diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index e0ebabe2ec..2249be6e81 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -17,13 +17,13 @@ jobs: - name: Setup Hugo uses: peaceiris/actions-hugo@v3 with: - hugo-version: '0.81.0' + hugo-version: '0.125.3' extended: true - name: Setup Node uses: actions/setup-node@v4 with: - node-version: '20.x' + node-version: '22.5.1' - name: Cache dependencies uses: actions/cache@v4 @@ -36,26 +36,8 @@ jobs: - uses: actions/checkout@v4 with: persist-credentials: false - submodules: recursive # Fetch the Docsy theme - fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod - ref: 'dev' - - run: cd docs && npm ci && hugo --minify --config config.dev.toml - - run: ls -l ./docs/public/* - - # for dev we move everything into a subfolder, so the master version stays in the root - - run: mkdir /tmp/dev && mv docs/public/* /tmp/dev/ - - - uses: actions/checkout@v4 - with: - persist-credentials: false - submodules: recursive # Fetch the Docsy theme - fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod - ref: 'master' - - - run: cd docs && npm ci && hugo --minify --config config.master.toml - - run: mv /tmp/dev docs/public/ - - run: ls -l ./docs/public/* + - run: cd docs && npm ci && hugo --minify --config /config/production/hugo.toml - name: Deploy uses: peaceiris/actions-gh-pages@v4 diff --git a/.github/workflows/submodule-update.yml b/.github/workflows/submodule-update.yml deleted file mode 100644 index 98e5c5acf6..0000000000 --- a/.github/workflows/submodule-update.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -name: Update DefectDojo Inc. Documentation - -on: - push: - branches: [master, dev] - paths: - - docs/** - workflow_dispatch: - -jobs: - build: - name: Run Documentation Workflow - runs-on: ubuntu-latest - - steps: - - name: Trigger workflow in Documentation Repo - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.DOCUMENTATION_TOKEN }} - script: | - const result = await github.rest.actions.createWorkflowDispatch({ - owner: 'DefectDojo-Inc', - repo: 'Documentation', - workflow_id: 'deploy-gh-pages-branch.yml', - ref: 'master' - }) - console.log(result) diff --git a/.gitignore b/.gitignore index 6eab69fb83..41ae2f42fc 100644 --- a/.gitignore +++ b/.gitignore @@ -135,3 +135,15 @@ helm/defectdojo/charts docs/public docs/node_modules docs/resources +docs/hugo_stats.json +docs/.gitpod.yml +docs/.npmignore +docs/.npmrc +docs/.prettierignore +docs/.prettierrc.yaml +docs/.codesandbox/tasks.json +docs/.devcontainer/devcontainer.json +docs/.devcontainer/Dockerfile +docs/LICENSE +docs/.hugo_build.lock +docs/package-lock.json diff --git a/docs/assets/favicon.png b/docs/assets/favicon.png new file mode 100644 index 0000000000..24e9131499 Binary files /dev/null and b/docs/assets/favicon.png differ diff --git a/docs/assets/images/.gitkeep b/docs/assets/images/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docs/static/images/10Security-logo.png b/docs/assets/images/10Security-logo.png similarity index 100% rename from docs/static/images/10Security-logo.png rename to docs/assets/images/10Security-logo.png diff --git a/docs/static/images/DD-Architecture.drawio b/docs/assets/images/DD-Architecture.drawio similarity index 100% rename from docs/static/images/DD-Architecture.drawio rename to docs/assets/images/DD-Architecture.drawio diff --git a/docs/static/images/DD-Hierarchy.drawio b/docs/assets/images/DD-Hierarchy.drawio similarity index 100% rename from docs/static/images/DD-Hierarchy.drawio rename to docs/assets/images/DD-Hierarchy.drawio diff --git a/docs/static/images/Linkedin-logo-icon-png.png b/docs/assets/images/Linkedin-logo-icon-png.png similarity index 100% rename from docs/static/images/Linkedin-logo-icon-png.png rename to docs/assets/images/Linkedin-logo-icon-png.png diff --git a/docs/static/images/Twitter_Logo.png b/docs/assets/images/Twitter_Logo.png similarity index 100% rename from docs/static/images/Twitter_Logo.png rename to docs/assets/images/Twitter_Logo.png diff --git a/docs/static/images/WHP.png b/docs/assets/images/WHP.png similarity index 100% rename from docs/static/images/WHP.png rename to docs/assets/images/WHP.png diff --git a/docs/static/images/XING_logo.png b/docs/assets/images/XING_logo.png similarity index 100% rename from docs/static/images/XING_logo.png rename to docs/assets/images/XING_logo.png diff --git a/docs/static/images/YouTube-Emblem.png