Skip to content

Commit

Permalink
Syncs with upstream dev (#100)
Browse files Browse the repository at this point in the history
  • Loading branch information
inesmartins-swordhealth authored Nov 30, 2023
1 parent e2bbb84 commit 03fc5cc
Show file tree
Hide file tree
Showing 72 changed files with 1,943 additions and 1,165 deletions.
18 changes: 17 additions & 1 deletion .github/workflows/release-3-master-into-dev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,23 @@ jobs:
grep version dojo/__init__.py
grep appVersion helm/defectdojo/Chart.yaml
grep version components/package.json
- name: Create upgrade notes to documentation
run: |
minorv=$(echo ${{ github.event.inputs.release_number_dev }} | cut -d '.' -f -2)
patchv=$(echo ${{ github.event.inputs.release_number_dev }} | cut -d '-' -f -1)
weight=$(date +%Y%m%d)
echo -n "---
title: 'Upgrading to DefectDojo Version $minorv.x'
toc_hide: true
weight: -$weight
description: No special instructions.
---
There are no special instructions for upgrading to $minorv.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/$patchv) for the contents of the release.
" > docs/content/en/getting_started/upgrading/$minorv.md
git add docs/content/en/getting_started/upgrading/$minorv.md
if: endsWith(github.event.inputs.release_number_dev, '.0-dev')

- name: Push version changes
uses: stefanzweifel/git-auto-commit-action@v5.0.0
with:
Expand Down
152 changes: 87 additions & 65 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,64 +1,70 @@
# DefectDojo

<table>
<tr styl="margin: 0; position: absolute; top: 50%; -ms-transform: translateY(-50%); transform: translateY(-50%);">
<th><a href="https://opensourcesecurityindex.io/" target="_blank" rel="noopener">
<img style="width: 282px; height: 56px" src="https://opensourcesecurityindex.io/badge.svg"
alt="Open Source Security Index - Fastest Growing Open Source Security Projects" width="282" height="56" />
</a></th>
<th>
<p><a href="https://www.owasp.org/index.php/OWASP_DefectDojo_Project"><img
src="https://img.shields.io/badge/owasp-flagship%20project-orange.svg" alt="OWASP Flagship"></a> <a
href="https://github.com/DefectDojo/django-DefectDojo"><img
src="https://img.shields.io/github/release/DefectDojo/django-DefectDojo.svg" alt="GitHub release"></a> <a
href="https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ"><img
src="https://img.shields.io/badge/youtube-subscribe-%23c4302b.svg" alt="YouTube Subscribe"></a> <img
src="https://img.shields.io/twitter/follow/defectdojo.svg?style=social&amp;label=Follow" alt="Twitter Follow">
</p>
<p><a href="https://github.com/DefectDojo/django-DefectDojo/actions"><img
src="https://github.com/DefectDojo/django-DefectDojo/actions/workflows/unit-tests.yml/badge.svg?branch=master"
alt="Unit Tests"></a><a href="https://github.com/DefectDojo/django-DefectDojo/actions"><img
src="https://github.com/DefectDojo/django-DefectDojo/actions/workflows/integration-tests.yml/badge.svg?branch=master"
alt="Integration Tests"></a> <a href="https://bestpractices.coreinfrastructure.org/projects/2098"><img
src="https://bestpractices.coreinfrastructure.org/projects/2098/badge" alt="CII Best Practices"></a></p>
</th>
</tr>
<tr styl="margin: 0; position: absolute; top: 50%; -ms-transform: translateY(-50%); transform: translateY(-50%);">
<th>
<a href="https://opensourcesecurityindex.io/" target="_blank" rel="noopener">
<img style="width: 282px; height: 56px" src="https://opensourcesecurityindex.io/badge.svg"
alt="Open Source Security Index - Fastest Growing Open Source Security Projects" width="282" height="56" />
</a>
</th>
<th>
<p>
<a href="https://www.owasp.org/index.php/OWASP_DefectDojo_Project"><img src="https://img.shields.io/badge/owasp-flagship%20project-orange.svg" alt="OWASP Flagship"></a>
<a href="https://github.com/DefectDojo/django-DefectDojo/releases/latest"><img src="https://img.shields.io/github/release/DefectDojo/django-DefectDojo.svg" alt="GitHub release"></a>
<a href="https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ"><img src="https://img.shields.io/badge/youtube-subscribe-%23c4302b.svg" alt="YouTube Subscribe"></a>
<a href="https://twitter.com/defectdojo/"><img src="https://img.shields.io/twitter/follow/defectdojo.svg?style=social&amp;label=Follow" alt="Twitter Follow"></a>
</p>
<p>
<a href="https://github.com/DefectDojo/django-DefectDojo/actions"><img src="https://github.com/DefectDojo/django-DefectDojo/actions/workflows/unit-tests.yml/badge.svg?branch=master" alt="Unit Tests"></a>
<a href="https://github.com/DefectDojo/django-DefectDojo/actions"><img src="https://github.com/DefectDojo/django-DefectDojo/actions/workflows/integration-tests.yml/badge.svg?branch=master" alt="Integration Tests"></a>
<a href="https://bestpractices.coreinfrastructure.org/projects/2098"><img src="https://bestpractices.coreinfrastructure.org/projects/2098/badge" alt="CII Best Practices"></a>
</p>
</th>
</tr>
</table>

