6Exhy5n7%2FXJaBEZZbyHTcVfeAqpDsS9WA7%0AgI8%3D%0A) +![image](images/Configure_Single-Sign_On_Login_4.png) 2. From here, navigate to the OAuth tab and select the service you want to configure from the list. ​ -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962203390/feb13027b266b7f1a56c3c6a/lyWcUB9Jyf5ZQzDXvjrX830ShYi0AduEa7UJmtmZhabeNpjLhbHGNlcDtEXj6H44KFGJMmpE-ym55m-T5jvPDHoWabIMjo5hoRgOsr2fJk5EpCMyzmZ2fSE-JWMgIfDz8g6fTB2vuFQf703pcQILAgY?expires=1729720800&signature=bc4fb3d86492eaba3420063f792926ab3aaa884a36a988ad1cdd6ae6aae3d74e&req=fSYlFMl9nohfFb4f3HP0gM6xKW5NsJPRtLYFcZOwplcZ%2Bfx5dKJvKR%2BMjmNV%0AoOE%3D%0A) +![image](images/Configure_Single-Sign_On_Login_5.png) 3. Complete the relevant OAuth form. ​ 4. Finally, check the **Enable \_\_ OAuth** button from below, and click **Submit**. diff --git a/docs/content/en/user_management/Create a User Group for shared permissions.md b/docs/content/en/user_management/create_user_group.md similarity index 61% rename from docs/content/en/user_management/Create a User Group for shared permissions.md rename to docs/content/en/user_management/create_user_group.md index 45d2a0c73c1..827ae3461d9 100644 --- a/docs/content/en/user_management/Create a User Group for shared permissions.md +++ b/docs/content/en/user_management/create_user_group.md @@ -25,7 +25,7 @@ From the sidebar, navigate to 👤**Users \> Groups** to see a list of all activ -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079761/712571bc01294b06a69f4a75/MyDzT_XoLuguPYYu-jYuxHDf7urnjOypLok54WxCA88r1caHioJ_AjU6g0cp-XeoHXWVOSQdq2TlSc1J5H78RlccvDMyFv0paQAtHvabw6c5cnl3R8Y1sj3if2Ni0Q4a1DhCckGQEJ0uhCZSa-x-rYQ?expires=1729720800&signature=266260581e0d4dea599e0f18ee5a36005c4ea8acc2dcd882f80001d2752c5e70&req=fSImFs53modeFb4f3HP0gKKxkEmyAyXmnaNXsirSbxKVavgPKGJu2ESwFp86%0ApfI%3D%0A) +![image](images/Create_a_User_Group_for_shared_permissions.png) From here, you can create, delete or view your individual Group pages. @@ -37,12 +37,12 @@ From here, you can create, delete or view your individual Group pages. ​ -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079764/e30476ab659d14a4f8757289/2dNPkv1wOi5PKzWKBbWVvPTtaKfJVqDGYfpaF74xInRWSZqXC_b-TIElh4WAfrkAdpne7Iui1DbJh0_zEw4-FCAYyD9KSbKynTS82C_pCU1ygmAfWCn5OzJIuWNPjrq2tDHi6vmXrICShlKpLK5dXac?expires=1729720800&signature=e0878a84fe1fee82d3ba86986d0773bedb5ce7452830733df051888410677502&req=fSImFs53modbFb4f3HP0gGswuHXW7%2FYi8FztZDlHEplrynEg2twBM0Ox%2BfWb%0A5u4%3D%0A) +![image](images/Create_a_User_Group_for_shared_permissions_2.png) 2. Click the **🛠️button** next to the All Groups heading, and select **\+ New Group.** ​ -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079767/0ccb7d312491d6a541473120/rVrL3MqVwr5qbaaoRSXLbbkjCqUk8CaIoOrjsWz8D4jKQICS2FfubQrGG-bI9lVgck4I3d507JqxEyOTA5dLpBTwT1QLmZieJp4TLy4L4DrEuTJ_7BuCDEW7nSG5I0pfNnY1NHl4ApaX5Ln5VgMzfuk?expires=1729720800&signature=9875e736e82c53498d7c86ad3ab57906af97f64534b3f5db88529e6719ba35ff&req=fSImFs53modYFb4f3HP0gCD3rTq2mqi%2FFPfIxL%2Bxb1q9ZM%2BZers2Kue24YVe%0AMxg%3D%0A) +![image](images/Create_a_User_Group_for_shared_permissions_3.png) ​ 3. This will take you to a page where you can create a new Group. Set the Name for this Group, and add a Description if you wish. @@ -90,14 +90,14 @@ User Groups can have as many Users assigned as you wish. All Users in a Group wi ​ -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079770/9a9f19af98b041623f19a56c/oXOX7TJ8-K_WeDroI1ZVOj4tbuf0TMHq9wxpq3u26vx44ENod9yi34HSs4nUVEiBaUgJsCapAAXdvlqZrjvQX7P-kxnVJv6Epsny_XWtghfKGIlM3OQlnArBJaizVWVtr7RIin4T4u-YX2jPGtwm-q0?expires=1729720800&signature=70d578a3df150519a97f85be9ef2aac116c9ea8df0f0c0c9aab6792b4c9e2366&req=fSImFs53moZfFb4f3HP0gAFcZJqqJABM2WUm3gv7ScUito2Kkdq7ZBRtDsWu%0ADBY%3D%0A) +![image](images/Create_a_User_Group_for_shared_permissions_4.png) ​ 2. This will take you to the **Add Some Group Members** screen. Open the Users drop\-down menu, and then check off each user that you wish to add to the Group. ​ -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079773/777298e97a2172e654f1f77a/6a4nKNf2cr8VCeolc582OrMYTnVzWf9pOv6dTMN3t6-ZPjAJNBlPZ16E4Vq7hZlxsxoEo_MKtamMXpcYNtQynpOgMEMS9ahkMKkyHmaxQMoYiYyD4mUddoHumcgGo3b-VOFY1qy1WdMaZMuzOWS9GM0?expires=1729720800&signature=0851422a51c995da3cfd6c18b217df94ef6bb255a0d0e00d695c8806cd994a10&req=fSImFs53moZcFb4f3HP0gFTmp5bLFIVr9fnQY2PdDO3EX7f3pa1Xa2m3AmEE%0AyNI%3D%0A) +![image](images/Create_a_User_Group_for_shared_permissions_5.png) ​ 3. .Select the Group Role that you wish to assign these Users. This determines their ability to configure the Group. @@ -116,7 +116,7 @@ Note that adding a member to a Group will not allow them access to their own Gro **🗑️ Delete** removes a User's Membership altogether. It will not remove any contributions or changes the User has made to the Product or Product Type. -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079778/193ac17a68c21ef5229951f3/Ug7EpgZStTlGoOAWO6WEknzosB6acOsSgF04BsZvcXRc7JJizHPC2UyVtf6ypy8BPU_1DQfiGbFoqF3pnzgGl-AKJH4P2XNGoRqcd0Ly_sfDRgu52Oxt6hMsINrs0P1cPg7b5BDfoUcoxUGy6EW7E8U?expires=1729720800&signature=bc910b6a0fcadb8b8f2ebf49f8cec043d119a2a0700055815e2cd4b8d323b880&req=fSImFs53moZXFb4f3HP0gArlRtyu1xTrpSR6BsYwG8rs5B%2FrH2fgSSCmZdUw%0AGX0%3D%0A)## +![image](images/Create_a_User_Group_for_shared_permissions_6.png) # Managing a Group’s Permissions @@ -139,11 +139,11 @@ You can register as many Product Roles or Product Type Roles as you wish in each ​ -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079782/1351085e5eb5763357887942/9n3qx3_Sbq6cYiLPkmeQCg02PN2vtL9E0a9YdHMpd1Q-sOjPa5V8t1xbfYLuzGCIASxWjT0eeMNCkBrRJTjhmrMagtTokYMnTyaoPVj_xNYxDX5OETGG4YyCijX_fI8MbXVENbRyPpu9VIK4PaO1Sv0?expires=1729720800&signature=813980ed7ae28c03ca9e2e5a32278696b255cd55741a4aa05d9aae4ea36aa337&req=fSImFs53moldFb4f3HP0gGJyBYZ775rIcOsteH0gSFLF3MozOewQY7w3TZde%0AsKw%3D%0A) +![image](images/Create_a_User_Group_for_shared_permissions_7.png) 2. This will take you to a **Register New Products / Product Types** Page, where you can select a Product or Product Type to add from the drop\-down menu. -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079788/5ea383bf7e5731dfd17da056/WmQMy4lQB6sjZiK3cgtwd9mp2Oq9sddpAen_x29eS4PVe6SmMrNfu89Yhyb5I4NaYRpuEodCDS9G2yZ_5A5zRsj0xDzDx7-rsXTDebrJex07_Fx-6I0Nm8aXegeT9VEbseWsfM_Ze_Ph_fW_ugZB88M?expires=1729720800&signature=1af25adf0b17ac8381925baaa1bd605ef3be819c092e1110337637177bb4a978&req=fSImFs53molXFb4f3HP0gDHgkPXPNZKRkVqADhXUQTWPO0VU0XYsQtm3DUxZ%0AUUk%3D%0A) +![image](images/Create_a_User_Group_for_shared_permissions_8.png) 3. Select the Role that you want all Group members to have regarding this particular Product or Product Type. @@ -162,4 +162,4 @@ Assign View, Add, Edit or Delete roles from the menu in the bottom\-right hand c -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079793/a85168d32a80424848c5a6f3/2LqjWP6T3Qj0QLSbmz9lIGWHJgZkf0rSDTMMIzrQkL2P4KdJafWK3t9MZLNd65dU13W6xGOlWUwWgykBzOHedNpHRuBjgTYCvF_gbE8R7VKNfJ_dqLnk0HoNKJl5_qQ92kB-iRzIbfbCYpdSi8tbwH0?expires=1729720800&signature=30ecc0453d9d3ee1067ed11e2e9cda0f664080737fbea1d5fdc6646336a17c78&req=fSImFs53mohcFb4f3HP0gO8Rmd0izzZL7KQaS2qP%2FVU3oxhlqj5pKisfrFNQ%0AEtU%3D%0A) \ No newline at end of file +![image](images/Create_a_User_Group_for_shared_permissions_9.png) \ No newline at end of file diff --git a/docs/content/en/user_management/Set a User's Permissions.md b/docs/content/en/user_management/set_user_permissions.md similarity index 73% rename from docs/content/en/user_management/Set a User's Permissions.md rename to docs/content/en/user_management/set_user_permissions.md index bfc17d01cef..59246a896b7 100644 --- a/docs/content/en/user_management/Set a User's Permissions.md +++ b/docs/content/en/user_management/set_user_permissions.md @@ -3,12 +3,10 @@ title: "Set a User's Permissions" description: "How to grant Roles & Permissions to a user, as well as superuser status" --- -# Introduction to Permission Types - +## Introduction to Permission Types Individual users have four different kinds of permission that they can be assigned: - * Users can be assigned as **Members to Products or Product Types**. This allows them to view and interact with Data Types (Product Types, Products, Engagements, Tests and Findings) in DefectDojo depending on the role they are assigned on the specific Product. Users can have multiple Product or Product Type memberships, with different levels of access. ​ * Users can also have **Configuration Permissions** assigned, which allow them to access configuration pages in DefectDojo. Configuration Permissions are not related to Products or Product Types. @@ -19,146 +17,100 @@ Individual users have four different kinds of permission that they can be assign You can also create Groups if you want to assign Product Membership, Configuration Permissions or Global Roles to a group of users at the same time. If you have a large number of users in DefectDojo, such as a dedicated testing team for a particular Product, Groups may be a more helpful feature. - - -# Superusers \& Global Roles - +## Superusers \& Global Roles Part of your Role\-Based Access Control (RBAC) configuration may require you to create additional Superusers, or users with Global Roles. - * Superusers (Admins) have no limitations in the system. They can change all settings, manage users and have read / write access to all data. They can also change access rules for all users in DefectDojo. Superusers will also receive notifications for all system issues and alerts. * Users with Global Roles can view and interact with any Data Type (Product Types, Products, Engagements, Tests and Findings) in DefectDojo depending on their assigned Role. For more information about each Role and associated privileges, please refer to our Introduction to Roles article. * Users can also have specific Configuration Permissions assigned, allowing them to access certain DefectDojo configuration pages. Users have no Configuration Permissions by default. By default, the first account created on a new DefectDojo instance will have Superuser permissions. That user will be able to edit permissions for all subsequent DefectDojo users. Only an existing Superuser can add another superuser, or add a Global Role to a user. - - -## Add Superuser or Global Role status to an existing user - +### Add Superuser or Global Role status to an existing user 1. Navigate to the 👤 Users \> Users page on the sidebar. You will see a list of all registered accounts on DefectDojo, along with each account's Active status, Global Roles, and other relevant User data. ​ - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921088885/49c62c711a3c48cda2d0f46a/4tacIUafivFb_ju8ii4dvCF4qnCGT1ZUPLAFP2uHdkcO0nntMgLk4V2m6BO3Hd_aRjK_Ivx7HKEa_x3lFVTZJ2Sr-llUBnG4OIsJLppyFl7zzVEOFDlV69pPtNy4Qz8fslEt_ofwCWw9xeXipYcHxFQ?expires=1729720800&signature=e68d2f5001311dc6ed0709309f255315c8a98c54f7a907d6794db9069af0baae&req=fSImFsF2lYlaFb4f3HP0gBqwDj2FOqeiaXGhVvQWwTRLmeyM7l6AyrQ%2FJiOn%0AYUc%3D%0A) +![image](images/Set_a_User's_Permissions.png) ​ 2. Click the name of the account that you wish to give Superuser privileges to. This will bring you to their User Page. ​ 3. From the Default Information section of their User Page, open the ☰ menu and select Edit. ​ +![image](images/Set_a_User's_Permissions_2.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921088889/3e17242c961974a7123f628a/Q8IgH7ucjqbqGd2-b94pc-zQgSVHqW2Olj7m-jENbpaOZNZrOj9WkYiptya-zeMa3u-GXtunys7BBipAIxoSHtQoVhTTAelcNIvWiYC71lZsWxThEwUFecZF3TVyy4PmluxMkSBjPiHDvT-zjvYjHsw?expires=1729720800&signature=93c6b6dc04a176f903de40fecdf2b4042ee177d8f5eb20574eef3d7432b33892&req=fSImFsF2lYlWFb4f3HP0gNz3X5m3J2OGLTvs0YS0wl7%2BnHULfElrbz%2FcFDbF%0An3E%3D%0A) - -​ 4. From the Edit User page: ​ For Superuser Status, check off the ☑️Superuser Status box, located in the user's Default Information. ​ To assign a Global Role, select one from the dropdown Global Role menu at the bottom of the page. ​ - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921088893/dc5a8396e99a2d90e09bf5e9/Q8IgH7ucjqbqGd2-b94pc-zQgSVHqW2Olj7m-jENbpaOZNZrOj9WkYiptya-zeMa3u-GXtunys7BBipAIxoSHtQoVhTTAelcNIvWiYC71lZsWxThEwUFecZF3TVyy4PmluxMkSBjPiHDvT-zjvYjHsw?expires=1729720800&signature=22d9f11705570d018ab011b4b0cf3861e9d60e81a403f05b6c3385cddedc3df4&req=fSImFsF2lYhcFb4f3HP0gEHWxU%2Fw7IhY1p%2B8xccylok4xhfqgvF8k4tVqRb6%0AuKw%3D%0A) +![image](images/Set_a_User's_Permissions_3.png) ​ 5. Click Submit to accept these changes. - ​ - -# Product \& Product Type Membership +## Product \& Product Type Membership By default, any new account created on DefectDojo will not have permission to view any Product Level Data. They will need to be assigned membership to each Product they want to view and interact with. - * Product \& Product Type membership can only be configured by **Superusers, Maintainers or Owners**. * **Maintainers \& Owners** can only configure membership on Products / Product Types that they are already assigned to. * **Global Maintainers \& Owners** can configure membership on any Product or Product Type, as can **Superusers**. Users can have two kinds of membership simultaneously at the **Product** level: - * The Role conferred by their underlying Product Type membership, if applicable * Their Product\-specific Role, if one exists. If a user has already been added as a Product Type member, and does not require an additional level of permissions on a specific Product, there is no need to add them as a Product Member. - - -## Adding a new Member to a Product or Product Type - +### Adding a new Member to a Product or Product Type 1. Navigate to the Product or Product Type which you want to assign a user to. You can select the Product from the list under **Products \> All Products**. +![image](images/Set_a_User's_Permissions_4.png) - -![](https://downloads.intercomcdn.com/i/o/921087191/89e6c1560a6f12458bfd60ab/Untitled+drawing+%281%29.png?expires=1729720800&signature=96ecb577cdc13498af657fd587b0fa8092b851d1a4420bdb5bb92f0e1dfdba75&req=fSImFsF5nIheFb4f3HP0gH8G8wzNAN%2F5uhd6ytu1ZIqaHRpLkQ5g7uSKvc6n%0ARW4%3D%0A) 2. Locate the **Members** heading, click the **☰** menu, and select **\+ Add Users**. 3. This will take you to a page where you can **Register new Members**. Select a User from the dropdown Users menu. 4. Select the Role that you want that User to have on this Product or Product Type: **API Importer, Reader, Writer, Maintainer** or **Owner.** ​ - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921088898/911644c75e529f4f36408a33/3KQGHqXCpiCIntLoKJCTnJTIPDumnQ288VSGAirzzQLv0P4w4tGKzeBoupA9Y8g-e_9emazzpJ59sywnkkVpJk5DhmWHwhkQjvu76JhIw_gyvCIZBPKogIb_bI3wr-eZDApCEfvpL6UuPcO3q3sSBcQ?expires=1729720800&signature=3b6df84cb44e7e1d8b070d2e015bd374dc3bae4f56f5a56af3d283cd79ea480c&req=fSImFsF2lYhXFb4f3HP0gC3Dcl8NRYb791Gt2hJngopsfDqm3RlIMSPLOXJH%0AASg%3D%0A) - +![image](images/Set_a_User's_Permissions_5.png) Users cannot be assigned as Members on a Product or Product Type without also having a Role. If you're not sure which Role you want a new user to have, **Reader** is a good 'default' option. This will keep your Product state secure until you make your final decision about their Role. - - -## Edit Or Delete a Member from a Product or Product Type - +### Edit Or Delete a Member from a Product or Product Type Members can have their Role changed within a Product or Product Type. - Within the **Product** or **Product Type** page, navigate to the **Members** heading and click the **⋮** button next to the User who you want to Edit or Delete. +![image](images/Set_a_User's_Permissions_6.