b/docs/assets/images/YouTube-Emblem.png similarity index 100% rename from docs/static/images/YouTube-Emblem.png rename to docs/assets/images/YouTube-Emblem.png diff --git a/docs/static/images/admin-creds.png b/docs/assets/images/admin-creds.png similarity index 100% rename from docs/static/images/admin-creds.png rename to docs/assets/images/admin-creds.png diff --git a/docs/static/images/api_1.png b/docs/assets/images/api_1.png similarity index 100% rename from docs/static/images/api_1.png rename to docs/assets/images/api_1.png diff --git a/docs/static/images/api_2.png b/docs/assets/images/api_2.png similarity index 100% rename from docs/static/images/api_2.png rename to docs/assets/images/api_2.png diff --git a/docs/static/images/api_3.png b/docs/assets/images/api_3.png similarity index 100% rename from docs/static/images/api_3.png rename to docs/assets/images/api_3.png diff --git a/docs/static/images/api_v2_1.png b/docs/assets/images/api_v2_1.png similarity index 100% rename from docs/static/images/api_v2_1.png rename to docs/assets/images/api_v2_1.png diff --git a/docs/static/images/api_v2_2.png b/docs/assets/images/api_v2_2.png similarity index 100% rename from docs/static/images/api_v2_2.png rename to docs/assets/images/api_v2_2.png diff --git a/docs/static/images/api_v2_3.png b/docs/assets/images/api_v2_3.png similarity index 100% rename from docs/static/images/api_v2_3.png rename to docs/assets/images/api_v2_3.png diff --git a/docs/static/images/arrival.png b/docs/assets/images/arrival.png similarity index 100% rename from docs/static/images/arrival.png rename to docs/assets/images/arrival.png diff --git a/docs/static/images/branching_model.png b/docs/assets/images/branching_model.png similarity index 100% rename from docs/static/images/branching_model.png rename to docs/assets/images/branching_model.png diff --git a/docs/static/images/branching_model.puml b/docs/assets/images/branching_model.puml similarity index 100% rename from docs/static/images/branching_model.puml rename to docs/assets/images/branching_model.puml diff --git a/docs/static/images/branching_model_v2.png b/docs/assets/images/branching_model_v2.png similarity index 100% rename from docs/static/images/branching_model_v2.png rename to docs/assets/images/branching_model_v2.png diff --git a/docs/static/images/bug-2x.png b/docs/assets/images/bug-2x.png similarity index 100% rename from docs/static/images/bug-2x.png rename to docs/assets/images/bug-2x.png diff --git a/docs/static/images/burp_plugin_usage.gif b/docs/assets/images/burp_plugin_usage.gif similarity index 100% rename from docs/static/images/burp_plugin_usage.gif rename to docs/assets/images/burp_plugin_usage.gif diff --git a/docs/static/images/cloudbees-logo.png b/docs/assets/images/cloudbees-logo.png similarity index 100% rename from docs/static/images/cloudbees-logo.png rename to docs/assets/images/cloudbees-logo.png diff --git a/docs/static/images/configuration_permissions.png b/docs/assets/images/configuration_permissions.png similarity index 100% rename from docs/static/images/configuration_permissions.png rename to docs/assets/images/configuration_permissions.png diff --git a/docs/static/images/dashboard.png b/docs/assets/images/dashboard.png similarity index 100% rename from docs/static/images/dashboard.png rename to docs/assets/images/dashboard.png diff --git a/docs/static/images/deduplication.png b/docs/assets/images/deduplication.png similarity index 100% rename from docs/static/images/deduplication.png rename to docs/assets/images/deduplication.png diff --git a/docs/static/images/dojo_tshirt_front.png b/docs/assets/images/dojo_tshirt_front.png similarity index 100% rename from docs/static/images/dojo_tshirt_front.png rename to docs/assets/images/dojo_tshirt_front.png diff --git a/docs/static/images/end_1.png b/docs/assets/images/end_1.png similarity index 100% rename from docs/static/images/end_1.png rename to docs/assets/images/end_1.png diff --git a/docs/static/images/end_2.png b/docs/assets/images/end_2.png similarity index 100% rename from docs/static/images/end_2.png rename to docs/assets/images/end_2.png diff --git a/docs/static/images/end_3.png b/docs/assets/images/end_3.png similarity index 100% rename from docs/static/images/end_3.png rename to docs/assets/images/end_3.png diff --git a/docs/static/images/eng_1.png b/docs/assets/images/eng_1.png similarity index 100% rename from docs/static/images/eng_1.png