![Screenshot of DefectDojo](https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/screenshot1.png)

[DefectDojo](https://www.defectdojo.com/) is a security orchestration and
vulnerability management platform.
DefectDojo allows you to manage your application security program, maintain
product and application information, triage vulnerabilities and
push findings to systems like JIRA and Slack. DefectDojo enriches and
refines vulnerability data using a number of heuristic algorithms that
improve with the more you use the platform.
[DefectDojo](https://www.defectdojo.com/) is a DevSecOps, ASPM (application security posture management), and
vulnerability management tool. DefectDojo orchestrates end-to-end security testing, vulnerability tracking,
deduplication, remediation, and reporting.

## Demo

Try out the demo server at [demo.defectdojo.org](https://demo.defectdojo.org)
Try out DefectDojo on our demo server at [demo.defectdojo.org](https://demo.defectdojo.org)

Log in with `admin / 1Defectdojo@demo#appsec`. Please note that the demo is publicly accessible and regularly reset. Do not put sensitive data in the demo.
Log in with username `admin` and password `1Defectdojo@demo#appsec`. Please note that the demo is publicly accessible
and regularly reset. Do not put sensitive data in the demo.

## Quick Start for Compose V2

From July 2023 Compose V1 [stopped receiving updates](https://docs.docker.com/compose/reference/).

Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using `docker compose`, instead of `docker-compose`.
Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous
docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using
`docker compose` instead of `docker-compose`.

```sh
# Clone the project
git clone https://github.com/DefectDojo/django-DefectDojo
cd django-DefectDojo
# building

# Building Docker images
./dc-build.sh
# running (for other profiles besides postgres-redis look at https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md)

# Run the application (for other profiles besides postgres-redis see
# https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md)
./dc-up.sh postgres-redis
# obtain admin credentials. the initializer can take up to 3 minutes to run
# use docker-compose logs -f initializer to track progress

# Obtain admin credentials. The initializer can take up to 3 minutes to run.
# Use docker compose logs -f initializer to track its progress.
docker compose logs initializer | grep "Admin password:"
```

## For Docker Compose V1
You can run Compose V1 by editing the below files to add the hyphen (-) between `docker compose`.

You can run Compose V1 by editing the files below to add the hyphen (-) between `docker compose`.
```sh
dc-build.sh
dc-down.sh
Expand All @@ -71,17 +77,18 @@ You can run Compose V1 by editing the below files to add the hyphen (-) between
docker/setEnv.sh
```


Navigate to <http://localhost:8080>.

Navigate to `http://localhost:8080` to see your new instance!

