Skip to content

Commit

Permalink
syncs with upstream dev (#137)
Browse files Browse the repository at this point in the history
  • Loading branch information
inesmartins-swordhealth authored May 7, 2024
1 parent 2d5f132 commit c0c334c
Show file tree
Hide file tree
Showing 685 changed files with 30,596 additions and 15,651 deletions.
2 changes: 1 addition & 1 deletion components/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "defectdojo",
"version": "2.34.0-dev",
"version": "2.35.0-dev",
"license" : "BSD-3-Clause",
"private": true,
"dependencies": {
Expand Down
19 changes: 12 additions & 7 deletions docs/content/en/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,6 @@ cascade:

![image](images/dashboard.png)

## About DefectDojo

### What is DefectDojo?

DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates. DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management.
Expand All @@ -36,18 +34,25 @@ Product:Engagement model, enables traceability among multiple projects
2. [Usage]({{< ref "/usage" >}}) covers how to use DefectDojo to manage vulnerabilities.
3. We support a large amount of [integrations]({{< ref "/integrations" >}}) to help fit DefectDojo in your DevSecOps program.


### Where to find DefectDojo?

Proprietary editions that include [additional features](https://documentation.defectdojo.com/proprietary_plugins/) and support can be purchased through [defectdojo.com](https://www.defectdojo.com/).

The open-source edition is [available on
GitHub](https://github.com/DefectDojo/django-DefectDojo).

A running example is available on [our demo server](https://demo.defectdojo.org),
using the credentials `admin` / `defectdojo@demo#appsec`. Note: The demo
server is refreshed regularly and provisioned with some sample data.

Follow us on [LinkedIn](https://www.linkedin.com/company/33245534) for updates.
To get in touch with us, please reach out to info@defectdojo.com
### DefectDojo Pro and Enterprise

DefectDojo Inc. hosts a commercial edition of this software, which includes:
- additional features, smart features and UI improvements
- cloud hosting, with regular backups, updates and maintenance
- premium support and implementation guidance

For more information, please visit [defectdojo.com](https://www.defectdojo.com/).

DefectDojo Inc. also maintains an updated Knowledge Base at [https://support.defectdojo.com](https://support.defectdojo.com/en/). The Knowledge Base is written to support DefectDojo's Pro and Enterprise releases, but the tutorials and guides may also be applied to the open-source edition.

Follow DefectDojo Inc. on [LinkedIn](https://www.linkedin.com/company/33245534) for updates.
To get in touch with us, please reach out to info@defectdojo.com
9 changes: 7 additions & 2 deletions docs/content/en/getting_started/upgrading/2.34.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@
title: 'Upgrading to DefectDojo Version 2.34.x'
toc_hide: true
weight: -20240402
description: No special instructions.
description: Breaking Change for AWS_Scout2.
---
There are no special instructions for upgrading to 2.34.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.34.0) for the contents of the release.

**Breaking Change**

- AWS_Scout2 has been removed. This parser was already disactivated by default in releases >= 2.3.1. and has been replaced with ScoutSuite (https://github.com/nccgroup/ScoutSuite) upstream. Please switch to ScoutSuite now if you haven't done it yet.

For all other changes, check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.34.0) for the contents of the release.
7 changes: 7 additions & 0 deletions docs/content/en/getting_started/upgrading/2.35.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
title: 'Upgrading to DefectDojo Version 2.35.x'
toc_hide: true
weight: -20240506
description: No special instructions.
---
There are no special instructions for upgrading to 2.35.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.35.0) for the contents of the release.
17 changes: 0 additions & 17 deletions docs/content/en/integrations/parsers/file/aws_scout2.md

This file was deleted.

8 changes: 8 additions & 0 deletions docs/content/en/integrations/parsers/file/progpilot.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
title: "Progpilot"
toc_hide: true
---
This parser imports the Progpilot SAST JSON output. The scanner can be found [here](https://github.com/designsecurity/progpilot).