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921088901/4d9da1df5f52f9457422f991/vz995X6_fV0KC8i0mGZm6A3YYlTXBiJquoqXf4jUZ-ric3WqFj5IC9QmWsB5vAw6CLqPz8oxuMX9KFV2wlDi0W2UvOitNl-ID4hYEA5GUWN8pslt7n0gpdrmk9-Lg7cqlTjAN15y9Vc0tfpReatFiAc?expires=1729720800&signature=5a205bf6a5b9f12ff144cde08633a1e510494d71180932b03d7d8daed770e3d8&req=fSImFsF2lIFeFb4f3HP0gLeO3ql9vXX0terru04tP2SCmsisptfRp%2BPTjgid%0Ae%2BA%3D%0A) 📝 **Edit** will take you to the **Edit Member** screen, where you can change this user's **Role** (from **API Importer, Reader, Writer, Maintainer** or **Owner** to a different choice). - 🗑️ **Delete** removes a User's Membership altogether. It will not remove any contributions or changes the User has made to the Product or Product Type. - * If you can't Edit or Delete a user's Membership (the **⋮** is not visible) it's because they have this Membership conferred at a **Product Type** level. * A user can have two levels of membership within a Product \- one assigned at the **Product Type** level and another assigned at the **Product** level. - -## Adding an additional Product role to a user with a related Product Type role - +### Adding an additional Product role to a user with a related Product Type role If a User has a Product Type\-level Role, they will also be assigned Membership with this Role to every underlying Product within the category. However, if you want this User to have a special Role on a specific Product within that Product Type, you can give them an additional Role on the Product level. - 1. From the Product page, navigate to the **Members** heading, click the **☰** menu, and select **\+ Add Users** (as if you were adding a new User to the Product). 2. Select the User's name from the drop\-down menu, and select the Product Role you want that User to be assigned. - A Product Role will supersede a user’s standard Product Type Role or Global Role. For example, if a User has a Product Type Role of **Reader**, but is also assigned as an **Owner** on a Product nested under that Product Type, they will have additional **Owner** permissions added for that Product only. - - However, this does not work in reverse. If a User has a Product Type Role or Global Role of **Owner**, assigning them a **Reader** role on a particular Product will not take away their **Owner** permissions. **Roles cannot take away permissions granted to a User by other Roles, they can only add additional permissions.** - - -# Configuration Permissions - +## Configuration Permissions Many configuration dialogues and API endpoints can be enabled for users or groups of users, regardless of their superuser status. These Configuration Permissions allow regular users to access and contribute to parts of DefectDojo outside of their standard Product or Product Role assignment. - - Configuration Permissions are not related to a specific Product or Product Type \- users can have configuration permissions assigned without the need for other statuses or Product / Product Type Membership. ​ - - -## List of Configuration Permissions - +### List of Configuration Permissions * **Credential Manager:** Access to the ⚙️Configuration \> Credential Manager page * **Development Environments:** Manage the Engagements \> Environments list @@ -179,26 +131,21 @@ Configuration Permissions are not related to a specific Product or Product Type * **Tool Types:** Access the ⚙️Configuration \> Tool Types page * **Users:** Access the 👤Users \> Users page - -## Add Configuration Permissions to a User - +### Add Configuration Permissions to a User **Only Superusers can add Configuration Permissions to a User**. 1. Navigate to the 👤 Users \> Users page on the sidebar. You will see a list of all registered accounts on DefectDojo, along with each account's Active status, Global Roles, and other relevant User data. ​ - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921088906/449d16d74c2ddbf786af42c3/4tacIUafivFb_ju8ii4dvCF4qnCGT1ZUPLAFP2uHdkcO0nntMgLk4V2m6BO3Hd_aRjK_Ivx7HKEa_x3lFVTZJ2Sr-llUBnG4OIsJLppyFl7zzVEOFDlV69pPtNy4Qz8fslEt_ofwCWw9xeXipYcHxFQ?expires=1729720800&signature=f40bb9c5be475ca93773f4e967a62929ba8d6c1e74998ae4f3cf2b2ce60b9dfd&req=fSImFsF2lIFZFb4f3HP0gC9vVNNi8Mjqu8Pj33LrnUR7spDzj5S4DmrcT56Z%0A244%3D%0A) +![image](images/Set_a_User's_Permissions_7.png) -​ + 2. Click the name of the account that you wish to edit. ​ 3. Navigate to the Configuration Permissions List. This is located on the right\-hand side of the User Page. ​ 4. Select the User Configuration Permissions you wish to add. ​ - -For a detailed breakdown of User Configuration Permissions, please refer to our [Permission Chart](https://support.defectdojo.com/en/articles/8758189-user-access-roles-permissions-list#h_7258f7b1bd). +For a detailed breakdown of User Configuration Permissions, please refer to our [Permission Chart](https://docs.defectdojo.com/en/user_management/user-permission-charts/). diff --git a/docs/content/en/user_management/User Permission Charts.md b/docs/content/en/user_management/user_permission_chart.md similarity index 100% rename from docs/content/en/user_management/User Permission Charts.md rename to docs/content/en/user_management/user_permission_chart.md diff --git a/docs/content/en/working_with_findings/finding_deduplication/Enabling Deduplication within an Engagement.md b/docs/content/en/working_with_findings/finding_deduplication/Enabling Deduplication within an Engagement.md deleted file mode 100644 index c1198f983a6..00000000000 --- a/docs/content/en/working_with_findings/finding_deduplication/Enabling Deduplication within an Engagement.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: "Enabling Deduplication within an Engagement" -description: "" ---- - -Rather than Deduplicating across an entire Product, you can set a deduplication scope to be within a single Engagement exclusively. - - - -# Navigating to the Edit Engagement page - - - -* To enable Deduplication within a New Engagement, start with the **\+ New Engagement** option from the sidebar, which you can find by opening the **📥Engagements** sub\-menu. -​ - - -![](https://downloads.intercomcdn.com/i/o/1196253571/bcc773bae11e0974316d9669/AD_4nXciYtqXNeAAzCO_WbTM5mS7X0gyNp13Wj0MAs1bHrlE0_rdLWxDQVJhhRbit89miW_HDlHt7uj9OMLEzETEiAnoXUWQ84H5RzIWjiybriFkMIRrBxB3Ay0Xg3TCZV8bqSoockHPKM_7udgjdYgPBelwcT0?expires=1729720800&signature=7d44908ba9093dc59a62061480bd26b60d9609824c1e458f5ef32de3cadfd860&req=dSEuEMt7noRYWPMW1HO4zXFaqgGz7VtHBjy63Irk3DfPNitCTrREpnVC492Y%0AHTye%0A) - -​ -* To enable Deduplication within an existing Engagement: from the **All Engagements** page, select the **Edit Engagement** option from the **⋮** menu. -​ - - -![](https://downloads.intercomcdn.com/i/o/1196254637/7e441a6b39b65379e5d0258f/AD_4nXdOAfa7o32j4v3mFahzL_gjSykP7gvEAHGStpR7yw9YIyXbECukfQ3_DYU0zwuzUDBHmY5Y5yVq5LD_qtjYciLNVCH0h19XFSpunFSOPrA8TsNAwJr25J6Ik41MAcYDOeKbCYF0PMHgCvv5CztO7i8SbbZ1?expires=1729720800&signature=8d0d98729d1f0b7193fd386b137f7117569b912ffffce90ea218f6729f325c6d&req=dSEuEMt7mYdcXvMW1HO4zdhz%2FS3XYYEKT4KNIN5P6B3a9gWbvcLFnD1A4A2v%0A7pBZ%0A) -* You can also open this menu from a specific **Engagement Page** by clicking the ⚙️Gear icon in the top\-right hand corner. -​ - - -![](https://downloads.intercomcdn.com/i/o/1196254509/1b93ba5ddb5fb8a1fc906ece/AD_4nXcF0S-MTcABjEW4VheppDRqp0LTeIEiVr5rAaoon87pMQzzF9cZeK6ZRal_djcKgTTiVAe9QFSW7uq0WlWNix9ZjWIbKqtzEWsOoGYOeA8l2uquOvvBKUZkY2CtrcswclqhuR0teoun06e1jMf3yTQifptb?expires=1729720800&signature=1008cb3fb40ba04d33f9b7c35a6a450fa5b36a67c3cf22209bae9b686d4842b3&req=dSEuEMt7mYRfUPMW1HO4zXjnnOfTxm0gaugjxFbGD8K2XwiFzVsTeS%2Fx3BkJ%0AyjRC%0A) - - -# Completing the Edit Engagement form - - -1. Start by opening the **Optional Fields \+** menu at the bottom of the **Edit Engagement** form. -2. Click the ☐ **Deduplication Within This Engagement** box. -3. Submit the form. - -![](https://downloads.intercomcdn.com/i/o/1196254909/e83b69fc7648fcaa7d4375d6/AD_4nXdIwMiOxcYE3nJqTQoIE1ViuNm7uUj8tXrI4GD2X27vNHWrBftniw5rNxPCDrd-8zL6085kSR8SfAGF7bDyzvEJAOVZDb8at2h4VX2rTbwyhJEJQOdk4yrMApzIR3S69XcIdR59wZogYo7I3m4e1KezMYVw?expires=1729720800&signature=94609d56cd8ba25a82a3bc62254eb2bb66f445a8dada8357637768a12a8090c3&req=dSEuEMt7mYhfUPMW1HO4zQ4wI0%2BWyDKzeg0IWM1rEWvzJlRMDNqiyK2yUCDl%0A63pX%0A) \ No newline at end of file diff --git a/docs/content/en/working_with_findings/finding_deduplication/About Deduplication.md b/docs/content/en/working_with_findings/finding_deduplication/about_deduplication.md similarity index 100% rename from docs/content/en/working_with_findings/finding_deduplication/About Deduplication.md rename to docs/content/en/working_with_findings/finding_deduplication/about_deduplication.md diff --git a/docs/content/en/working_with_findings/finding_deduplication/Avoiding Duplicates: Reimport Recurring Tests.md b/docs/content/en/working_with_findings/finding_deduplication/avoiding_duplicates_via_reimport.md similarity index 91% rename from docs/content/en/working_with_findings/finding_deduplication/Avoiding Duplicates: Reimport Recurring Tests.md rename to docs/content/en/working_with_findings/finding_deduplication/avoiding_duplicates_via_reimport.md index 8b0ee61d3c0..4339cae8b7a 100644 --- a/docs/content/en/working_with_findings/finding_deduplication/Avoiding Duplicates: Reimport Recurring Tests.md +++ b/docs/content/en/working_with_findings/finding_deduplication/avoiding_duplicates_via_reimport.md @@ -84,7 +84,7 @@ This table shows each Import or Reimport as a single line with a **Timestamp**, -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1072559379/da50b8239d865c6f98fc63c1/AD_4nXejcQLbylSeEMEkwYFrpxjGC1qkw7DQWwEQDCGhE7XrZSOGd_kNkAQNxHReNuFG3HivbQW-r6_NhC799O-rm3O2v_tBeTLtuqKFOuCDPng1qvmhQNeFwZ-whwp6CzdaQVy3Vir6pR3Kln9CRxzX2u6dTZY?expires=1729720800&signature=d5205cc3ff455b2643173a38835faf8a06f5ec4cc7c57c646ec7e78fa62678e4&req=dSAgFMx7lIJYUPMW1HO4ze2b3g1yLkBVYYHceZ4nu9nWxFX94Pj8EZWhdT2l%0ATMnX%0A) +![image](images/Avoiding_Duplicates_Reimport_Recurring_Tests.png) ## Actions diff --git a/docs/content/en/working_with_findings/finding_deduplication/Delete Deduplicate Findings.md b/docs/content/en/working_with_findings/finding_deduplication/delete_deduplicates.md similarity index 100% rename from docs/content/en/working_with_findings/finding_deduplication/Delete Deduplicate Findings.md rename to docs/content/en/working_with_findings/finding_deduplication/delete_deduplicates.md diff --git a/docs/content/en/working_with_findings/finding_deduplication/enabling_deduplication_with_engagement.md b/docs/content/en/working_with_findings/finding_deduplication/enabling_deduplication_with_engagement.md new file mode 100644 index 00000000000..f7d2ac65984 --- /dev/null +++ b/docs/content/en/working_with_findings/finding_deduplication/enabling_deduplication_with_engagement.md @@ -0,0 +1,40 @@ +--- +title: "Enabling Deduplication within an Engagement" +description: "" +--- + +Rather than Deduplicating across an entire Product, you can set a deduplication scope to be within a single Engagement exclusively. + + + +# Navigating to the Edit Engagement page + + + +* To enable Deduplication within a New Engagement, start with the **\+ New Engagement** option from the sidebar, which you can find by opening the **📥Engagements** sub\-menu. +​ + + +![image](images/Enabling_Deduplication_within_an_Engagement.png) + +​ +* To enable Deduplication within an existing Engagement: from the **All Engagements** page, select the **Edit Engagement** option from the **⋮** menu. +​ + + +![image](images/Enabling_Deduplication_within_an_Engagement_2.png) +* You can also open this menu from a specific **Engagement Page** by clicking the ⚙️Gear icon in the top\-right hand corner. +​ + + +![image](images/Enabling_Deduplication_within_an_Engagement_3.png) + + +# Completing the Edit Engagement form + + +1. Start by opening the **Optional Fields \+** menu at the bottom of the **Edit Engagement** form. +2. Click the ☐ **Deduplication Within This Engagement** box. +3. Submit the form. + +![image](images/Enabling_Deduplication_within_an_Engagement_4.png) \ No newline at end of file diff --git a/docs/content/en/working_with_findings/finding_deduplication/Enabling Product-Level Deduplication.md b/docs/content/en/working_with_findings/finding_deduplication/enabling_product_deduplication.md similarity index 58% rename from docs/content/en/working_with_findings/finding_deduplication/Enabling Product-Level Deduplication.md rename to docs/content/en/working_with_findings/finding_deduplication/enabling_product_deduplication.md index a247b6435de..a9ea4204757 100644 --- a/docs/content/en/working_with_findings/finding_deduplication/Enabling Product-Level Deduplication.md +++ b/docs/content/en/working_with_findings/finding_deduplication/enabling_product_deduplication.md @@ -5,35 +5,22 @@ description: "How to enable Deduplication at the Product level" Deduplication can be implemented at either a Product level or at a more narrow Engagement level. This article describes the more common approach of deduplicating within a single Product. - 1. Start by navigating to the System Settings page. This is nested under **Settings \> Pro Settings \> ⚙️System Settings** on the sidebar. +![image](images/Enabling_Product-Level_Deduplication.png) - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1124595466/23510e2be09c57c31794ddbf/AD_4nXc_etHPxb2G3QGrOuEK3jNUcQevdHrW7fhe1DF-Oeom5oZFFdTmTmnM1tZpABw6ROzUbbu9DN9szFMKHCUxNWjqBOWKxk-AsYaVwpM4CPAAuKrMju_BqRLrl1vGIABLQaiXTEhVOSJOG5r71eSLuYMs1ZUQ?expires=1729720800&signature=15fe9ccd68bea2289aafaf51e2a0158bb8170f03cc21b6e2b5c8936eee5ba3f5&req=dSElEsx3mIVZX%2FMW1HO4zUxInD5pTrydt8XM8g5%2FosYwTdr%2FFJmlu8o7z1Ey%0AypWn%0A) 2. **Deduplication and Finding Settings** are at the top of the **System Settings** menu. ​ - - -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1124595482/5c6e4140b748d743380db52a/AD_4nXczFRPMaaBteblXtLfkioIjnUmaYz5Z2voT_wskuvTBDFBoqWV7F8Ncte1qYrgwhZ-TYhvFYTNbQoEjj_dgbpGfnvWt-nJ3Jxo046VxDAA1YmPcZRmJQwprmTWpkNNKAoROh_lUWEtZiehwJ-v-MU8mqNR9?expires=1729720800&signature=477386cba875c6d0eef54c5a9657ccd17320ac1f5355e6d5c2604a81049065a2&req=dSElEsx3mIVXW%2FMW1HO4zfS9u6vQjS6vS8fDvrkeJ6fkTP%2FTlmiDVWCQsro%2F%0Aqjfg%0A) +![image](images/Enabling_Product-Level_Deduplication_2.png) ## Enable Finding Deduplication - **Enable Finding Deduplication** will turn on the Deduplication Algorithm for all Findings. Deduplication will be triggered on all subsequent imports \- when this happens, DefectDojo will look at any Findings contained in the destination Product, and deduplicate as per your settings. - - ## Delete Deduplicate Findings - **Delete Deduplicate Findings**, combined with the **Maximum Duplicates** field allows DefectDojo to limit the amount of Duplicate Findings stored. When this field is enabled, DefectDojo will only keep a certain number of Duplicate Findings. - - Applying **Delete Deduplicate Findings** will begin a deletion process immediately. DefectDojo will look at each Finding with Duplicates recorded, and will delete old duplicate Findings until the Maximum Duplicate number has been reached. - - -For more information on how DefectDojo determines what to delete, see our guide to **[Deleting Deduplicate Findings](https://support.defectdojo.com/en/articles/9658110-delete-deduplicate-findings).