## Documentation

- [Official Docs](https://documentation.defectdojo.com/) ([latest](https://documentation.defectdojo.com/) | [dev](https://documentation.defectdojo.com/dev))
- [REST APIs](https://documentation.defectdojo.com/integrations/api-v2-docs/)
- [Client APIs and Wrappers](https://documentation.defectdojo.com/integrations/api-v2-docs/#clients--api-wrappers)
- [Authentication Options](readme-docs/AVAILABLE-PLUGINS.md)
- [Parsers](https://documentation.defectdojo.com/integrations/parsers/)
* [Official Docs](https://documentation.defectdojo.com/)
* [Docs for our `dev` branch](https://documentation.defectdojo.com/dev/)
* [REST APIs](https://documentation.defectdojo.com/integrations/api-v2-docs/)
* [Client APIs and Wrappers](https://documentation.defectdojo.com/integrations/api-v2-docs/#clients--api-wrappers)
* Authentication options:
* [OAuth2/SAML2](https://documentation.defectdojo.com/integrations/social-authentication/)
* [LDAP](https://documentation.defectdojo.com/integrations/ldap-authentication/)
* [Supported tools](https://documentation.defectdojo.com/integrations/parsers/)

## Supported Installation Options

Expand All @@ -91,52 +98,67 @@ Navigate to <http://localhost:8080>.

## Community, Getting Involved, and Updates

[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/slack-logo-icon.png" alt="Slack" height="50"/>](https://owasp-slack.herokuapp.com/)
[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/slack-logo-icon.png" alt="Slack" height="50"/>](https://owasp.org/slack/invite)
[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/Linkedin-logo-icon-png.png" alt="LinkedIn" height="50"/>](https://www.linkedin.com/company/defectdojo)
[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/Twitter_Logo.png" alt="Twitter" height="50"/>](https://twitter.com/defectdojo)
[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/YouTube-Emblem.png" alt="Youtube" height="50"/>](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ)

[Join the slack community](https://owasp.org/slack/invite) and discussion! Realtime discussion is done in the OWASP Slack Channel, #defectdojo.
Follow DefectDojo on [Twitter](https://twitter.com/defectdojo), [Linkedin](https://www.linkedin.com/company/defectdojo), and [YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) for project updates!
[Join the OWASP Slack community](https://owasp.org/slack/invite) and participate in the discussion! You can find us in
our channel there, [#defectdojo](https://owasp.slack.com/channels/defectdojo). Follow DefectDojo on
[Twitter](https://twitter.com/defectdojo), [LinkedIn](https://www.linkedin.com/company/defectdojo), and
[YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) for project updates!

## Contributing

:warning: Please note that DefectDojo will soon stop accepting new features to stabilize the API and data model for a
forthcoming v3 release. See the contributing guidelines below for more details. :warning:
:warning: We have instituted a [feature freeze](https://github.com/DefectDojo/django-DefectDojo/discussions/8002) on v2
of DefectDojo as we begin work on v3. Please see our [contributing guidelines](readme-docs/CONTRIBUTING.md) for more
information. Check out our latest update on v3 [here](https://github.com/DefectDojo/django-DefectDojo/discussions/8974).

See our [Contributing guidelines](readme-docs/CONTRIBUTING.md)
## Pro Edition
[Upgrade to DefectDojo Pro](https://www.defectdojo.com/pricing) today to take your DevSecOps to 11. DefectDojo Pro is
designed to meet you wherever you are on your security journey and help you scale, with enhanced dashboards, additional
smart features, tunable deduplication, and support from DevSecOps experts.

## Commercial Support and Training
[Commercial support and training is availaible.](https://www.defectdojo.com/) For information please email info@defectdojo.com.
Alternatively, for information please email info@defectdojo.com

## About Us

DefectDojo is maintained by:
* Greg Anderson ([@devGregA](https://github.com/devgrega) | [linkedin](https://www.linkedin.com/in/g-anderson/))
* Matt Tesauro ([@mtesauro](https://github.com/mtesauro) | [linkedin](https://www.linkedin.com/in/matttesauro/) | [@matt_tesauro](https://twitter.com/matt_tesauro))
* Greg Anderson ([@devGregA](https://github.com/devgrega) | [LinkedIn](https://www.linkedin.com/in/g-anderson/))
* Matt Tesauro ([@mtesauro](https://github.com/mtesauro) | [LinkedIn](https://www.linkedin.com/in/matttesauro/) |
[@matt_tesauro](https://twitter.com/matt_tesauro))