### Sample Scan Data
Sample Progpilot Parser scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/progpilot).
10 changes: 5 additions & 5 deletions docs/content/en/integrations/social-authentication.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ leverage Auth0 to authenticate users on DefectDojo.
2. On the new application set the following fields:
- Name: "Defectdojo"
- Allowed Callback URLs:
[https://the_hostname_you_have_dojo_deployed:your_server_port/complete/auth0/](https://the_hostname_you_have_dojo_deployed:your_server_port/complete/auth0/)
**https://the_hostname_you_have_dojo_deployed:your_server_port/complete/auth0/**
3. Copy the following info from the application:
- Domain
- Client ID
Expand Down Expand Up @@ -175,7 +175,7 @@ user, such as 'superuser'.

- <http://localhost:8080/complete/azuread-tenant-oauth2/>
- **OR**
- [https://the_hostname_you_have_dojo_deployed:your_server_port/complete/azuread-tenant-oauth2/](https://the_hostname_you_have_dojo_deployed:your_server_port/complete/azuread-tenant-oauth2/)
- **https://the_hostname_you_have_dojo_deployed:your_server_port/complete/azuread-tenant-oauth2/**

4. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following
information:
Expand Down Expand Up @@ -236,13 +236,13 @@ Follow along below.

- <https://gitlab.com/profile/applications>
- **OR**
- [https://the_hostname_you_have_gitlab_deployed:your_gitlab_port/profile/applications](https://the_hostname_you_have_gitlab_deployed:your_gitlab_port/profile/applications)
- **https://the_hostname_you_have_gitlab_deployed:your_gitlab_port/profile/applications**

2. Choose a name for your application
3. For the Redirect URI, enter the DefectDojo URL with the following
format

- [https://the_hostname_you_have_dojo_deployed:your_server_port/complete/gitlab/](https://the_hostname_you_have_dojo_deployed:your_server_port/complete/gitlab/)
- **https://the_hostname_you_have_dojo_deployed:your_server_port/complete/gitlab/**

4. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following
information:
Expand Down Expand Up @@ -331,7 +331,7 @@ Optionally, you *can* set `DD_SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT` in order t
2. Choose a name for your application
3. For the Redirect URI, enter the DefectDojo URL with the following
format
- [https://the_hostname_you_have_dojo_deployed:your_server_port/complete/github-enterprise/](https://the_hostname_you_have_dojo_deployed:your_server_port/complete/github-enterprise/)
- **https://the_hostname_you_have_dojo_deployed:your_server_port/complete/github-enterprise/**
4. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following
information:
{{< highlight python >}}
Expand Down
4 changes: 2 additions & 2 deletions docs/content/en/integrations/source-code-repositories.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ For Interactive Engagement it needs to be the URL including the branch:
For CI/CD Engagement, where user could set commit hash, branch/tag and code line it should look like examples below:
- for GitHub - like https://github.com/DefectDojo/django-DefectDojo
- for GitLab - like https://gitlab.com/gitlab-org/gitlab
- for public BitBucket - like https://bitbucket.org/some-user/some-project.git (like git clone url)
- for public BitBucket, Gitea and Codeberg - like https://bitbucket.org/some-user/some-project.git (like git clone url)
- for standalone/onpremise BitBucket https://bb.example.com/scm/some-project.git or https://bb.example.com/scm/some-user-name/some-repo.git for user public repo (like git clone url)

If user does not set commit hash or branch/tag in appropriate fields of CI/CD Engagement edit form, the URL should look like in Interactive Engagement edit form.
Expand All @@ -39,7 +39,7 @@ Product SCM type add:

![Product scm type](../../../static/images/product-scm-type_1.png)

Possible SCM types could be 'github', 'gitlab', 'bitbucket', 'bitbucket-standalone' or nothing (for default github).
Possible SCM types could be 'github', 'gitlab', 'bitbucket', 'bitbucket-standalone', 'gitea', 'codeberg' or nothing (for default github).


