Merge pull request DefectDojo#11724 from DefectDojo/master-into-dev/2…

….43.0-2.44.0-dev

Release: Merge back 2.43.0 into dev from: master-into-dev/2.43.0-2.44.0-dev

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.43.0-dev",
+  "version": "2.44.0-dev",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docs/assets/js/flexsearch.js

@@ -0,0 +1,145 @@
+/*!
+ * FlexSearch for Bootstrap based Thulite sites
+ * Copyright 2021-2024 Thulite
+ * Licensed under the MIT License
+ * Based on https://github.com/frjo/hugo-theme-zen/blob/main/assets/js/search.js
+ */
+
+/* eslint-disable no-undef, guard-for-in */
+
+/**
+ * @file
+ * A JavaScript file for flexsearch.
+ */
+
+// import * as FlexSearch from 'flexsearch';
+import Index from 'flexsearch';
+
+(function () {
+
+  'use strict';
+
+  // const index = new FlexSearch.Document({
+  const index = new Index.Document({
+    tokenize: 'forward',
+    document: {
+      id: 'id',
+      index: [
+        {
+          field: 'title'
+        },
+        {
+          field: 'tags'
+        },
+        {
+          field: {{ if site.Params.doks.indexSummary }}'summary'{{ else }}'content'{{ end }}
+        },
+        {
+          field:  'date',
+          tokenize: 'strict',
+          encode: false
+        }
+      ],
+      store: ['title','summary','date','permalink']
+    }
+  });
+
+  function showResults(items, order) {
+    const template = document.querySelector('template').content;
+    const fragment = document.createDocumentFragment();
+
+    const results = document.querySelector('.search-results');
+    results.textContent = '';
+
+    const itemsLength = Object.keys(items).length;
+
+    // Show/hide "No recent searches" and "No search results" messages
+    if ((itemsLength === 0) && (query.value === '')) {
+      // Hide "No search results" message
+      document.querySelector('.search-no-results').classList.add('d-none');
+      // Show "No recent searches" message
+      document.querySelector('.search-no-recent').classList.remove('d-none');
+    } else if ((itemsLength === 0) && (query.value !== '')) {
+      // Hide "No recent searches" message
+      document.querySelector('.search-no-recent').classList.add('d-none');
+      // Show "No search results" message
+      const queryNoResults = document.querySelector('.query-no-results');
+      queryNoResults.innerText = query.value;
+      document.querySelector('.search-no-results').classList.remove('d-none');
+    } else {
+      // Hide both "No recent searches" and "No search results" messages
+      document.querySelector('.search-no-recent').classList.add('d-none');
+      document.querySelector('.search-no-results').classList.add('d-none');
+    }
+
+    order.forEach((id) => {
+      const item = items[id];
+      const result = template.cloneNode(true);
+      const a = result.querySelector('a');
+      const time = result.querySelector('time');
+      const content = result.querySelector('.content');
+      a.innerHTML = item.title;
+      a.href = item.permalink;
+      time.innerText = "";
+      content.innerHTML = item.summary;
+      fragment.appendChild(result);
+    });
+
+    results.appendChild(fragment);
+  }
+
+  function doSearch() {
+    const query = document.querySelector('.search-text').value.trim();
+    const limit = {{ .searchLimit }};
+    const results = index.search({
+      query: query,
+      enrich: true,
+      limit: limit,
+    });
+    const items = {};
+    const order = [];
+
+    results.forEach(function (result) {
+
+      result.result.forEach(function (r) {
+        if(!order.includes(r.id)) {
+          order.push(r.id);
+        }
+
+        items[r.id] = r.doc;
+      });
+    });
+
+    showResults(items, order);
+  }
+
+  function enableUI() {
+    const searchform = document.querySelector('.search-form');
+    searchform.addEventListener('submit', function (e) {
+      e.preventDefault();
+      doSearch();
+    });
+    searchform.addEventListener('input', function () {
+      doSearch();
+    });
+    document.querySelector('.search-loading').classList.add('d-none');
+    document.querySelector('.search-input').classList.remove('d-none');
+    document.querySelector('.search-text').focus();
+  }
+
+  function buildIndex() {
+    document.querySelector('.search-loading').classList.remove('d-none');
+    fetch("{{ site.LanguagePrefix }}/search-index.json")
+      .then(function (response) {
+        return response.json();
+      })
+      .then(function (data) {
+        data.forEach(function (item) {
+          index.add(item);
+        });
+      });
+  }
+
+  buildIndex();
+  enableUI();
+})();

docs/content/en/about_defectdojo/about_docs.md

@@ -19,6 +19,8 @@ cascade:
 
 ![image](images/dashboard.png)
 
+<span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Inc. and open-source contributors maintain this documentation to support both the Community and Pro editions of DefectDojo.</span>
+
 ### What is DefectDojo?
 
 DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates. DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management.

docs/content/en/api/api-v2-docs.md

@@ -8,7 +8,7 @@ weight: 2
 DefectDojo\'s API is created using [Django Rest
 Framework](http://www.django-rest-framework.org/). The documentation of
 each endpoint is available within each DefectDojo installation at
-[`/api/v2/doc/`](https://demo.defectdojo.org/api/v2/) and can be accessed by choosing the API v2
+[`/api/v2/oa3/swagger-ui`](https://demo.defectdojo.org/api/v2/oa3/swagger-ui/) and can be accessed by choosing the API v2
 Docs link on the user drop down menu in the header. 
 
 ![image](images/api_v2_1.png)
@@ -42,7 +42,7 @@ For example: :
 
 ### Alternative authentication method
 
-If you use [an alternative authentication method](../social-authentication/) for users, you may want to disable DefectDojo API tokens because it could bypass your authentication concept. \
+If you use [an alternative authentication method](en/customize_dojo/user_management/configure_sso/ for users, you may want to disable DefectDojo API tokens because it could bypass your authentication concept. \
 Using of DefectDojo API tokens can be disabled by specifying the environment variable `DD_API_TOKENS_ENABLED` to `False`.
 Or only `api/v2/api-token-auth/` endpoint can be disabled by setting `DD_API_TOKEN_AUTH_ENDPOINT_ENABLED` to `False`.
 
@@ -125,7 +125,7 @@ The json object result is: :
 {{< /highlight >}}
 
 See [Django Rest Framework\'s documentation on interacting with an
-API](http://www.django-rest-framework.org/topics/api-clients/) for
+API](https://www.django-rest-framework.org/) for
 additional examples and tips.
 
 ## Manually calling the API
@@ -178,4 +178,4 @@ Example for importing a scan result:
 | [.Net/C# library](https://www.nuget.org/packages/DefectDojo.Api/)              | working (2021-06-08)    | |
 | [dd-import](https://github.com/MaibornWolff/dd-import)                    | working (2021-08-24)    | dd-import is not directly an API wrapper. It offers some convenience functions to make it easier to import findings and language data from CI/CD pipelines. |
 
-Some of the api wrappers contain quite a bit of logic to ease scanning and importing in CI/CD environments. We are in the process of simplifying this by making the DefectDojo API smarter (so api wrappers / script can be dumber).
+Some of the api wrappers contain quite a bit of logic to ease scanning and importing in CI/CD environments. We are in the process of simplifying this by making the DefectDojo API smarter (so api wrappers / script can be dumber).