Core Moderators can help you with pull requests or feedback on dev ideas:
* Cody Maffucci ([@Maffooch](https://github.com/maffooch) | [linkedin](https://www.linkedin.com/in/cody-maffucci))
* Cody Maffucci ([@Maffooch](https://github.com/maffooch) | [LinkedIn](https://www.linkedin.com/in/cody-maffucci))

Moderators can help you with pull requests or feedback on dev ideas:
* Damien Carol ([@damnielcarol](https://github.com/damiencarol) | [linkedin](https://www.linkedin.com/in/damien-carol/))
* Damien Carol ([@damiencarol](https://github.com/damiencarol) | [LinkedIn](https://www.linkedin.com/in/damien-carol/))
* Jannik Jürgens ([@alles-klar](https://github.com/alles-klar))
* Dubravko Sever ([@dsever](https://github.com/dsever))

* Charles Neill ([@cneill](https://github.com/cneill) | [@ccneill](https://twitter.com/ccneill))
* Jay Paz ([@jjpaz](https://twitter.com/jjpaz))
* Blake Owens ([@blakeaowens](https://github.com/blakeaowens))

## Hall of Fame
* Valentijn Scholten ([@valentijnscholten](https://github.com/valentijnscholten) | [sponsor](https://github.com/sponsors/valentijnscholten) | [linkedin](https://www.linkedin.com/in/valentijn-scholten/)) - Valentijn served as a core moderator for 3 years. Valentijn’s contributions were numerous and extensive. He overhauled, improved, and optimized many parts of the codebase. He consistently fielded questions, provided feedback on pull requests, and provided a helping hand wherever it was needed.
* Fred Blaise ([@madchap](https://github.com/madchap) | [linkedin](https://www.linkedin.com/in/fredblaise/)) - Fred served as a core moderator during a critical time for DefectDojo. He contributed code, helped the team stay organized, and architected important policies and procedures.
* Charles Neill ([@ccneill](https://twitter.com/ccneill)) – Charles served as a
DefectDojo Maintainer for years and wrote some of Dojo's core functionality.
* Jay Paz ([@jjpaz](https://twitter.com/jjpaz)) – Jay was a DefectDojo
maintainer for years. He performed Dojo's first UI overhaul, optimized code structure/features, and added numerous enhancements.

* Valentijn Scholten ([@valentijnscholten](https://github.com/valentijnscholten) |
[Sponsor](https://github.com/sponsors/valentijnscholten) |
[LinkedIn](https://www.linkedin.com/in/valentijn-scholten/)) - Valentijn served as a core moderator for 3 years.
Valentijn’s contributions were numerous and extensive. He overhauled, improved, and optimized many parts of the
codebase. He consistently fielded questions, provided feedback on pull requests, and provided a helping hand wherever
it was needed.
* Fred Blaise ([@madchap](https://github.com/madchap) | [LinkedIn](https://www.linkedin.com/in/fredblaise/)) - Fred
served as a core moderator during a critical time for DefectDojo. He contributed code, helped the team stay organized,
and architected important policies and procedures.
* Aaron Weaver ([@aaronweaver](https://github.com/aaronweaver) | [LinkedIn](https://www.linkedin.com/in/aweaver/)) -
Aaron has been a long time contributor and user of DefectDojo. He did the second major UI overhaul and his
contributions include automation enhancements, CI/CD engagements, increased metadata at the product level, and many
more.

## Security

Please report Security issues via our [disclosure policy](readme-docs/SECURITY.md).

## License

DefectDojo is licensed under the [BSD-3-Clause License](LICENSE.md)
DefectDojo is licensed under the [BSD 3-Clause License](LICENSE.md)
2 changes: 1 addition & 1 deletion docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ services:
volumes:
- defectdojo_postgres:/var/lib/postgresql/data
rabbitmq:
image: rabbitmq:3.12.8-alpine@sha256:f1a169ec5763caccdd05c35499c1441a7eacf0c8f442618ca15df4c2da96a735
image: rabbitmq:3.12.9-alpine@sha256:801dbe7ad31edd693418cfd6adf5294773b140a76ac43fa27637b702b51b98a5
profiles:
- mysql-rabbitmq
- postgres-rabbitmq
Expand Down
Loading

0 comments on commit 03fc5cc

Please sign in to comment.