## Link in Finding
Expand Down
9 changes: 9 additions & 0 deletions docs/content/en/link_knowledge-base.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
title: "Knowledge Base"
manualLink: "https://support.defectdojo.com"
manualLinkTitle: "Open the DefectDojo Knowledge Base"
icon: fas fa-atlas
date: 2021-02-02T20:46:29+01:00
weight: 1
chapter: true
---
2 changes: 1 addition & 1 deletion dojo/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@
# Django starts so that shared_task will use this app.
from .celery import app as celery_app # noqa: F401

__version__ = '2.34.0-dev'
__version__ = '2.35.0-dev'
__url__ = 'https://github.com/DefectDojo/django-DefectDojo'
__docs__ = 'https://documentation.defectdojo.com'
16 changes: 13 additions & 3 deletions dojo/admin.py
Original file line number Diff line number Diff line change
@@ -1,8 +1,18 @@
from auditlog.models import LogEntry
from django.contrib import admin
from polymorphic.admin import PolymorphicParentModelAdmin, PolymorphicChildModelAdmin
from dojo.models import Question, TextQuestion, ChoiceQuestion, Choice, \
Answer, TextAnswer, ChoiceAnswer, Engagement_Survey, Answered_Survey
from polymorphic.admin import PolymorphicChildModelAdmin, PolymorphicParentModelAdmin

from dojo.models import (
Answer,
Answered_Survey,
Choice,
ChoiceAnswer,
ChoiceQuestion,
Engagement_Survey,
Question,
TextAnswer,
TextQuestion,
)

admin.site.unregister(LogEntry)

Expand Down
5 changes: 3 additions & 2 deletions dojo/announcement/signals.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
from dojo.models import Announcement, UserAnnouncement, Dojo_User
from django.conf import settings
from django.db.models.signals import post_save
from django.dispatch import receiver
from django.conf import settings

from dojo.models import Announcement, Dojo_User, UserAnnouncement


@receiver(post_save, sender=Dojo_User)
Expand Down
1 change: 1 addition & 0 deletions dojo/announcement/urls.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
from django.urls import re_path

from dojo.announcement import views

urlpatterns = [
Expand Down
12 changes: 6 additions & 6 deletions dojo/announcement/views.py
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
import logging

from django.shortcuts import render
from django.contrib import messages
from django.http import HttpResponseRedirect
from django.shortcuts import render
from django.urls import reverse
from django.utils.translation import gettext_lazy as _
from django.utils.translation import gettext
from django.http import HttpResponseRedirect
from dojo.utils import add_breadcrumb
from django.utils.translation import gettext_lazy as _

from dojo.forms import AnnouncementCreateForm, AnnouncementRemoveForm
from dojo.models import Announcement, UserAnnouncement
from dojo.authorization.authorization_decorators import (
user_is_configuration_authorized,
)
from dojo.forms import AnnouncementCreateForm, AnnouncementRemoveForm
from dojo.models import Announcement, UserAnnouncement
from dojo.utils import add_breadcrumb

logger = logging.getLogger(__name__)

Expand Down
6 changes: 4 additions & 2 deletions dojo/api_v2/exception_handler.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
from dojo.models import System_Settings
import logging

from django.core.exceptions import ValidationError
from django.db.models.deletion import RestrictedError
from rest_framework.response import Response
Expand All @@ -8,7 +9,8 @@
HTTP_500_INTERNAL_SERVER_ERROR,
)
from rest_framework.views import exception_handler
import logging

from dojo.models import System_Settings

logger = logging.getLogger(__name__)

Expand Down
10 changes: 6 additions & 4 deletions dojo/api_v2/mixins.py
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
from django.db import DEFAULT_DB_ALIAS
import itertools

from django.contrib.admin.utils import NestedObjects
from django.db import DEFAULT_DB_ALIAS
from drf_spectacular.utils import extend_schema
from rest_framework.decorators import action
from rest_framework import status
from rest_framework.authtoken.models import Token
from rest_framework.decorators import action

from dojo.api_v2 import serializers
from dojo.models import Question, Answer
import itertools
from dojo.models import Answer, Question


class DeletePreviewModelMixin:
Expand Down
Loading

0 comments on commit c0c334c

Please sign in to comment.