** - +For more information on how DefectDojo determines what to delete, see our guide to **[Deleting Deduplicate Findings](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/delete-deduplicate-findings/).** diff --git a/docs/content/en/working_with_findings/Finding Status Definitions.md b/docs/content/en/working_with_findings/finding_status_deduplication.md similarity index 91% rename from docs/content/en/working_with_findings/Finding Status Definitions.md rename to docs/content/en/working_with_findings/finding_status_deduplication.md index 5a2ed6759df..9322c289658 100644 --- a/docs/content/en/working_with_findings/Finding Status Definitions.md +++ b/docs/content/en/working_with_findings/finding_status_deduplication.md @@ -79,7 +79,7 @@ When a Finding is Under Review, it needs to be reviewed by a team member. You ca -![](https://defectdojo-inc.intercom-attachments-7.com/i/o/985091935/822f376964d68879e7a4681b/QFGEwU-GN1KKusdUrgO79c-tO2xHoxGf_KJKGAly5-kbFqUgrZ4ucsbvdeoEU1KGqppGGIA-8A3gtLc76DOTwxb9QCdswOB9DDZQISGWbxdp97qnTnYjeXwQVRirdSWmFxhk3kDJxHhUs1w5z8vxaXA?expires=1729720800&signature=c8cee4ebaf9ec90f9865a4615ea2cafbb127a24c1e799570703b3fe5f0375a45&req=fSgiFsB%2FlIJaFb4f3HP0gJeA1SZaCA1dNNYzqvbz6cG3w4UWa9xdE2Lq7jiz%0Ap4k%3D%0A) +![image](images/Finding_Status_Definitions.png) ## **Risk Accepted** diff --git a/docs/content/en/working_with_findings/findings_workflows/Creating Findings Manually.md b/docs/content/en/working_with_findings/findings_workflows/Creating Findings Manually.md deleted file mode 100644 index 600fde6d096..00000000000 --- a/docs/content/en/working_with_findings/findings_workflows/Creating Findings Manually.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: "Creating Findings Manually" -description: "Track vulnerability information without using a scan tool" ---- - -Normally, most of the Findings in your environment will be imported from other security tools. If you wish, you can add manual Finding entries as well, if you have vulnerabilities or work you wish to manage that was not created from a scan tool. - - - -1. From the DefectDojo Sidebar, open the New Finding link by clicking **Manage \> Findings \> New Finding**. -​ - - -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204646258/e2fab38379d284ad5b2aebffa718/AD_4nXeSTWP8bHEisluYG3PatY0V1Bw34F5193ydejr8BNDLZCZFphUNmok3jYtHZB_6Pnnbq6-b0pVc0jp5ZNEGQ9tO9iUv2JmhE2AjDc5o_yV0zloiqpbObujzjTgR84uu7KpnrUJ-wSpG5C8fKEYkAYLR6PiQ?expires=1729720800&signature=3a90174da1ae920701127a961a7cefb9baa980425e1baeb872f64c0ed5972a9c&req=dSInEs96m4NaUfMW1HO4zZjmOGH99gF4kHGAj1PnTvbgHifpl4o%2BR8%2BvHpJ3%0AG7g9%0A) - -​ -2. This opens the **New Finding** form, which you can fill out with any relevant information surrounding your Finding. You will need to assign this Finding to a previously created Test in DefectDojo. - - -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204645582/e2bfe82da64a254f2b5cbece2f28/AD_4nXeUMvPiS6NmxgUGcQSYel14w-O6N0Fa9De1LEX8tPOZpV8u5Cdp2FWgF2FB9LV7uyZ1O_I9YQFSQEfhKonOHdXrSBfi64LsaxMYFnnmo61Qvq1cswTsN0GtCFgvsxQUkPBuvd_ozJDvirDxWk--pHPt174V?expires=1729720800&signature=7f520ae406bf2876462b2a5d2d18b1f18ba2f8b30b18810454c6aa7f212357d5&req=dSInEs96mIRXW%2FMW1HO4zSpdNgBXR0m7lIF0Qe0vTqPPflkCMa%2BVwfFOLuIo%0AXX0j%0A) \ No newline at end of file diff --git a/docs/content/en/working_with_findings/findings_workflows/Bulk Editing Findings.md b/docs/content/en/working_with_findings/findings_workflows/bulk_edit_findings.md similarity index 51% rename from docs/content/en/working_with_findings/findings_workflows/Bulk Editing Findings.md rename to docs/content/en/working_with_findings/findings_workflows/bulk_edit_findings.md index 52b8705b40c..164ed2df2c0 100644 --- a/docs/content/en/working_with_findings/findings_workflows/Bulk Editing Findings.md +++ b/docs/content/en/working_with_findings/findings_workflows/bulk_edit_findings.md @@ -23,7 +23,7 @@ Selecting one or more Findings in this way will open the (hidden) Bulk Edit menu * **Delete: delete the selected Findings. You will need to confirm this action in a new window.** -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204643191/7924c15fbd2501b5a5e4b8fe71e3/AD_4nXer6k5QNaqhZs1J_hL6iuSLPvb8rHb-MdkW0pXJMf-V8x0cup_i0D0lnLHR3njiPTbVksdPHlsZ_UBmRy0m1t0zojl-M9dmSCfM0vk4PEQoPijdUfiv2PtwIqeSdJGfq4rZzCFJkaqJRibweVmucx5CEbM?expires=1729720800&signature=a12f0f004827941909402f24c36cd3a561a40709b013fcb5a4107878c3d7a278&req=dSInEs96noBWWPMW1HO4zXtiW9%2FFHhjCVKf5fbU6dSDW8tlXaxh7cSUWPAyF%0Ac20A%0A) +![image](images/Bulk_Editing_Findings.png) ## Bulk Update Actions @@ -37,7 +37,7 @@ Through the Bulk Update Actions menu, you can apply the following changes to any * Apply **Tags** or **Notes** to all of the selected Findings. -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204643192/2e01da408c1c8577257f36a74b43/AD_4nXcKzDiYnBIXMeEADA94q5TOEsbekEvXcB1lGVpbf94uO-mhLTo8AFnNF-FPSVYQlt1lyLRZNvNKz1POM2355bhJf0LUnxvYHjiBiD03k0TX41ZomVMOBEDlFb1enxpUSD2nw_ZU8EepAfsh-aH4Moca7n8?expires=1729720800&signature=74e51fe72c571f3b082a7ecee8684a85926aee8f9008c7a1097657eb24893868&req=dSInEs96noBWW%2FMW1HO4zRJT2q6EAbAjOLg8OA%2FoX1CY5iBqsc4giZcOa9%2Fp%0ACy9Q%0A) +![image](images/Bulk_Editing_Findings_2.png) ## Risk Acceptance Actions @@ -45,7 +45,7 @@ Through the Bulk Update Actions menu, you can apply the following changes to any This page allows you to add a **Full Risk Acceptance** to the selected Findings. You can either create a new **Full Risk Acceptance** or add the Findings to one that already exists. -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204644667/a5f2736f84de2f0cd77b04a0f9d4/AD_4nXePV5J0MY919X4dR2UdUSgzKT7cW9LvybGRHUaX3w0b5RQM3ySJUxhELJNSfq9tagOPiGb8N1iq2V3q7kdJ5ymLIiP5HVGSm8exP3vy_ZffAtpKv6vST6cojD7hAh-9ZHmmZg-khe0GM6m9MRkhqs-2_dY?expires=1729720800&signature=837eb6067922019a34ea694f13a3543844c735c23045322de7e53875030e5f64&req=dSInEs96mYdZXvMW1HO4zT4P2n9ZNwcwoSpDvuwOAfL%2BgCUq1%2BgkyhJ5AoRn%0APDRp%0A) +![image](images/Bulk_Editing_Findings_3.png) ## Finding Group Actions @@ -57,7 +57,7 @@ However, Finding Groups can only be created within an individual **Test** \- Fin -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204644883/6c30db7dce1c5c83e52195dc4fbb/AD_4nXeJRkRhtYmQ2suWzq_HIXWloIzKee1SAZ55tHdfIyI0hPOwIRdouZJXynlg0jHqkANarx34TTulLyTGNCHmSzd6aXHj5XJQ7CZXi82RRgTFIaVtDIb8HNofipknoSinugyyBaciW6wBt2sfvqjgB-5v0t8C?expires=1729720800&signature=2db1f51df35195bfba6640bf1b57cf2a2eeb6f2acf3f4fcba6d59c7306bfa078&req=dSInEs96mYlXWvMW1HO4zU0com58eS0SDjBSIgJ8buJr5hH5unUcrKxIQk10%0AWsRi%0A) +![image](images/Bulk_Editing_Findings_4.png) ## Bulk Delete Findings @@ -66,5 +66,5 @@ You can also Delete selected Findings by clicking on the red **Delete** button. -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204643187/1f5a6460d056fa521fc6d72a31cc/AD_4nXd0HP5saZ5unMQT9Hyv53DvcecF-eZT-hT_a2XUvoYLdGJNL_gGK0k77YRi_Udcvo5cfDhCo95spM5AShUFEAyYUmXSiNvaA1KQbKhUNCdxlIlkH-hSGl2CfNNn5sCVWz8adjPT8fGvzsmXn3c8R5Fw6lwl?expires=1729720800&signature=6969cfebf6052fd687d388f69737ac0109322104d50d082b4591c10aed2ecf45&req=dSInEs96noBXXvMW1HO4zRM%2FyKneOnX09YRnkV%2BmXEPubkbUVrmV074qxpI7%0AX53%2B%0A) +![image](images/Bulk_Editing_Findings_5.png) diff --git a/docs/content/en/working_with_findings/findings_workflows/create_findings_manually.md b/docs/content/en/working_with_findings/findings_workflows/create_findings_manually.md new file mode 100644 index 00000000000..cf9917ff25b --- /dev/null +++ b/docs/content/en/working_with_findings/findings_workflows/create_findings_manually.md @@ -0,0 +1,20 @@ +--- +title: "Creating Findings Manually" +description: "Track vulnerability information without using a scan tool" +--- + +Normally, most of the Findings in your environment will be imported from other security tools. If you wish, you can add manual Finding entries as well, if you have vulnerabilities or work you wish to manage that was not created from a scan tool. + + + +1. From the DefectDojo Sidebar, open the New Finding link by clicking **Manage \> Findings \> New Finding**. +​ + + +![image](images/Creating_Findings_Manually.png) + +​ +2. This opens the **New Finding** form, which you can fill out with any relevant information surrounding your Finding. You will need to assign this Finding to a previously created Test in DefectDojo. + + +![image](images/Creating_Findings_Manually_2.png) \ No newline at end of file diff --git a/docs/content/en/working_with_findings/findings_workflows/Editing Findings.md b/docs/content/en/working_with_findings/findings_workflows/editing_findings.md similarity index 76% rename from docs/content/en/working_with_findings/findings_workflows/Editing Findings.md rename to docs/content/en/working_with_findings/findings_workflows/editing_findings.md index a954d195782..c708cde96e7 100644 --- a/docs/content/en/working_with_findings/findings_workflows/Editing Findings.md +++ b/docs/content/en/working_with_findings/findings_workflows/editing_findings.md @@ -14,13 +14,13 @@ You can update a Finding by opening the **⚙️ Gear** **Menu** in the top and -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204632847/caabbaa73e3ef1bad6d5afd0c0c3/AD_4nXc-cAVmWrNapE3BCbl21cYhzGEzqrV0o4zodyvkqLDjYjqvNrBM67_otDPrXN2vsMYkNLdcZFzvVqezCgTUrRmQIzgtNvb4cRTE9kdpc88bpV8oSXOvNcHywzO-huexpt4P6fxGgPEsSDO6zJk8N3z5ZWUo?expires=1729720800&signature=22b34d4835d8a263cf7a88501eed00e460d632f75e0053937123db9133e7a411&req=dSInEs99n4lbXvMW1HO4zfYhXR6UzORlNJ7u6J8QRDrXXi9HNu3VCLIi6oKU%0ApZLf%0A) +![image](images/Editing_Findings.png) This will open the **Edit Finding** form, where you can edit the metadata, change the Finding’s Status and add additional information. -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204632848/e42a82139f528b871c01165d9b4c/AD_4nXdFNE-8nMU2l4QB-XtB6-VIYSQQkBQV6ftDNSZVGQP8EMft5gsns2T-XW82aqa0qDFGvDe2lI6IBiz6doLZMQDQf3UhHROVy5IvrctL5CozTO2RbD_E_ucl75_dHk327Oh2Zi3Pw8wnkrtk_4iadpPdXlIP?expires=1729720800&signature=80692fc66497b589d53b91a22e47873bb3cc79201110a484add3a47969f5cff7&req=dSInEs99n4lbUfMW1HO4zbhYFPglAYUL38JRhBdLBlt3Yjr8W%2FF3HwChTLmN%0A5gmh%0A) +![image](images/Editing_Findings_2.png) ## Edit Finding Form: Fields diff --git a/docs/content/en/working_with_findings/findings_workflows/How-To: Manage Duplicate Findings.md b/docs/content/en/working_with_findings/findings_workflows/manage_duplicate_findings.md similarity index 88% rename from docs/content/en/working_with_findings/findings_workflows/How-To: Manage Duplicate Findings.md rename to docs/content/en/working_with_findings/findings_workflows/manage_duplicate_findings.md index 212d68b2b7f..a9b420387dc 100644 --- a/docs/content/en/working_with_findings/findings_workflows/How-To: Manage Duplicate Findings.md +++ b/docs/content/en/working_with_findings/findings_workflows/manage_duplicate_findings.md @@ -1,40 +1,25 @@ --- -title: "How-To: Manage Duplicate Findings" +title: "Manage Duplicate Findings" description: "How to discover and correct redundancies in your workflow - using Deduplication, Reimiport and other Smart features" --- One of DefectDojo’s strengths is that the data model can accommodate many different use\-cases and applications. You’ll likely change your approach as you master the software and discover ways to optimize your workflow. +By default, DefectDojo does not delete any duplicate Findings that are created. Each Finding is considered to be a separate instance of a vulnerability. So in this case, **Duplicate Findings** can be an indicator that a process change is required to your workflow. - -By default, DefectDojo does not delete any duplicate Findings that are created. Each Finding is considered to be a separate instance of a vulnerability. So in this case, **Duplicate Findings** can be an indicator that a process change is required to your workflow. - - - - -# Step 1: Clean up your excess Duplicates - +## Step 1: Clean up your excess Duplicates Fortunately, DefectDojo’s Deduplication settings allow you to mass\-delete duplicates once a certain threshold has been crossed. This feature makes the cleanup process easier. To learn more about this process, see our article on **Finding Deduplication** \<\-link will go here. - - -# Step 2: Evaluate your Engagements for redundancies - +## Step 2: Evaluate your Engagements for redundancies Once you’ve cleaned up your duplicate Findings, it’s a good practice to look at the Product which contained them to see if there’s a clear culprit. You might find that there are Engagements contained within which have a redundant context. - - -## Duplicate or Reused Engagements - +### Duplicate or Reused Engagements Engagements store one or more Tests for a particular testing context. That context is ultimately up to you to define for yourself, but if you see a few Engagements within your Product which should share the same context, consider combining them into a single engagement. ​ - - -## Questions to ask when defining Engagement context: - +### Questions to ask when defining Engagement context: * If I wanted to make a report on this work, would the Engagement contain all of the relevant information I need? * Are we proactively creating Engagements ahead of time or are they being created ‘ad\-hoc’ by my import process? @@ -42,34 +27,19 @@ Engagements store one or more Tests for a particular testing context. That conte * What section of the codebase is being worked on by tests: is each repository a separate context or could multiple repositories make up a shared context for testing? * Who are the stakeholders involved with the Productt, and how will I share results with them? - -# Step 3: Check for redundant Tests - +## Step 3: Check for redundant Tests If you discover that separate Tests have been created which capture the same testing context, this may be an indicator that these tests can be consolidated into a single Reimport. - - DefectDojo has two methods for importing test data to create Findings: **Import** and **Reimport**. Both of these methods are very similar, but the key difference between the two is that **Import** always creates a new Test, while **Reimport** can add new data to an existing Test. It’s also worth noting that **Reimport** does not create duplicate Findings within that Test. - - Each time you import new vulnerability reports into DefectDojo, those reports will be stored in a Test object. A Test object can be created by a user ahead of time to hold a future **Import**. If a user wants to import data without specifying a Test destination, a new Test will be created to store the incoming report. +Tests are flexible objects, and although they can only hold one *kind* of report, they can handle multiple instances of that same report through the **Reimport** method. To learn more about Reimport, see our **[article](https://docs.defectdojo.com/en/connecting_your_tools/import_scan_files/using_reimport/)** on this topic. - -Tests are flexible objects, and although they can only hold one *kind* of report, they can handle multiple instances of that same report through the **Reimport** method. To learn more about Reimport, see our **[article](https://support.defectdojo.com/en/articles/9424972-reimport-recurring-tests)** on this topic. - - - - -# When are Duplicate Findings acceptable? - +## When are Duplicate Findings acceptable? Duplicate Findings are not always indicative of a problem. There are many cases where keeping duplicates is the preferred approach. For example: - - * If your team uses and reports on Interactive Engagements. If you want to create a discrete report on a single Test specifically, you would want to know if there’s an occurrence of a Finding that was already uncovered earlier. * If you have Engagements which are contextually separated (for example, because they cover different repositories) you would want to be able to flag Findings which are occurring in both places. - diff --git a/docs/content/en/working_with_findings/Introduction to Findings.md b/docs/content/en/working_with_findings/intro_to_findings.md similarity index 88% rename from docs/content/en/working_with_findings/Introduction to Findings.md rename to docs/content/en/working_with_findings/intro_to_findings.md index 2b7d38b0f68..a716e7b3b79 100644 --- a/docs/content/en/working_with_findings/Introduction to Findings.md +++ b/docs/content/en/working_with_findings/intro_to_findings.md @@ -5,42 +5,27 @@ description: "The main workflow and vulnerability tracking system of DefectDojo" Findings are the main way that DefectDojo standardizes and guides the reporting and remediation process of your security tools. Regardless of whether a vulnerability was reported in SonarQube, Acunetix, or your team’s custom tool, Findings give you the ability to manage each vulnerability in the same way. - - - -# What are Findings? - +## What are Findings? Findings in DefectDojo are made up of the following components: - * The reported vulnerability data in question * The ‘status’ of the Finding, used to track remediation, risk acceptance or other decisions made around the vulnerability * Other metadata related to the Finding. For example, this could include the location of a Finding in your network, a tool’s suggestions for remediation, or links to an associated CWE or EPSS score. - In addition to storing the vulnerability data and providing a remediation framework, DefectDojo also enhances your Findings in the following ways: - - * Automatically adding related EPSS scores to a Finding to describe exploitability * Automatically translating a security tool’s severity metric into a Severity score for each Finding, which confers an SLA onto the Finding according to your Product’s SLA Configuration. - Overall, DefectDojo Findings are designed to work with the Product Hierarchy to standardize your efforts, and apply a consistent method to each Product. - - - -# A Finding Page - +## A Finding Page The Finding Page contains various components. Each will be populated by the Import process when the Finding is created. +![image](images/Introduction_to_Findings.png) - - -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204626420/d4b31aeb933a01a91c8f9fcbab53/AD_4nXeCuL73nA2NQtVBVqVJPKGjtd-RbuuqPn2CpxasGuOplzjTfVjR_VaOyfWqxaOueQOzf9OXNnCCWZttl6OGDA5jVtYhG3gT0kqAKXQw7m0MADYtJ8WocQ5FWHDys6UhIc54DdQtlwhRJqLqM06ApretgQ8b?expires=1729720800&signature=5fdaf3b96d90627f967590cbbcd16a974954e553b5fca4a45d8cdf70040b15e8&req=dSInEs98m4VdWfMW1HO4zR0l5%2BsqlD4BklyhzEusXAB9j0VOFPYkQ%2B7zhpyj%0ARB4q%0A) 1. **The Title of the Finding:** Usually this is a descriptive shorthand which identifies the vulnerability or issue detected. This section is also where user\-created Tags are displayed if they exist. ​ 2. **Finding Overview:** This section contains five separate pages of relevant information for the Finding: Description, Mitigation, Impact, References and Notes. These fields can be populated automatically based on the incoming vulnerability data, or they can be edited by a DefectDojo user to provide additional context. @@ -77,73 +62,48 @@ The Finding Page contains various components. Each will be populated by the Impo * **Found By:** This will list the scanner used to find this vulnerability. ​ -# Example Finding Workflows - +## Example Finding Workflows How you work with Findings in DefectDojo depends on your team’s responsibilities within your organization. Here are some examples of these processes, and how DefectDojo can help: - - -## Discover and Report vulnerabilities - +### Discover and Report vulnerabilities If you’re in charge of security reporting for many different contexts, software Products or teams, DefectDojo can report on those vulnerabilities uncovered. Using the Product Hierarchy, you can organize your Finding data into the appropriate context. For example: - * Each Product in DefectDojo can have a different SLA configuration, so that you can instantly flag Findings that are discovered in Production or other highly sensitive environments. * You can create a report directly from a **Product Type, Product, Engagement or Test** to ‘zoom in and out’ of your security context. **Tests** contain results from a single tool, **Engagements** can combine multiple Tests, **Products** can contain multiple Engagements, **Product Types** can contain multiple Products. -For more information on creating a Report, see our guides to **[Custom Reporting](https://support.defectdojo.com/en/collections/6542282-reports)**. - - - - -## Triage Vulnerabilities using Finding Status +For more information on creating a Report, see our guides to **[Custom Reporting](https://docs.defectdojo.com/en/pro_reports/using-the-report-builder/)**. +### Triage Vulnerabilities using Finding Status If your team needs to validate the Findings discovered, you can do so by manually applying the **Verified** status to Findings as you review them. You can also apply other statuses, such as: - * **False Positive:** A tool detected the threat, but the threat is not active in the environment. * **Out Of Scope:** Active, but irrelevant to the current testing effort. * **Risk Accepted:** Active, but determined not to be a priority to address until the Risk Acceptance expires. * **Under Review:** may or may not be Active \- your team is still investigating. * **Mitigated:** This issue has been resolved since the Finding was created. - If a tool reports a previously triaged Finding on a subsequent import, DefectDojo will remember the Finding’s previous status and update accordingly. Findings with **False Positive**, **Out Of Scope, Risk Accepted and Under Review** statuses will remain as they are, but any Finding that has been **Mitigated** will be **reactivated** to let you know that the Finding has returned to the Test environment. - - -## Ensure Team\-wide Consensus and Accountability with Risk Acceptances - +### Ensure Team\-wide Consensus and Accountability with Risk Acceptances Part of a security team’s responsibility is to collaborate with developers to prioritize and deprioritize security issue remediation. This is where Risk Acceptances come in. Adding a Risk Acceptance to a Finding allows you to: - * Store records and ‘artifact’ files on DefectDojo \- these could be emails from colleagues acknowledging the Risk Acceptance, meeting notes, or simply a written justification for accepting the risk from your own security team. * Add an expiration date to the Risk Acceptance, so that the vulnerability can be re\-examined after a given period of time. Any Appsec team member understands that issue mitigation can’t be prioritized exclusively by developer teams, so Risk Acceptances help you log those sensitive decisions when they are made. - - - -## Monitor current vulnerabilities using CWEs and EPSS scores - +### Monitor current vulnerabilities using CWEs and EPSS scores Sometimes, the exploitability and threat posed by a known vulnerability can change based on new data. To keep your work up to date, DefectDojo has partnered with First.org to maintain a database of the latest EPSS scores related to Findings. Any Findings in DefectDojo will be kept up to date automatically according to their EPSS, which is directly based on the CWE of the Finding. - - If a Finding’s EPSS score changes (i.e. the related Finding becomes more exploitable or less exploitable), the Severity of the Finding will adjust accordingly. - - - # Next Steps: - -* Learn how to add or adjust data on your Findings through the **[Edit Findings](https://support.defectdojo.com/en/articles/9958762-editing-findings)** menu. -* Learn how to update Findings in bulk using the **[Bulk Edit](https://support.defectdojo.com/en/articles/9958816-bulk-editing-findings)** menu. -* Learn how to apply **[Risk Acceptances](https://support.defectdojo.com/en/articles/9958767-risk-acceptances)** to Findings which create a record of sensitive decisions made surrounding risk\-accepted vulnerabilities. +* Learn how to add or adjust data on your Findings through the **[Edit Findings](https://docs.defectdojo.com/en/working_with_findings/findings_workflows/editing-findings/)** menu. +* Learn how to update Findings in bulk using the **[Bulk Edit](https://docs.defectdojo.com/en/working_with_findings/findings_workflows/bulk-editing-findings/)** menu. +* Learn how to apply **[Risk Acceptances](https://docs.defectdojo.com/en/working_with_findings/risk-acceptances/)** to Findings which create a record of sensitive decisions made surrounding risk\-accepted vulnerabilities. diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/Product Health Grade.md b/docs/content/en/working_with_findings/organizing_engagements_tests/product_health_grade.md similarity index 100% rename from docs/content/en/working_with_findings/organizing_engagements_tests/Product Health Grade.md rename to docs/content/en/working_with_findings/organizing_engagements_tests/product_health_grade.md diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/Product Hierarchy: Overview.md b/docs/content/en/working_with_findings/organizing_engagements_tests/product_hierarchy.md similarity index 93% rename from docs/content/en/working_with_findings/organizing_engagements_tests/Product Hierarchy: Overview.md rename to docs/content/en/working_with_findings/organizing_engagements_tests/product_hierarchy.md index ba5011d71e8..f14068f135a 100644 --- a/docs/content/en/working_with_findings/organizing_engagements_tests/Product Hierarchy: Overview.md +++ b/docs/content/en/working_with_findings/organizing_engagements_tests/product_hierarchy.md @@ -22,7 +22,7 @@ The first category of data you'll need to set up in DefectDojo is a Product Type * by development team * by security team -![](https://downloads.intercomcdn.com/i/o/886742892/642722b973c01c39a0aa533e/Product+Type+Hierarchy.png?expires=1729720800&signature=f416d0eee2d29e5a926c9f7287579efffb74ccf55aeecb8bf9b3884cd1572801&req=fCghEc18lYhdFb4f3HP0gMX0MoIxq3p7ta8SylkRlAboMhPkbdVx3E69%2Fny%2B%0Ai3A%3D%0A) +![image](images/Product_Hierarchy_Overview.png) Product Types can have Role\-Based Access Control rules applied, which limit team members' ability to view and interact with their data (including any underlying Products with Engagement, Test and Finding data). For more information on user roles, see our **Introduction To Roles** article. @@ -46,7 +46,7 @@ A **Product** in DefectDojo is intended to represent any project, program, or pr -![](https://downloads.intercomcdn.com/i/o/886743202/725d5bedab67b7fa1f6b6ed4/Product+Hierarchy+%282%29.png?expires=1729720800&signature=ba717a51a34144947926a7cc2c0ec99034e93fd5def26a17e05f1f162c8c0599&req=fCghEc19n4FdFb4f3HP0gKcjfuSKAo3raoDOoFM14rwusH%2BZxfDNYtoJF2%2BC%0AYBE%3D%0A)Products always have: +![image](images/Product_Hierarchy_Overview_2.png) * a unique **Name** diff --git a/docs/content/en/working_with_findings/Risk Acceptances.md b/docs/content/en/working_with_findings/risk_acceptances.md similarity index 69% rename from docs/content/en/working_with_findings/Risk Acceptances.md rename to docs/content/en/working_with_findings/risk_acceptances.md index c7d461b9d39..b82321af917 100644 --- a/docs/content/en/working_with_findings/Risk Acceptances.md +++ b/docs/content/en/working_with_findings/risk_acceptances.md @@ -47,17 +47,17 @@ Risk Acceptances can be added to a Finding in two ways: * Using the **Bulk Edit** menu, when looking at a list of Findings * Using the **Add Risk Acceptance** button on an individual Finding -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204636819/b9dd073262332f1944c0cfacfd2a/AD_4nXfy5v0NTmT2-wzbXdnxwNZtiYLk18QuyFJM0t6uhv_8RToYIsjB0d9jKIKeYoVF2jEIL_XSnYVgGsnMP2D5EdkyuJg0ilLdjR--1QhI_l81yP8yPmmlpO4UkUlANShbUsvOT6VqSFD5jNKPAqenonX7GnSM?expires=1729720800&signature=1115c41a7aa8dec8ac1854137467fcba167b85c3b479cdd97a625b19a75ab611&req=dSInEs99m4leUPMW1HO4zeaRgo0pTnme8fBYAl4WbyXDzvLafNSr2o%2BGMLsB%0AcNM2%0A)## +![image](images/Risk_Acceptances.png) -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204636820/11762eeeaf483c78d521d7446ca1/AD_4nXe9Mit2Y220ayEJR0rbzABrWY24WQ1LUfZJCZgBsM_0V24ZMJcWGr6U6REZYP2PMGmSuN0Dk60kT_2LSDkG9Jo2XC3t_uumxIOFlWJ7Qg4f7clfC1S_DZWvy811Gzrj4dTm1WJzR1Z7XIkVBgZn5jXrjTt1?expires=1729720800&signature=1cf2c1b627251a1063864290fc3e005c24c43ac5caddc7721ae5e2a5e9270fd7&req=dSInEs99m4ldWfMW1HO4zRkGaztiDiOJcg%2Bp%2FR3%2FI2bFU4DBwLfqHSfAvvJw%0ACeTp%0A) +![image](images/Risk_Acceptances_2.png) To create a New Risk Acceptance, complete the Add to New Risk Acceptance form on a Finding you wish to Risk Accept. # -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204636818/9419eeece88da46563d490017da3/AD_4nXcEwS6HnTQUszfs2jHj7pEXXZnDqskbX2sVw-pWhBfvuuzr5fowhUuz53rMWLbkLJCEg0jMSA-41MIgLXoksJEDHswtmkX5gExVwSmYme6KqR4Y4Pav-vWPz47vJ6fVvj1v7ZE4VqEEieLQNkuIVYVevMI?expires=1729720800&signature=3a873d6c6f98ce933165f4225de1333a537f3c67f38936f57a7328af1d7262a3&req=dSInEs99m4leUfMW1HO4zWGsfrz%2FC8qjBdsvsU%2BkGkqvMVSR%2FYsJZwwE%2FuT0%0AoDt6%0A)1. Create a **Name** for the Risk Acceptance. +![image](images/Risk_Acceptances_3.png) 2. Select the **Owner** of the Risk Acceptance \- this is generally meant to be the DefectDojo team member responsible for the decision to Risk Accept the Finding 3. Complete the **Optional Fields** with any relevant information. If you want to set an Expiration Date or a Warning for that Expiration Date, you can do so here as well. If you don’t specify a date, the Default Risk Acceptance / Default Risk Acceptance Expiration days will be used from the **System Settings** page. 4. Select whether you want to **Reactivate** or **Restart SLAs** on any associated Findings once the Risk Acceptance expires. @@ -89,4 +89,4 @@ The sidebar in DefectDojo allows you to quickly find any Risk Accepted Findings -![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204640131/447a5095df2fb468d8fbe43d4a1d/Screenshot+2024-10-04+at+2_23_38%E2%80%AFPM.png?expires=1729720800&signature=127f9a6b5dd30515098838117a5fbe61b2464fadfa93d6f630c9fd8c39b48ca9&req=dSInEs96nYBcWPMW1HO4zT2bUZxwU%2FbqrPBD4qx8knM3HZEXsp9ooOlsDdne%0A5t8q%0A) +![image](images/Risk_Acceptances_4.png) diff --git a/docs/layouts/partials/head/script-header.html b/docs/layouts/partials/head/script-header.html index aba98029eb2..76b5fa4ffc5 100644 --- a/docs/layouts/partials/head/script-header.html +++ b/docs/layouts/partials/head/script-header.html @@ -1 +1,6 @@ + + + \ No newline at end of file diff --git a/docs/package-lock.json b/docs/package-lock.json index 8098ed3fdea..31ec2d4d704 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -2394,9 +2394,9 @@ } }, "node_modules/@tabler/icons": { - "version": "3.23.0", - "resolved": "https://registry.npmjs.org/@tabler/icons/-/icons-3.23.0.tgz", - "integrity": "sha512-Cz+X58jfRm0g/KcupXXuPw5knj671lNR054AnmLXvCjudiQBWI0wZulDDSsqDoGezvBzMTNPQtNcjLkZs82ZxQ==", + "version": "3.26.0", + "resolved": "https://registry.npmjs.org/@tabler/icons/-/icons-3.26.0.tgz", + "integrity": "sha512-oO3D4ss+DxzxqU1aDy0f1HmToyrO0gcQWIMpzHAfV1quPUx0BZYvNm5xz1DQb4DxNm/+xNvbBGLJy4pzTLYWag==", "license": "MIT", "funding": { "type": "github", @@ -3986,9 +3986,9 @@ "license": "MIT" }, "node_modules/prettier": { - "version": "3.4.1", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.1.tgz", - "integrity": "sha512-G+YdqtITVZmOJje6QkXQWzl3fSfMxFwm1tjTyo9exhkmWSqC4Yhd1+lug++IlR2mvRVAxEDDWYkQdeSztajqgg==", + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.2.tgz", + "integrity": "sha512-e9MewbtFo+Fevyuxn/4rrcDAaq0IYxPGLvObpQjiZBMAzB9IGmzlnG9RZy3FFas+eBMu2vA0CszMeduow5dIuQ==", "dev": true, "license": "MIT", "bin": { @@ -4700,9 +4700,9 @@ "license": "MIT" }, "node_modules/vite": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.2.tgz", - "integrity": "sha512-XdQ+VsY2tJpBsKGs0wf3U/+azx8BBpYRHFAyKm5VeEZNOJZRB63q7Sc8Iup3k0TrN3KO6QgyzFf+opSbfY1y0g==", + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.3.tgz", + "integrity": "sha512-Cmuo5P0ENTN6HxLSo6IHsjCLn/81Vgrp81oaiFFMRa8gGDj5xEjIcEpf2ZymZtZR8oU0P2JX5WuUp/rlXcHkAw==", "dev": true, "license": "MIT", "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index dd5ac976262..033e2fc2894 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.41.0" +__version__ = "2.42.0-dev" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py index cdc951fdb8e..5cdc2db4d88 100644 --- a/dojo/api_v2/serializers.py +++ b/dojo/api_v2/serializers.py @@ -1324,6 +1324,11 @@ def validate(self, data): msg = "Either engagement or finding or finding_group has to be set." raise serializers.ValidationError(msg) + if finding: + if (linked_finding := jira_helper.jira_already_linked(finding, data.get("jira_key"), data.get("jira_id"))) is not None: + msg = "JIRA issue " + data.get("jira_key") + " already linked to " + reverse("view_finding", args=(linked_finding.id,)) + raise serializers.ValidationError(msg) + return data diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py index 9676983684d..384fc91c973 100644 --- a/dojo/api_v2/views.py +++ b/dojo/api_v2/views.py @@ -503,6 +503,10 @@ def notes(self, request, pk=None): new_note.errors, status=status.HTTP_400_BAD_REQUEST, ) + notes = engagement.notes.filter(note_type=note_type).first() + if notes and note_type and note_type.is_single: + return Response("Only one instance of this note_type allowed on an engagement.", status=status.HTTP_400_BAD_REQUEST) + author = request.user note = Notes( entry=entry, @@ -1078,6 +1082,11 @@ def notes(self, request, pk=None): new_note.errors, status=status.HTTP_400_BAD_REQUEST, ) + if finding.notes: + notes = finding.notes.filter(note_type=note_type).first() + if notes and note_type and note_type.is_single: + return Response("Only one instance of this note_type allowed on a finding.", status=status.HTTP_400_BAD_REQUEST) + author = request.user note = Notes( entry=entry, @@ -2131,6 +2140,10 @@ def notes(self, request, pk=None): new_note.errors, status=status.HTTP_400_BAD_REQUEST, ) + notes = test.notes.filter(note_type=note_type).first() + if notes and note_type and note_type.is_single: + return Response("Only one instance of this note_type allowed on a test.", status=status.HTTP_400_BAD_REQUEST) + author = request.user note = Notes( entry=entry, diff --git a/dojo/benchmark/views.py b/dojo/benchmark/views.py index 0d0c7174b96..611c690945d 100644 --- a/dojo/benchmark/views.py +++ b/dojo/benchmark/views.py @@ -1,4 +1,3 @@ -import contextlib import logging from crum import get_current_user @@ -37,9 +36,7 @@ def add_benchmark(queryset, product): benchmark_product.product = product benchmark_product.control = requirement requirements.append(benchmark_product) - - with contextlib.suppress(Exception): - Benchmark_Product.objects.bulk_create(requirements) + Benchmark_Product.objects.bulk_create(requirements) @user_is_authorized(Product, Permissions.Benchmark_Edit, "pid") diff --git a/dojo/cred/views.py b/dojo/cred/views.py index f8f7756e340..e79dc6c6b16 100644 --- a/dojo/cred/views.py +++ b/dojo/cred/views.py @@ -1,4 +1,3 @@ -import contextlib import logging from django.contrib import messages @@ -585,9 +584,7 @@ def new_cred_finding(request, fid): @user_is_authorized(Cred_User, Permissions.Credential_Delete, "ttid") def delete_cred_controller(request, destination_url, id, ttid): - cred = None - with contextlib.suppress(Exception): - cred = Cred_Mapping.objects.get(pk=ttid) + cred = Cred_Mapping.objects.filter(pk=ttid).first() if request.method == "POST": tform = CredMappingForm(request.POST, instance=cred) message = "" diff --git a/dojo/endpoint/utils.py b/dojo/endpoint/utils.py index 0d584ff6c6c..f5f01ee4e30 100644 --- a/dojo/endpoint/utils.py +++ b/dojo/endpoint/utils.py @@ -208,8 +208,8 @@ def err_log(message, html_log, endpoint_html_log, endpoint): to_be_deleted.update(ep_ids[1:]) if change: message = "Merging Endpoints {} into '{}'".format( - [f"{str(x)} (id={x.pk})" for x in ep[1:]], - f"{str(ep[0])} (id={ep[0].pk})") + [f"{x} (id={x.pk})" for x in ep[1:]], + f"{ep[0]} (id={ep[0].pk})") html_log.append(message) logger.info(message) Endpoint_Status_model.objects\ diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py index f7807e9b5ad..bf85092a129 100644 --- a/dojo/endpoint/views.py +++ b/dojo/endpoint/views.py @@ -503,7 +503,7 @@ def import_endpoint_meta(request, pid): endpoint_meta_import(file, product, create_endpoints, create_tags, create_dojo_meta, origin="UI", request=request) except Exception as e: logger.exception(e) - add_error_message_to_response(f"An exception error occurred during the report import:{str(e)}") + add_error_message_to_response(f"An exception error occurred during the report import:{e}") return HttpResponseRedirect(reverse("endpoint") + "?product=" + pid) add_breadcrumb(title="Endpoint Meta Importer", top_level=False, request=request) diff --git a/dojo/filters.py b/dojo/filters.py index a2c40685cd6..6a1228865b1 100644 --- a/dojo/filters.py +++ b/dojo/filters.py @@ -235,6 +235,35 @@ def filter(self, qs, value): return self.options[value][1](self, qs, self.field_name) +class FindingHasJIRAFilter(ChoiceFilter): + def no_jira(self, qs, name): + return qs.filter(Q(jira_issue=None) & Q(finding_group__jira_issue=None)) + + def any_jira(self, qs, name): + return qs.filter(~Q(jira_issue=None) | ~Q(finding_group__jira_issue=None)) + + def all_items(self, qs, name): + return qs + + options = { + 0: (_("Yes"), any_jira), + 1: (_("No"), no_jira), + } + + def __init__(self, *args, **kwargs): + kwargs["choices"] = [ + (key, value[0]) for key, value in six.iteritems(self.options)] + super().__init__(*args, **kwargs) + + def filter(self, qs, value): + try: + value = int(value) + except (ValueError, TypeError): + return self.all_items(qs, self.field_name) + + return self.options[value][1](self, qs, self.field_name) + + class ProductSLAFilter(ChoiceFilter): def any(self, qs, name): return qs @@ -1576,6 +1605,7 @@ class FindingFilterHelper(FilterSet): test_import_finding_action__test_import = NumberFilter(widget=HiddenInput()) endpoints = NumberFilter(widget=HiddenInput()) status = FindingStatusFilter(label="Status") + has_component = BooleanFilter( field_name="component_name", lookup_expr="isnull", @@ -1610,6 +1640,7 @@ class FindingFilterHelper(FilterSet): lookup_expr="isnull", exclude=True, label="Has Group JIRA") + has_any_jira = FindingHasJIRAFilter(label="Has Any JIRA") outside_of_sla = FindingSLAFilter(label="Outside of SLA") has_tags = BooleanFilter(field_name="tags", lookup_expr="isnull", exclude=True, label="Has tags") diff --git a/dojo/finding/helper.py b/dojo/finding/helper.py index 4c1281d6653..66badd594dc 100644 --- a/dojo/finding/helper.py +++ b/dojo/finding/helper.py @@ -4,6 +4,7 @@ from django.conf import settings from django.db.models.query_utils import Q from django.db.models.signals import post_delete, pre_delete +from django.db.utils import IntegrityError from django.dispatch.dispatcher import receiver from django.utils import timezone from fieldsignals import pre_save_changed @@ -164,21 +165,22 @@ def create_finding_group(finds, finding_group_name): finding_group = Finding_Group(test=finds[0].test) finding_group.creator = get_current_user() - finding_group.name = finding_group_name + finding_group_name_dummy - finding_group.save() - available_findings = [find for find in finds if not find.finding_group_set.all()] - finding_group.findings.set(available_findings) - # if user provided a name, we use that, else: - # if we have components, we may set a nice name but catch 'name already exist' exceptions + if finding_group_name: + finding_group.name = finding_group_name + elif finding_group.components: + finding_group.name = finding_group.components try: - if finding_group_name: - finding_group.name = finding_group_name - elif finding_group.components: - finding_group.name = finding_group.components finding_group.save() - except: - pass + except IntegrityError as ie: + if "already exists" in str(ie): + finding_group.name = finding_group_name + finding_group_name_dummy + finding_group.save() + else: + raise + + available_findings = [find for find in finds if not find.finding_group_set.all()] + finding_group.findings.set(available_findings) added = len(available_findings) skipped = len(finds) - added diff --git a/dojo/finding/views.py b/dojo/finding/views.py index a5d6824329c..ec25352a903 100644 --- a/dojo/finding/views.py +++ b/dojo/finding/views.py @@ -1696,7 +1696,7 @@ def request_finding_review(request, fid): jira_helper.push_to_jira(finding.finding_group) reviewers = Dojo_User.objects.filter(id__in=form.cleaned_data["reviewers"]) - reviewers_string = ", ".join([str(user) for user in reviewers]) + reviewers_string = ", ".join([f"{user} ({user.id})" for user in reviewers]) reviewers_usernames = [user.username for user in reviewers] logger.debug(f"Asking {reviewers_string} for review") @@ -1708,7 +1708,7 @@ def request_finding_review(request, fid): finding=finding, reviewers=reviewers, recipients=reviewers_usernames, - description=f'User {user.get_full_name()} has requested that user(s) {reviewers_string} review the finding "{finding.title}" for accuracy:\n\n{new_note}', + description=f'User {user.get_full_name()}({user.id}) has requested that user(s) {reviewers_string} review the finding "{finding.title}" for accuracy:\n\n{new_note}', icon="check", url=reverse("view_finding", args=(finding.id,)), ) @@ -3010,7 +3010,7 @@ def finding_bulk_update_all(request, pid=None): success_count += 1 for error_message, error_count in error_counts.items(): - add_error_message_to_response("{error_count} finding groups could not be pushed to JIRA: {error_message}") + add_error_message_to_response(f"{error_count} finding groups could not be pushed to JIRA: {error_message}") if success_count > 0: add_success_message_to_response(f"{success_count} finding groups pushed to JIRA successfully") diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index f10ea69916e..308331987a9 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -1428,6 +1428,13 @@ def add_simple_jira_comment(jira_instance, jira_issue, comment): return False +def jira_already_linked(finding, jira_issue_key, jira_id) -> Finding | None: + jira_issues = JIRA_Issue.objects.filter(jira_id=jira_id, jira_key=jira_issue_key).exclude(engagement__isnull=False) + jira_issues = jira_issues.exclude(finding=finding) + + return jira_issues.first() + + def finding_link_jira(request, finding, new_jira_issue_key): logger.debug("linking existing jira issue %s for finding %i", new_jira_issue_key, finding.id) diff --git a/dojo/jira_link/views.py b/dojo/jira_link/views.py index 84d33e6ffdd..372b48fbfbe 100644 --- a/dojo/jira_link/views.py +++ b/dojo/jira_link/views.py @@ -552,7 +552,7 @@ def post(self, request, tid=None): url=request.build_absolute_uri(reverse("jira"))) return HttpResponseRedirect(reverse("jira")) except Exception as e: - add_error_message_to_response(f"Unable to delete JIRA Instance, probably because it is used by JIRA Issues: {str(e)}") + add_error_message_to_response(f"Unable to delete JIRA Instance, probably because it is used by JIRA Issues: {e}") rels = ["Previewing the relationships has been disabled.", ""] display_preview = get_setting("DELETE_PREVIEW") diff --git a/dojo/management/commands/rename_mend_findings.py b/dojo/management/commands/rename_mend_findings.py index 1620e5ce93b..f99f35a8027 100644 --- a/dojo/management/commands/rename_mend_findings.py +++ b/dojo/management/commands/rename_mend_findings.py @@ -33,8 +33,8 @@ def rename_mend_finding(): logger.info("######## Updating Hashcodes - deduplication is done in the background upon finding save ########") for finding in findings: logger.info("Updating Mend Finding with id: %d", finding.id) - lib_name_begin = re.search("\\*\\*Library Filename\\*\\* : ", finding.description).span(0)[1] - lib_name_end = re.search("\\*\\*Library Description\\*\\*", finding.description).span(0)[0] + lib_name_begin = re.search(r"\*\*Library Filename\*\* : ", finding.description).span(0)[1] + lib_name_end = re.search(r"\*\*Library Description\*\*", finding.description).span(0)[0] lib_name = finding.description[lib_name_begin:lib_name_end - 1] if finding.cve is None: finding.title = "CVE-None | " + lib_name diff --git a/dojo/middleware.py b/dojo/middleware.py index 9fcb8a51dbc..239a2d92f4b 100644 --- a/dojo/middleware.py +++ b/dojo/middleware.py @@ -1,5 +1,6 @@ import logging import re +from contextlib import suppress from threading import local from urllib.parse import quote @@ -56,13 +57,10 @@ def __call__(self, request): if request.user.is_authenticated: logger.debug("Authenticated user: %s", str(request.user)) - try: + with suppress(ModuleNotFoundError): # to avoid unittests to fail uwsgi = __import__("uwsgi", globals(), locals(), ["set_logvar"], 0) # this populates dd_user log var, so can appear in the uwsgi logs uwsgi.set_logvar("dd_user", str(request.user)) - except: - # to avoid unittests to fail - pass path = request.path_info.lstrip("/") from dojo.models import Dojo_User if Dojo_User.force_password_reset(request.user) and path != "change_password": diff --git a/dojo/models.py b/dojo/models.py index fe48896daa6..99074a9cf3b 100644 --- a/dojo/models.py +++ b/dojo/models.py @@ -1619,7 +1619,7 @@ class Meta: ] def __str__(self): - return f"'{str(self.finding)}' on '{str(self.endpoint)}'" + return f"'{self.finding}' on '{self.endpoint}'" def copy(self, finding=None): copy = self diff --git a/dojo/pipeline.py b/dojo/pipeline.py index befabc0e836..91dc1500089 100644 --- a/dojo/pipeline.py +++ b/dojo/pipeline.py @@ -107,7 +107,7 @@ def update_azure_groups(backend, uid, user=None, social=None, *args, **kwargs): def is_group_id(group): - return bool(re.search("^[a-zA-Z0-9]{8,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{12,}$", group)) + return bool(re.search(r"^[a-zA-Z0-9]{8,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{12,}$", group)) def assign_user_to_groups(user, group_names, social_provider): diff --git a/dojo/product/helpers.py b/dojo/product/helpers.py index 13c512c9c90..d8285cfb92b 100644 --- a/dojo/product/helpers.py +++ b/dojo/product/helpers.py @@ -54,5 +54,5 @@ def propagate_tags_on_product_sync(product): def propagate_tags_on_object_list(object_list): for obj in object_list: if obj and obj.id is not None: - logger.debug(f"\tPropagating tags to {str(type(obj))} - {str(obj)}") + logger.debug(f"\tPropagating tags to {type(obj)} - {obj}") obj.save() diff --git a/dojo/product/views.py b/dojo/product/views.py index 8c20b50627a..654169363dc 100644 --- a/dojo/product/views.py +++ b/dojo/product/views.py @@ -1,7 +1,6 @@ # # product import base64 import calendar as tcalendar -import contextlib import logging from collections import OrderedDict from datetime import date, datetime, timedelta @@ -958,8 +957,7 @@ def edit_product(request, pid): if get_system_setting("enable_github") and github_inst: gform = GITHUB_Product_Form(request.POST, instance=github_inst) - # need to handle delete - with contextlib.suppress(Exception): + if gform.is_valid(): gform.save() elif get_system_setting("enable_github"): gform = GITHUB_Product_Form(request.POST) diff --git a/dojo/product_type/views.py b/dojo/product_type/views.py index 8d731245ddc..e011ee4fb93 100644 --- a/dojo/product_type/views.py +++ b/dojo/product_type/views.py @@ -13,7 +13,7 @@ from dojo.authorization.authorization import user_has_permission from dojo.authorization.authorization_decorators import user_has_global_permission, user_is_authorized from dojo.authorization.roles_permissions import Permissions -from dojo.filters import ProductTypeFilter +from dojo.filters import ProductFilter, ProductFilterWithoutObjectLookups, ProductTypeFilter from dojo.forms import ( Add_Product_Type_GroupForm, Add_Product_Type_MemberForm, @@ -38,6 +38,7 @@ async_delete, get_page_items, get_setting, + get_system_setting, is_title_in_breadcrumbs, ) @@ -51,7 +52,6 @@ def product_type(request): - prod_types = get_authorized_product_types(Permissions.Product_Type_View) name_words = prod_types.values_list("name", flat=True) @@ -123,12 +123,17 @@ def view_product_type(request, ptid): groups = get_authorized_groups_for_product_type(pt, Permissions.Product_Type_View) global_groups = get_authorized_global_groups_for_product_type(pt, Permissions.Product_Type_View) products = get_authorized_products(Permissions.Product_View).filter(prod_type=pt) - products = get_page_items(request, products, 25) + filter_string_matching = get_system_setting("filter_string_matching", False) + filter_class = ProductFilterWithoutObjectLookups if filter_string_matching else ProductFilter + prod_filter = filter_class(request.GET, queryset=products, user=request.user) + products = get_page_items(request, prod_filter.qs, 25) + add_breadcrumb(title=page_name, top_level=False, request=request) return render(request, "dojo/view_product_type.html", { "name": page_name, "pt": pt, "products": products, + "prod_filter": prod_filter, "groups": groups, "members": members, "global_groups": global_groups, diff --git a/dojo/reports/views.py b/dojo/reports/views.py index f258db9db2f..061476efe1b 100644 --- a/dojo/reports/views.py +++ b/dojo/reports/views.py @@ -876,7 +876,7 @@ def get(self, request): num_endpoints = 0 for endpoint in finding.endpoints.all(): num_endpoints += 1 - endpoint_value += f"{str(endpoint)}; " + endpoint_value += f"{endpoint}; " endpoint_value = endpoint_value.removesuffix("; ") if len(endpoint_value) > EXCEL_CHAR_LIMIT: endpoint_value = endpoint_value[:EXCEL_CHAR_LIMIT - 3] + "..." @@ -889,7 +889,7 @@ def get(self, request): if num_vulnerability_ids > 5: vulnerability_ids_value += "..." break - vulnerability_ids_value += f"{str(vulnerability_id)}; " + vulnerability_ids_value += f"{vulnerability_id}; " if finding.cve and vulnerability_ids_value.find(finding.cve) < 0: vulnerability_ids_value += finding.cve vulnerability_ids_value = vulnerability_ids_value.removesuffix("; ") @@ -902,7 +902,7 @@ def get(self, request): if num_tags > 5: tags_value += "..." break - tags_value += f"{str(tag)}; " + tags_value += f"{tag}; " tags_value = tags_value.removesuffix("; ") fields.append(tags_value) @@ -1025,7 +1025,7 @@ def get(self, request): num_endpoints = 0 for endpoint in finding.endpoints.all(): num_endpoints += 1 - endpoint_value += f"{str(endpoint)}; \n" + endpoint_value += f"{endpoint}; \n" endpoint_value = endpoint_value.removesuffix("; \n") if len(endpoint_value) > EXCEL_CHAR_LIMIT: endpoint_value = endpoint_value[:EXCEL_CHAR_LIMIT - 3] + "..." @@ -1039,7 +1039,7 @@ def get(self, request): if num_vulnerability_ids > 5: vulnerability_ids_value += "..." break - vulnerability_ids_value += f"{str(vulnerability_id)}; \n" + vulnerability_ids_value += f"{vulnerability_id}; \n" if finding.cve and vulnerability_ids_value.find(finding.cve) < 0: vulnerability_ids_value += finding.cve vulnerability_ids_value = vulnerability_ids_value.removesuffix("; \n") @@ -1048,7 +1048,7 @@ def get(self, request): # tags tags_value = "" for tag in finding.tags.all(): - tags_value += f"{str(tag)}; \n" + tags_value += f"{tag}; \n" tags_value = tags_value.removesuffix("; \n") worksheet.cell(row=row_num, column=col_num, value=tags_value) col_num += 1 diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index d48945fe704..9849fcfe389 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1,15 +1,9 @@ ######################################################################################################### -# It is not allowed to edit file 'settings.dist.py', for production deployemnts. # +# It is not recommended to edit file 'settings.dist.py', for production deployments. # # Any customization of variables need to be done via environmental variables or in 'local_settings.py'. # # For more information check https://documentation.defectdojo.com/getting_started/configuration/ # ######################################################################################################### -######################################################################################################### -# If as a developer of a new feature, you need to perform an update of file 'settings.dist.py', # -# after the change, calculate the checksum and store it related file by calling the following command: # -# $ sha256sum settings.dist.py | cut -d ' ' -f1 > .settings.dist.py.sha256sum # -######################################################################################################### - # Django settings for DefectDojo import json import logging @@ -549,8 +543,8 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param GOOGLE_OAUTH_ENABLED = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_ENABLED") SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_KEY") SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET") -SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS") -SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = env("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS") +SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = tuple(env.list("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS", default=[""])) +SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = tuple(env.list("DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS", default=[""])) SOCIAL_AUTH_LOGIN_ERROR_URL = "/login" SOCIAL_AUTH_BACKEND_ERROR_URL = "/login" @@ -1296,6 +1290,7 @@ def saml2_attrib_map_format(dict): "Invicti Scan": ["title", "description", "severity"], "HackerOne Cases": ["title", "severity"], "KrakenD Audit Scan": ["description", "mitigation", "severity"], + "Red Hat Satellite": ["description", "severity"], } # Override the hardcoded settings here via the env var @@ -1542,6 +1537,7 @@ def saml2_attrib_map_format(dict): "Invicti Scan": DEDUPE_ALGO_HASH_CODE, "KrakenD Audit Scan": DEDUPE_ALGO_HASH_CODE, "PTART Report": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + "Red Hat Satellite": DEDUPE_ALGO_HASH_CODE, } # Override the hardcoded settings here via the env var @@ -1766,6 +1762,9 @@ def saml2_attrib_map_format(dict): "ALSA": "https://osv.dev/vulnerability/", # e.g. https://osv.dev/vulnerability/ALSA-2024:0827 "USN": "https://ubuntu.com/security/notices/", # e.g. https://ubuntu.com/security/notices/USN-6642-1 "DLA": "https://security-tracker.debian.org/tracker/", # e.g. https://security-tracker.debian.org/tracker/DLA-3917-1 + "DSA": "https://security-tracker.debian.org/tracker/", # e.g. https://security-tracker.debian.org/tracker/DSA-5791-1 + "DTSA": "https://security-tracker.debian.org/tracker/", # e.g. https://security-tracker.debian.org/tracker/DTSA-41-1 + "TEMP": "https://security-tracker.debian.org/tracker/", # e.g. https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF "ELSA": "https://linux.oracle.com/errata/&&.html", # e.g. https://linux.oracle.com/errata/ELSA-2024-12714.html "ELBA": "https://linux.oracle.com/errata/&&.html", # e.g. https://linux.oracle.com/errata/ELBA-2024-7457.html "RXSA": "https://errata.rockylinux.org/", # e.g. https://errata.rockylinux.org/RXSA-2024:4928 @@ -1774,9 +1773,7 @@ def saml2_attrib_map_format(dict): "KHV": "https://avd.aquasec.com/misconfig/kubernetes/", # e.g. https://avd.aquasec.com/misconfig/kubernetes/khv045 "CAPEC": "https://capec.mitre.org/data/definitions/&&.html", # e.g. https://capec.mitre.org/data/definitions/157.html "CWE": "https://cwe.mitre.org/data/definitions/&&.html", # e.g. https://cwe.mitre.org/data/definitions/79.html - "TEMP": "https://security-tracker.debian.org/tracker/", # e.g. https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF "GLSA": "https://security.gentoo.org/", # e.g. https://security.gentoo.org/glsa/202409-32 - "DSA": "https://security-tracker.debian.org/tracker/", # e.g. https://security-tracker.debian.org/tracker/DSA-5791-1 "RLSA": "https://errata.rockylinux.org/", # e.g. https://errata.rockylinux.org/RLSA-2024:7001 "RLBA": "https://errata.rockylinux.org/", # e.g. https://errata.rockylinux.org/RLBA-2024:6968 } diff --git a/dojo/settings/settings.py b/dojo/settings/settings.py index 6355bedf285..9a961ca8029 100644 --- a/dojo/settings/settings.py +++ b/dojo/settings/settings.py @@ -1,6 +1,3 @@ -import hashlib -import sys -from pathlib import Path from split_settings.tools import include, optional @@ -11,14 +8,3 @@ "settings.dist.py", optional("local_settings.py"), ) - -if not (DEBUG or ("collectstatic" in sys.argv)): # noqa: F821 - not declared DEBUG is acceptable because we are sure it will be loaded from 'include' - with (Path(__file__).parent / "settings.dist.py").open("rb") as file: - real_hash = hashlib.sha256(file.read()).hexdigest() - with (Path(__file__).parent / ".settings.dist.py.sha256sum").open("rb") as file: - expected_hash = file.read().decode().strip() - if real_hash != expected_hash: - msg = "Change of 'settings.dist.py' file was detected. It is not allowed to edit this file. " \ - "Any customization of variables need to be done via environmental variables or in 'local_settings.py'. " \ - "For more information check https://documentation.defectdojo.com/getting_started/configuration/ " - sys.exit(msg) diff --git a/dojo/static/dojo/js/metrics.js b/dojo/static/dojo/js/metrics.js index 2fd518aa3a1..140c46c1b21 100644 --- a/dojo/static/dojo/js/metrics.js +++ b/dojo/static/dojo/js/metrics.js @@ -57,7 +57,8 @@ function homepage_pie_chart(critical, high, medium, low, info) { function homepage_severity_plot(critical, high, medium, low) { var options = { xaxes: [{ - mode: 'time' + mode: 'time', + minTickSize: [1, "month"] }], yaxes: [{ min: 0 diff --git a/dojo/templates/dojo/view_product_type.html b/dojo/templates/dojo/view_product_type.html index 70e5058350a..4cff7efa44f 100644 --- a/dojo/templates/dojo/view_product_type.html +++ b/dojo/templates/dojo/view_product_type.html @@ -54,24 +54,28 @@

{% trans "Description" %}

{% trans "Products" %}

- {% if pt|has_object_permission:"Product_Type_Add_Product" %} - {% endif %}
+
+ {% include "dojo/filter_snippet.html" with form=prod_filter.form %} +
{% if products %}
{% include "dojo/paging_snippet.html" with page=products page_size=True %} @@ -325,3 +329,6 @@

{% endblock %} +{% block postscript %} + {% include "dojo/filter_js_snippet.html" %} +{% endblock %} \ No newline at end of file diff --git a/dojo/templatetags/display_tags.py b/dojo/templatetags/display_tags.py index edcc109ffbf..94bcf80d6e5 100644 --- a/dojo/templatetags/display_tags.py +++ b/dojo/templatetags/display_tags.py @@ -431,13 +431,12 @@ def pic_token(context, image, size): @register.filter def inline_image(image_file): - try: - if img_type := mimetypes.guess_type(image_file.file.name)[0]: - if img_type.startswith("image/"): - img_data = base64.b64encode(image_file.file.read()) - return f"data:{img_type};base64, {img_data.decode('utf-8')}" - except: - pass + # TODO: This code might need better exception handling or data processing + if img_types := mimetypes.guess_type(image_file.file.name): + img_type = img_types[0] + if img_type.startswith("image/"): + img_data = base64.b64encode(image_file.file.read()) + return f"data:{img_type};base64, {img_data.decode('utf-8')}" return "" diff --git a/dojo/tools/api_bugcrowd/importer.py b/dojo/tools/api_bugcrowd/importer.py index e47dba8a409..d83d1edf3cd 100644 --- a/dojo/tools/api_bugcrowd/importer.py +++ b/dojo/tools/api_bugcrowd/importer.py @@ -16,7 +16,7 @@ class BugcrowdApiImporter: def get_findings(self, test): client, config = self.prepare_client(test) logger.debug( - f"Fetching submissions program {str(config.service_key_1)} and target {str(config.service_key_2)}", + f"Fetching submissions program {config.service_key_1} and target {config.service_key_2}", ) submissions_paged = client.get_findings( diff --git a/dojo/tools/api_bugcrowd/parser.py b/dojo/tools/api_bugcrowd/parser.py index da06880fd27..1bb5a28bd37 100644 --- a/dojo/tools/api_bugcrowd/parser.py +++ b/dojo/tools/api_bugcrowd/parser.py @@ -155,7 +155,7 @@ def get_findings(self, file, test): finding.unsaved_endpoints = [bug_endpoint] except Exception as e: logger.error( - f"{str(bug_endpoint)} bug url from bugcrowd failed to parse to endpoint, error= {e}", + f"{bug_endpoint} bug url from bugcrowd failed to parse to endpoint, error= {e}", ) except ValidationError: logger.error( diff --git a/dojo/tools/appcheck_web_application_scanner/engines/base.py b/dojo/tools/appcheck_web_application_scanner/engines/base.py index e07433c2946..84523b90435 100644 --- a/dojo/tools/appcheck_web_application_scanner/engines/base.py +++ b/dojo/tools/appcheck_web_application_scanner/engines/base.py @@ -205,7 +205,7 @@ def parse_initial_date(self, finding: Finding, value: str) -> None: ##### # For parsing CVEs ##### - CVE_PATTERN = re.compile("CVE-[0-9]+-[0-9]+", re.IGNORECASE) + CVE_PATTERN = re.compile(r"CVE-[0-9]+-[0-9]+", re.IGNORECASE) def is_cve(self, c: str) -> bool: return bool(c and isinstance(c, str) and self.CVE_PATTERN.fullmatch(c)) diff --git a/dojo/tools/blackduck/parser.py b/dojo/tools/blackduck/parser.py index a6a127fcdb3..30954bc8d87 100644 --- a/dojo/tools/blackduck/parser.py +++ b/dojo/tools/blackduck/parser.py @@ -89,10 +89,10 @@ def format_title(self, i): return f"{i.vuln_id} - {component_title}" def format_description(self, i): - description = f"Published on: {str(i.published_date)}\n\n" - description += f"Updated on: {str(i.updated_date)}\n\n" - description += f"Base score: {str(i.base_score)}\n\n" - description += f"Exploitability: {str(i.exploitability)}\n\n" + description = f"Published on: {i.published_date}\n\n" + description += f"Updated on: {i.updated_date}\n\n" + description += f"Base score: {i.base_score}\n\n" + description += f"Exploitability: {i.exploitability}\n\n" description += f"Description: {i.description}\n" return description diff --git a/dojo/tools/blackduck_binary_analysis/parser.py b/dojo/tools/blackduck_binary_analysis/parser.py index 77f9647fc6f..b0ccd0b9642 100644 --- a/dojo/tools/blackduck_binary_analysis/parser.py +++ b/dojo/tools/blackduck_binary_analysis/parser.py @@ -115,30 +115,30 @@ def format_title(self, i): return title def format_description(self, i): - description = f"CSV Result: {str(i.report_name)}\n" - description += f"Vulnerable Component: {str(i.component)}\n" - description += f"Vulnerable Component Version in Use: {str(i.version)}\n" - description += f"Vulnerable Component Latest Version: {str(i.latest_version)}\n" - description += f"Matching Type: {str(i.matching_type)}\n" - description += f"Object Name: {str(i.object_name)}\n" - description += f"Object Extraction Path: {str(i.object_full_path)}\n" - description += f"Object Compilation Date: {str(i.object_compilation_date)}\n" - description += f"Object SHA1: {str(i.object_sha1)}\n" - description += f"CVE: {str(i.cve)}\n" - description += f"CVE Publication Date: {str(i.cve_publication_date)}\n" - description += f"Distribution Package: {str(i.distribution_package)}\n" - description += f"Missing Exploit Mitigations: {str(i.missing_exploit_mitigations)}\n" - description += f"BDSA: {str(i.bdsa)}\n" - description += f"Summary:\n{str(i.summary)}\n" - description += f"Note Type:\n{str(i.note_type)}\n" - description += f"Note Reason:\n{str(i.note_reason)}\n" - description += f"Triage Vectors:\n{str(i.triage_vectors)}\n" - description += f"Unresolving Triage Vectors:\n{str(i.triage_vectors)}\n" + description = f"CSV Result: {i.report_name}\n" + description += f"Vulnerable Component: {i.component}\n" + description += f"Vulnerable Component Version in Use: {i.version}\n" + description += f"Vulnerable Component Latest Version: {i.latest_version}\n" + description += f"Matching Type: {i.matching_type}\n" + description += f"Object Name: {i.object_name}\n" + description += f"Object Extraction Path: {i.object_full_path}\n" + description += f"Object Compilation Date: {i.object_compilation_date}\n" + description += f"Object SHA1: {i.object_sha1}\n" + description += f"CVE: {i.cve}\n" + description += f"CVE Publication Date: {i.cve_publication_date}\n" + description += f"Distribution Package: {i.distribution_package}\n" + description += f"Missing Exploit Mitigations: {i.missing_exploit_mitigations}\n" + description += f"BDSA: {i.bdsa}\n" + description += f"Summary:\n{i.summary}\n" + description += f"Note Type:\n{i.note_type}\n" + description += f"Note Reason:\n{i.note_reason}\n" + description += f"Triage Vectors:\n{i.triage_vectors}\n" + description += f"Unresolving Triage Vectors:\n{i.triage_vectors}\n" return description def format_mitigation(self, i): - return f"Upgrade {str(i.component)} to latest version: {str(i.latest_version)}.\n" + return f"Upgrade {i.component} to latest version: {i.latest_version}.\n" def format_impact(self, i): impact = "The use of vulnerable third-party open source software in applications can have numerous negative impacts:\n\n" @@ -150,7 +150,7 @@ def format_impact(self, i): return impact def format_references(self, i): - references = f"BDSA: {str(i.bdsa)}\n" - references += f"NIST CVE Details: {str(i.vulnerability_url)}\n" + references = f"BDSA: {i.bdsa}\n" + references += f"NIST CVE Details: {i.vulnerability_url}\n" return references diff --git a/dojo/tools/burp_enterprise/parser.py b/dojo/tools/burp_enterprise/parser.py index 052d8a80f84..58b2a5a6ea6 100644 --- a/dojo/tools/burp_enterprise/parser.py +++ b/dojo/tools/burp_enterprise/parser.py @@ -162,7 +162,7 @@ def _set_or_append_content(self, finding_details: dict, header: str, div_element cleaned_item = item.split(":")[0] if ( finding_details["cwe"] is None - and (cwe_search := re.search("CWE-([0-9]*)", cleaned_item, re.IGNORECASE)) + and (cwe_search := re.search(r"CWE-([0-9]*)", cleaned_item, re.IGNORECASE)) ): finding_details["cwe"] = int(cwe_search.group(1)) if "vulnerability_ids" not in finding_details: diff --git a/dojo/tools/burp_graphql/parser.py b/dojo/tools/burp_graphql/parser.py index 9b37760e2a8..11df852dc54 100644 --- a/dojo/tools/burp_graphql/parser.py +++ b/dojo/tools/burp_graphql/parser.py @@ -219,7 +219,7 @@ def parse_evidence(self, evidence): def get_cwe(self, cwe_html): # Match only the first CWE! - cweSearch = re.search("CWE-([0-9]*)", cwe_html, re.IGNORECASE) + cweSearch = re.search(r"CWE-([0-9]*)", cwe_html, re.IGNORECASE) if cweSearch: return cweSearch.group(1) return 0 diff --git a/dojo/tools/crashtest_security/parser.py b/dojo/tools/crashtest_security/parser.py index deedb916b81..a12c194723a 100644 --- a/dojo/tools/crashtest_security/parser.py +++ b/dojo/tools/crashtest_security/parser.py @@ -185,7 +185,7 @@ def get_items(self, tree, test): title = re.sub(r" \([0-9]*\)$", "", title) # Attache CVEs - vulnerability_id = re.findall("CVE-\\d{4}-\\d{4,10}", title)[0] if "CVE" in title else None + vulnerability_id = re.findall(r"CVE-\d{4}-\d{4,10}", title)[0] if "CVE" in title else None description = failure.get("message") severity = failure.get("type").capitalize() diff --git a/dojo/tools/cyclonedx/xml_parser.py b/dojo/tools/cyclonedx/xml_parser.py index 70682c0c6a8..55aa4995356 100644 --- a/dojo/tools/cyclonedx/xml_parser.py +++ b/dojo/tools/cyclonedx/xml_parser.py @@ -104,7 +104,7 @@ def manage_vulnerability_legacy( [ f"**Ref:** {ref}", f"**Id:** {vuln_id}", - f"**Severity:** {str(severity)}", + f"**Severity:** {severity}", ], ) if component_name is None: diff --git a/dojo/tools/generic/json_parser.py b/dojo/tools/generic/json_parser.py index 0a09a9deda2..e1d86eaaa6d 100644 --- a/dojo/tools/generic/json_parser.py +++ b/dojo/tools/generic/json_parser.py @@ -45,6 +45,8 @@ def _get_test_json(self, data): "date", "cwe", "cve", + "epss_score", + "epss_percentile", "cvssv3", "cvssv3_score", "mitigation", diff --git a/dojo/tools/gitlab_api_fuzzing/parser.py b/dojo/tools/gitlab_api_fuzzing/parser.py index c536dc00205..1095d21a657 100644 --- a/dojo/tools/gitlab_api_fuzzing/parser.py +++ b/dojo/tools/gitlab_api_fuzzing/parser.py @@ -28,12 +28,11 @@ def get_findings(self, file, test): title = vulnerability["name"] severity = self.normalise_severity(vulnerability["severity"]) description = vulnerability.get("category", "") - try: - location = vulnerability["location"] - description += "\n" + location["crash_type"] - description += "\n" + location["crash_state"] - except: - pass + if location := vulnerability.get("location"): + if crash_type := location.get("crash_type"): + description += f"\n{crash_type}" + if crash_state := location.get("crash_state"): + description += f"\n{crash_state}" findings.append( Finding( title=title, diff --git a/dojo/tools/gosec/parser.py b/dojo/tools/gosec/parser.py index 20ccbcae062..d7e32f46a85 100644 --- a/dojo/tools/gosec/parser.py +++ b/dojo/tools/gosec/parser.py @@ -34,7 +34,7 @@ def get_findings(self, filename, test): # Finding details information findingdetail += f"Filename: {filename}\n\n" - findingdetail += f"Line number: {str(line)}\n\n" + findingdetail += f"Line number: {line}\n\n" findingdetail += f"Issue Confidence: {scanner_confidence}\n\n" findingdetail += "Code:\n\n" findingdetail += "```{}```".format(item["code"]) diff --git a/dojo/tools/h1/parser.py b/dojo/tools/h1/parser.py index 62072f5eb27..772700f3176 100644 --- a/dojo/tools/h1/parser.py +++ b/dojo/tools/h1/parser.py @@ -118,11 +118,8 @@ def build_description(self, content): description += f"Triaged: {triaged_date}\n" # Try to grab CVSS - try: - cvss = content["relationships"]["severity"]["data"]["attributes"]["score"] + if cvss := content.get("relationships", {}).get("severity", {}).get("data", {}).get("attributes", {}).get("score"): description += f"CVSS: {cvss}\n" - except Exception: - pass # Build rest of description meat description += "##Report: \n{}\n".format( @@ -130,12 +127,9 @@ def build_description(self, content): ) # Try to grab weakness if it's there - try: - weakness_title = content["relationships"]["weakness"]["data"]["attributes"]["name"] - weakness_desc = content["relationships"]["weakness"]["data"]["attributes"]["description"] - description += f"\n##Weakness: {weakness_title}\n{weakness_desc}" - except Exception: - pass + if weakness_title := content.get("relationships", {}).get("weakness", {}).get("data", {}).get("attributes", {}).get("name"): + if weakness_desc := content.get("relationships", {}).get("weakness", {}).get("data", {}).get("attributes", {}).get("description"): + description += f"\n##Weakness: {weakness_title}\n{weakness_desc}" return description diff --git a/dojo/tools/kiuwan/parser.py b/dojo/tools/kiuwan/parser.py index 34601b05aae..1caeb78c803 100644 --- a/dojo/tools/kiuwan/parser.py +++ b/dojo/tools/kiuwan/parser.py @@ -1,4 +1,3 @@ -import contextlib import csv import hashlib import io @@ -105,8 +104,9 @@ def get_findings(self, filename, test): finding.mitigation = "Not provided!" finding.severity = findingdict["severity"] finding.static_finding = True - with contextlib.suppress(Exception): - finding.cwe = int(row["CWE"]) + if cwe := row.get("CWE"): + if cwe.isdigit(): + finding.cwe = int(cwe) if finding is not None: if finding.title is None: diff --git a/dojo/tools/microfocus_webinspect/parser.py b/dojo/tools/microfocus_webinspect/parser.py index bf4475580d0..df1b4f84bac 100644 --- a/dojo/tools/microfocus_webinspect/parser.py +++ b/dojo/tools/microfocus_webinspect/parser.py @@ -111,7 +111,7 @@ def convert_severity(val): @staticmethod def get_cwe(val): # Match only the first CWE! - cweSearch = re.search("CWE-(\\d+)", val, re.IGNORECASE) + cweSearch = re.search(r"CWE-(\d+)", val, re.IGNORECASE) if cweSearch: return int(cweSearch.group(1)) return 0 diff --git a/dojo/tools/nexpose/parser.py b/dojo/tools/nexpose/parser.py index d6b63c66c8a..08916d42901 100644 --- a/dojo/tools/nexpose/parser.py +++ b/dojo/tools/nexpose/parser.py @@ -265,7 +265,7 @@ def get_items(self, tree, vulns, test): "severity": "Info", "tags": [ re.sub( - "[^A-Za-z0-9]+", + r"[^A-Za-z0-9]+", "-", service.get("name").lower(), ).rstrip("-"), diff --git a/dojo/tools/npm_audit/parser.py b/dojo/tools/npm_audit/parser.py index 6296477a971..186f133e6ab 100644 --- a/dojo/tools/npm_audit/parser.py +++ b/dojo/tools/npm_audit/parser.py @@ -66,7 +66,7 @@ def censor_path_hashes(path): if not path: return None - return re.sub("[a-f0-9]{64}", "censored_by_npm_audit", path) + return re.sub(r"[a-f0-9]{64}", "censored_by_npm_audit", path) def get_item(item_node, test): diff --git a/dojo/tools/qualys_webapp/parser.py b/dojo/tools/qualys_webapp/parser.py index 825d55b531a..989e5ba48cd 100644 --- a/dojo/tools/qualys_webapp/parser.py +++ b/dojo/tools/qualys_webapp/parser.py @@ -34,7 +34,7 @@ def truncate_str(value: str, maxlen: int): # Parse 'CWE-XXXX' format to strip just the numbers def get_cwe(cwe): - cweSearch = re.search("CWE-([0-9]*)", cwe, re.IGNORECASE) + cweSearch = re.search(r"CWE-([0-9]*)", cwe, re.IGNORECASE) if cweSearch: return cweSearch.group(1) return 0 diff --git a/dojo/tools/sarif/parser.py b/dojo/tools/sarif/parser.py index aa3d878ffb4..4c539583564 100644 --- a/dojo/tools/sarif/parser.py +++ b/dojo/tools/sarif/parser.py @@ -156,7 +156,7 @@ def get_message_from_multiformatMessageString(data, rule): def cve_try(val): # Match only the first CVE! - cveSearch = re.search("(CVE-[0-9]+-[0-9]+)", val, re.IGNORECASE) + cveSearch = re.search(r"(CVE-[0-9]+-[0-9]+)", val, re.IGNORECASE) if cveSearch: return cveSearch.group(1).upper() return None @@ -241,10 +241,10 @@ def get_codeFlowsDescription(codeFlows): snippet = "" if "startLine" in region: - start_line = f":L{str(region.get('startLine'))}" + start_line = f":L{region.get('startLine')}" if "startColumn" in region: - start_column = f":C{str(region.get('startColumn'))}" + start_column = f":C{region.get('startColumn')}" if "snippet" in region: snippet = f"\t-\t{region.get('snippet').get('text')}" diff --git a/dojo/tools/sonarqube/soprasteria_helper.py b/dojo/tools/sonarqube/soprasteria_helper.py index 2e7259e6376..63b59607e6a 100644 --- a/dojo/tools/sonarqube/soprasteria_helper.py +++ b/dojo/tools/sonarqube/soprasteria_helper.py @@ -41,7 +41,7 @@ def get_references(self, rule_name, vuln_details): def get_cwe(self, vuln_references): # Match only the first CWE! - cweSearch = re.search("CWE-([0-9]*)", vuln_references, re.IGNORECASE) + cweSearch = re.search(r"CWE-([0-9]*)", vuln_references, re.IGNORECASE) if cweSearch: return cweSearch.group(1) return 0 diff --git a/dojo/tools/tenable/xml_format.py b/dojo/tools/tenable/xml_format.py index ae63151ec5a..045a17e0c37 100644 --- a/dojo/tools/tenable/xml_format.py +++ b/dojo/tools/tenable/xml_format.py @@ -112,8 +112,8 @@ def get_findings(self, filename: str, test: Test) -> list: item.find("plugin_output"), ) if plugin_output_element_text is not None: - plugin_output = f"Plugin Output: {ip}{str(f':{port}' if port is not None else '')}" - plugin_output += f"\n```\n{str(plugin_output_element_text)}\n```\n\n" + plugin_output = f"Plugin Output: {ip}{f':{port}' if port is not None else ''}" + plugin_output += f"\n```\n{plugin_output_element_text}\n```\n\n" description += plugin_output # Determine the severity diff --git a/dojo/tools/trivy_operator/uniform_vulnid.py b/dojo/tools/trivy_operator/uniform_vulnid.py index b3aae5055e4..b03ef9acbed 100644 --- a/dojo/tools/trivy_operator/uniform_vulnid.py +++ b/dojo/tools/trivy_operator/uniform_vulnid.py @@ -8,12 +8,12 @@ def return_uniformed_vulnid(self, vulnid): if "cve" in vulnid.lower(): return vulnid if "khv" in vulnid.lower(): - temp = re.compile("([a-zA-Z-_]+)([0-9]+)") + temp = re.compile(r"([a-zA-Z-_]+)([0-9]+)") number = str(temp.match(vulnid).groups()[1]).zfill(3) avd_category = str(temp.match(vulnid.lower()).groups()[0]) return avd_category.upper() + number if "ksv" in vulnid.lower() or "kcv" in vulnid.lower(): - temp = re.compile("([a-zA-Z-_]+)([0-9]+)") + temp = re.compile(r"([a-zA-Z-_]+)([0-9]+)") number = str(temp.match(vulnid).groups()[1]).zfill(4) avd_category = str(temp.match(vulnid.lower().replace("_", "").replace("-", "")).groups()[0].replace("avd", "")) return "AVD-" + avd_category.upper() + "-" + number diff --git a/dojo/tools/veracode/json_parser.py b/dojo/tools/veracode/json_parser.py index b873ada3531..df83cbb802e 100644 --- a/dojo/tools/veracode/json_parser.py +++ b/dojo/tools/veracode/json_parser.py @@ -85,13 +85,13 @@ def get_items(self, tree, test): if not finding: continue # Set the date of the finding from the report if it is present - try: + if finding_status := vuln.get("finding_status"): if settings.USE_FIRST_SEEN: - finding.date = parser.parse(vuln.get("finding_status", {}).get("first_found_date", "")) + if first_found_date := finding_status.get("first_found_date"): + finding.date = parser.parse(first_found_date) else: - finding.date = parser.parse(vuln.get("finding_status", {}).get("last_found_date", "")) - except Exception: - pass + if last_found_date := finding_status.get("last_found_date"): + finding.date = parser.parse(last_found_date) # Generate the description finding = self.parse_description(finding, vuln.get("description"), scan_type) finding.nb_occurences = vuln.get("count", 1) @@ -129,7 +129,7 @@ def create_finding_from_details(self, finding_details, scan_type, policy_violate if uncleaned_cvss.startswith(("CVSS:3.1/", "CVSS:3.0/")): finding.cvssv3 = CVSS3(str(uncleaned_cvss)).clean_vector(output_prefix=True) elif not uncleaned_cvss.startswith("CVSS"): - finding.cvssv3 = CVSS3(f"CVSS:3.1/{str(uncleaned_cvss)}").clean_vector(output_prefix=True) + finding.cvssv3 = CVSS3(f"CVSS:3.1/{uncleaned_cvss}").clean_vector(output_prefix=True) elif isinstance(uncleaned_cvss, float | int): finding.cvssv3_score = float(uncleaned_cvss) # Fill in extra info based on the scan type @@ -238,7 +238,7 @@ def add_sca_details(self, finding, finding_details, backup_title=None) -> Findin # See if the CVSS has already been set. If not, use the one here if not finding.cvssv3: if cvss_vector := cve_dict.get("cvss3", {}).get("vector"): - finding.cvssv3 = CVSS3(f"CVSS:3.1/{str(cvss_vector)}").clean_vector(output_prefix=True) + finding.cvssv3 = CVSS3(f"CVSS:3.1/{cvss_vector}").clean_vector(output_prefix=True) # Put the product ID in the metadata if product_id := finding_details.get("product_id"): finding.description += f"**Product ID**: {product_id}\n" diff --git a/dojo/tools/veracode/xml_parser.py b/dojo/tools/veracode/xml_parser.py index 17061402d6f..1e53b5545c4 100644 --- a/dojo/tools/veracode/xml_parser.py +++ b/dojo/tools/veracode/xml_parser.py @@ -271,7 +271,7 @@ def __xml_dynamic_flaw_to_finding( @staticmethod def _get_cwe(val): # Match only the first CWE! - cweSearch = re.search("CWE-(\\d+)", val, re.IGNORECASE) + cweSearch = re.search(r"CWE-(\d+)", val, re.IGNORECASE) if cweSearch: return int(cweSearch.group(1)) return None diff --git a/dojo/tools/wapiti/parser.py b/dojo/tools/wapiti/parser.py index 335281b9701..591ae3a390b 100644 --- a/dojo/tools/wapiti/parser.py +++ b/dojo/tools/wapiti/parser.py @@ -104,7 +104,7 @@ def get_findings(self, file, test): @staticmethod def get_cwe(val): # Match only the first CWE! - cweSearch = re.search("CWE-(\\d+)", val, re.IGNORECASE) + cweSearch = re.search(r"CWE-(\d+)", val, re.IGNORECASE) if cweSearch: return int(cweSearch.group(1)) return None diff --git a/dojo/user/validators.py b/dojo/user/validators.py index 83ee954419e..f6b665bc1c2 100644 --- a/dojo/user/validators.py +++ b/dojo/user/validators.py @@ -45,7 +45,7 @@ def get_help_text(self): class UppercaseValidator: def validate(self, password, user=None): - if not re.findall("[A-Z]", password) and get_system_setting("uppercase_character_required"): + if not re.findall(r"[A-Z]", password) and get_system_setting("uppercase_character_required"): raise ValidationError( self.get_help_text(), code="password_no_upper") @@ -57,7 +57,7 @@ def get_help_text(self): class LowercaseValidator: def validate(self, password, user=None): - if not re.findall("[a-z]", password) and get_system_setting("lowercase_character_required"): + if not re.findall(r"[a-z]", password) and get_system_setting("lowercase_character_required"): raise ValidationError( self.get_help_text(), code="password_no_lower") diff --git a/dojo/user/views.py b/dojo/user/views.py index 0f8914e4adf..44ba788253b 100644 --- a/dojo/user/views.py +++ b/dojo/user/views.py @@ -647,7 +647,7 @@ def clean(self): connection.open() connection.close() except Exception as e: - logger.error(f"SMTP Server Connection Failure: {str(e)}") + logger.error(f"SMTP Server Connection Failure: {e}") msg = "SMTP server is not configured correctly..." raise ValidationError(msg) diff --git a/helm/defectdojo/Chart.lock b/helm/defectdojo/Chart.lock index 7a0e49b95de..591ab3ae6e9 100644 --- a/helm/defectdojo/Chart.lock +++ b/helm/defectdojo/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 16.2.0 + version: 16.3.0 - name: postgresql-ha repository: https://charts.bitnami.com/bitnami version: 9.4.11 - name: redis repository: https://charts.bitnami.com/bitnami version: 19.6.4 -digest: sha256:0d2e729a1b07543cb813f80f5d05c67ad56817f1b44911e08245e43868f49301 -generated: "2024-11-14T10:51:48.400717864Z" +digest: sha256:896db01c8521d42f6830a84190fb0a679afb2a999a79e3d82226d0b871f7778d +generated: "2024-12-11T06:49:40.425726453Z" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 57849d3c012..231c924c168 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.41.0" +appVersion: "2.42.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.162 +version: 1.6.165-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap @@ -10,7 +10,7 @@ maintainers: url: https://github.com/DefectDojo/django-DefectDojo dependencies: - name: postgresql - version: ~16.2.0 + version: ~16.3.0 repository: "https://charts.bitnami.com/bitnami" condition: postgresql.enabled - name: postgresql-ha diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index 8cd5d0aca3b..0deb30aaff4 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -125,7 +125,7 @@ monitoring: # Add the nginx prometheus exporter sidecar prometheus: enabled: false - image: nginx/nginx-prometheus-exporter:1.3.0 + image: nginx/nginx-prometheus-exporter:1.4.0 imagePullPolicy: IfNotPresent annotations: {} @@ -478,7 +478,7 @@ cloudsql: image: # set repo and image tag of gce-proxy repository: gcr.io/cloudsql-docker/gce-proxy - tag: 1.37.2 + tag: 1.37.3 pullPolicy: IfNotPresent # set CloudSQL instance: 'project:zone:instancename' instance: "" diff --git a/requirements-lint.txt b/requirements-lint.txt index 6821d390595..25336e7513c 100644 --- a/requirements-lint.txt +++ b/requirements-lint.txt @@ -1 +1 @@ -ruff==0.7.4 +ruff==0.8.0 diff --git a/requirements.txt b/requirements.txt index c90db914837..fcf8b2b07ac 100644 --- a/requirements.txt +++ b/requirements.txt @@ -21,7 +21,7 @@ django-slack==5.19.0 git+https://github.com/DefectDojo/django-tagging@develop#egg=django-tagging django-watson==1.6.3 django-prometheus==2.3.1 -Django==5.1.3 +Django==5.1.4 djangorestframework==3.15.2 html2text==2024.2.26 humanize==4.11.0 @@ -35,18 +35,18 @@ psycopg[c]==3.2.3 cryptography==44.0.0 python-dateutil==2.9.0.post0 pytz==2024.2 -redis==5.2.0 +redis==5.2.1 requests==2.32.3 sqlalchemy==2.0.36 # Required by Celery broker transport urllib3==1.26.18 uWSGI==2.0.28 -vobject==0.9.8 +vobject==0.9.9 whitenoise==5.2.0 titlecase==2.4.1 social-auth-app-django==5.4.2 social-auth-core==4.5.4 gitpython==3.1.43 -python-gitlab==5.1.0 +python-gitlab==5.2.0 cpe==1.3.1 packageurl-python==0.16.0 django-crum==0.7.9 @@ -63,13 +63,13 @@ django-fieldsignals==0.7.0 hyperlink==21.0.0 django-test-migrations==1.4.0 djangosaml2==1.9.3 -drf-spectacular==0.27.2 +drf-spectacular==0.28.0 drf-spectacular-sidecar==2024.12.1 django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 -pycurl==7.45.3 # Required for Celery Broker AWS (SQS) support -boto3==1.35.73 # Required for Celery Broker AWS (SQS) support +pycurl==7.45.4 # Required for Celery Broker AWS (SQS) support +boto3==1.35.83 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 diff --git a/ruff.toml b/ruff.toml index e9008490a55..12b556d5cf3 100644 --- a/ruff.toml +++ b/ruff.toml @@ -41,7 +41,7 @@ select = [ "UP", "YTT", "ASYNC", - "S2", "S5", "S7", "S101", "S104", "S105", "S106", "S108", "S311", "S112", "S113", + "S1", "S2", "S5", "S7", "S311", "FBT001", "FBT003", "A003", "A004", "A005", "A006", "COM", @@ -93,10 +93,8 @@ ignore = [ "SIM115", "SIM116", "SIM117", - "RUF010", "RUF012", "RUF015", - "RUF027", "D205", "D211", # `one-blank-line-before-class` (D203) and `no-blank-line-before-class` (D211) are incompatible. "D212", # `multi-line-summary-first-line` (D212) and `multi-line-summary-second-line` (D213) are incompatible. diff --git a/tests/Import_scanner_test.py b/tests/Import_scanner_test.py index 737b48bdcf0..eefe72d5b09 100644 --- a/tests/Import_scanner_test.py +++ b/tests/Import_scanner_test.py @@ -145,8 +145,8 @@ def test_engagement_import_scan_result(self): options_text = [scan.strip() for scan in options_text] mod_options = options_text - mod_options = [re.sub(" Scanner", "", scan) for scan in mod_options] - mod_options = [re.sub(" Scan", "", scan) for scan in mod_options] + mod_options = [re.sub(r" Scanner", "", scan) for scan in mod_options] + mod_options = [re.sub(r" Scan", "", scan) for scan in mod_options] mod_options = [scan.lower().replace("-", " ").replace(".", "") for scan in mod_options] acronyms = [] @@ -172,11 +172,8 @@ def test_engagement_import_scan_result(self): index = list(found_matches.keys())[0] scan_map[test] = options_text[index] elif len(found_matches) > 1: - try: - index = list(found_matches.values()).index(temp_test) - scan_map[test] = options_text[list(found_matches.keys())[index]] - except: - pass + index = list(found_matches.values()).index(temp_test) + scan_map[test] = options_text[list(found_matches.keys())[index]] failed_tests = [] for test in self.tests: @@ -199,7 +196,7 @@ def test_engagement_import_scan_result(self): driver.find_element(By.ID, "id_file").send_keys(test_location) driver.find_element(By.CSS_SELECTOR, "input.btn.btn-primary").click() EngagementTXT = "".join(driver.find_element(By.TAG_NAME, "BODY").text).split("\n") - reg = re.compile("processed, a total of") + reg = re.compile(r"processed, a total of") matches = list(filter(reg.search, EngagementTXT)) if len(matches) != 1: failed_tests += [test.upper() + " - " + case + ": Not imported"] diff --git a/tests/base_test_class.py b/tests/base_test_class.py index c4b056503a6..7fcc3a6f203 100644 --- a/tests/base_test_class.py +++ b/tests/base_test_class.py @@ -1,4 +1,3 @@ -import contextlib import logging import os import re @@ -238,11 +237,7 @@ def goto_all_findings_list(self, driver): return driver def wait_for_datatable_if_content(self, no_content_id, wrapper_id): - no_content = None - with contextlib.suppress(Exception): - no_content = self.driver.find_element(By.ID, no_content_id) - - if no_content is None: + if not self.is_element_by_id_present(no_content_id): # wait for product_wrapper div as datatables javascript modifies the DOM on page load. WebDriverWait(self.driver, 30).until( EC.presence_of_element_located((By.ID, wrapper_id)), @@ -338,7 +333,7 @@ def enable_github(self): def set_block_execution(self, block_execution=True): # we set the admin user (ourselves) to have block_execution checked # this will force dedupe to happen synchronously, among other things like notifications, rules, ... - logger.info(f"setting block execution to: {str(block_execution)}") + logger.info(f"setting block execution to: {block_execution}") driver = self.driver driver.get(self.base_url + "profile") if ( diff --git a/unittests/test_deduplication_logic.py b/unittests/test_deduplication_logic.py index ef1d91a0d53..319c0761312 100644 --- a/unittests/test_deduplication_logic.py +++ b/unittests/test_deduplication_logic.py @@ -1158,12 +1158,12 @@ def log_findings(self, findings): else: logger.debug("\t\t" + "findings:") for finding in findings: - logger.debug(f"\t\t\t{str(finding.id):4.4}" + ': "' + f"{finding.title:20.20}" + '": ' + f"{finding.severity:5.5}" + ": act: " + f"{str(finding.active):5.5}" - + ": ver: " + f"{str(finding.verified):5.5}" + ": mit: " + f"{str(finding.is_mitigated):5.5}" - + ": dup: " + f"{str(finding.duplicate):5.5}" + ": dup_id: " - + (f"{str(finding.duplicate_finding.id):4.4}" if finding.duplicate_finding else "None") + ": hash_code: " + str(finding.hash_code) + logger.debug(f"\t\t\t{finding.id!s:4.4}" + ': "' + f"{finding.title:20.20}" + '": ' + f"{finding.severity:5.5}" + ": act: " + f"{finding.active!s:5.5}" + + ": ver: " + f"{finding.verified!s:5.5}" + ": mit: " + f"{finding.is_mitigated!s:5.5}" + + ": dup: " + f"{finding.duplicate!s:5.5}" + ": dup_id: " + + (f"{finding.duplicate_finding.id!s:4.4}" if finding.duplicate_finding else "None") + ": hash_code: " + str(finding.hash_code) + ": eps: " + str(finding.endpoints.count()) + ": notes: " + str([n.id for n in finding.notes.all()]) - + ": uid: " + f"{str(finding.unique_id_from_tool):5.5}" + (" fp" if finding.false_p else ""), + + ": uid: " + f"{finding.unique_id_from_tool!s:5.5}" + (" fp" if finding.false_p else ""), ) logger.debug("\t\tendpoints") diff --git a/unittests/test_false_positive_history_logic.py b/unittests/test_false_positive_history_logic.py index c4d939fbc42..04fca655b58 100644 --- a/unittests/test_false_positive_history_logic.py +++ b/unittests/test_false_positive_history_logic.py @@ -1678,12 +1678,12 @@ def log_findings(self, findings): else: logger.debug("\t\t" + "findings:") for finding in findings: - logger.debug(f"\t\t\t{str(finding.id):4.4}" + ': "' + f"{finding.title:20.20}" + '": ' + f"{finding.severity:5.5}" + ": act: " + f"{str(finding.active):5.5}" - + ": ver: " + f"{str(finding.verified):5.5}" + ": mit: " + f"{str(finding.is_mitigated):5.5}" - + ": dup: " + f"{str(finding.duplicate):5.5}" + ": dup_id: " - + (f"{str(finding.duplicate_finding.id):4.4}" if finding.duplicate_finding else "None") + ": hash_code: " + str(finding.hash_code) + logger.debug(f"\t\t\t{finding.id!s:4.4}" + ': "' + f"{finding.title:20.20}" + '": ' + f"{finding.severity:5.5}" + ": act: " + f"{finding.active!s:5.5}" + + ": ver: " + f"{finding.verified!s:5.5}" + ": mit: " + f"{finding.is_mitigated!s:5.5}" + + ": dup: " + f"{finding.duplicate!s:5.5}" + ": dup_id: " + + (f"{finding.duplicate_finding.id!s:4.4}" if finding.duplicate_finding else "None") + ": hash_code: " + str(finding.hash_code) + ": eps: " + str(finding.endpoints.count()) + ": notes: " + str([n.id for n in finding.notes.all()]) - + ": uid: " + f"{str(finding.unique_id_from_tool):5.5}" + (" fp" if finding.false_p else ""), + + ": uid: " + f"{finding.unique_id_from_tool!s:5.5}" + (" fp" if finding.false_p else ""), ) logger.debug("\t\tendpoints") diff --git a/unittests/test_rest_framework.py b/unittests/test_rest_framework.py index 5a600315536..fa30780c922 100644 --- a/unittests/test_rest_framework.py +++ b/unittests/test_rest_framework.py @@ -1119,7 +1119,7 @@ def test_request_response_post_and_download(self): # Test the creation for level in self.url_levels: length = FileUpload.objects.count() - with open(f"{str(self.path)}/scans/acunetix/one_finding.xml", encoding="utf-8") as testfile: + with open(f"{self.path}/scans/acunetix/one_finding.xml", encoding="utf-8") as testfile: payload = { "title": level, "file": testfile, @@ -1131,7 +1131,7 @@ def test_request_response_post_and_download(self): self.url_levels[level] = response.data.get("id") # Test the download - file_data = Path(f"{str(self.path)}/scans/acunetix/one_finding.xml").read_text(encoding="utf-8") + file_data = Path(f"{self.path}/scans/acunetix/one_finding.xml").read_text(encoding="utf-8") for level, file_id in self.url_levels.items(): response = self.client.get(f"/api/v2/{level}/files/download/{file_id}/") self.assertEqual(200, response.status_code) diff --git a/unittests/test_utils.py b/unittests/test_utils.py index 4bed9f7369f..25bf9fbc192 100644 --- a/unittests/test_utils.py +++ b/unittests/test_utils.py @@ -1,7 +1,5 @@ -import hashlib import logging from contextlib import contextmanager -from pathlib import Path from unittest.mock import Mock, patch from dojo.authorization.roles_permissions import Roles @@ -240,12 +238,3 @@ def assertImportModelsCreated(test_case, tests=0, engagements=0, products=0, pro product_type_count, endpoint_count, ) - - -class TestSettings(DojoTestCase): - def test_settings_integrity(self): - with Path("dojo/settings/settings.dist.py").open("rb") as file: - real_hash = hashlib.sha256(file.read()).hexdigest() - with Path("dojo/settings/.settings.dist.py.sha256sum").open("rb") as file: - expected_hash = file.read().decode().strip() - self.assertEqual(expected_hash, real_hash, "File settings.dist.py was changed but checksum has not been updated. If this is part of a PR, update the sha256sum value in '.settings.dist.py.sha256sum'. If you are modifying this to configure your instance, revert your changes and use environment variables or 'local_settings.py'")