rename to docs/assets/images/eng_1.png diff --git a/docs/static/images/eng_2.png b/docs/assets/images/eng_2.png similarity index 100% rename from docs/static/images/eng_2.png rename to docs/assets/images/eng_2.png diff --git a/docs/static/images/engagement_risk_acceptance.png b/docs/assets/images/engagement_risk_acceptance.png similarity index 100% rename from docs/static/images/engagement_risk_acceptance.png rename to docs/assets/images/engagement_risk_acceptance.png diff --git a/docs/static/images/export_1.png b/docs/assets/images/export_1.png similarity index 100% rename from docs/static/images/export_1.png rename to docs/assets/images/export_1.png diff --git a/docs/static/images/export_2.png b/docs/assets/images/export_2.png similarity index 100% rename from docs/static/images/export_2.png rename to docs/assets/images/export_2.png diff --git a/docs/static/images/favicon.ico b/docs/assets/images/favicon.ico similarity index 100% rename from docs/static/images/favicon.ico rename to docs/assets/images/favicon.ico diff --git a/docs/static/images/file_upload.png b/docs/assets/images/file_upload.png similarity index 100% rename from docs/static/images/file_upload.png rename to docs/assets/images/file_upload.png diff --git a/docs/static/images/find_1.png b/docs/assets/images/find_1.png similarity index 100% rename from docs/static/images/find_1.png rename to docs/assets/images/find_1.png diff --git a/docs/static/images/find_2.png b/docs/assets/images/find_2.png similarity index 100% rename from docs/static/images/find_2.png rename to docs/assets/images/find_2.png diff --git a/docs/static/images/find_3.png b/docs/assets/images/find_3.png similarity index 100% rename from docs/static/images/find_3.png rename to docs/assets/images/find_3.png diff --git a/docs/static/images/find_4.png b/docs/assets/images/find_4.png similarity index 100% rename from docs/static/images/find_4.png rename to docs/assets/images/find_4.png diff --git a/docs/static/images/find_5.png b/docs/assets/images/find_5.png similarity index 100% rename from docs/static/images/find_5.png rename to docs/assets/images/find_5.png diff --git a/docs/static/images/find_6.png b/docs/assets/images/find_6.png similarity index 100% rename from docs/static/images/find_6.png rename to docs/assets/images/find_6.png diff --git a/docs/static/images/finding_accepted.png b/docs/assets/images/finding_accepted.png similarity index 100% rename from docs/static/images/finding_accepted.png rename to docs/assets/images/finding_accepted.png diff --git a/docs/static/images/findings_manage_files.png b/docs/assets/images/findings_manage_files.png similarity index 100% rename from docs/static/images/findings_manage_files.png rename to docs/assets/images/findings_manage_files.png diff --git a/docs/static/images/gc_logo_2018.png b/docs/assets/images/gc_logo_2018.png similarity index 100% rename from docs/static/images/gc_logo_2018.png rename to docs/assets/images/gc_logo_2018.png diff --git a/docs/static/images/getting_started_1.png b/docs/assets/images/getting_started_1.png similarity index 100% rename from docs/static/images/getting_started_1.png rename to docs/assets/images/getting_started_1.png diff --git a/docs/static/images/getting_started_10.png b/docs/assets/images/getting_started_10.png similarity index 100% rename from docs/static/images/getting_started_10.png rename to docs/assets/images/getting_started_10.png diff --git a/docs/static/images/getting_started_11.png b/docs/assets/images/getting_started_11.png similarity index 100% rename from docs/static/images/getting_started_11.png rename to docs/assets/images/getting_started_11.png diff --git a/docs/static/images/getting_started_12.png b/docs/assets/images/getting_started_12.png similarity index 100% rename from docs/static/images/getting_started_12.png rename to docs/assets/images/getting_started_12.png diff --git a/docs/static/images/getting_started_13.png b/docs/assets/images/getting_started_13.png similarity index 100% rename from docs/static/images/getting_started_13.png rename to docs/assets/images/getting_started_13.png diff --git a/docs/static/images/getting_started_14.png b/docs/assets/images/getting_started_14.png similarity index 100% rename from docs/static/images/getting_started_14.png rename to docs/assets/images/getting_started_14.png diff --git a/docs/static/images/getting_started_15.png b/docs/assets/images/getting_started_15.png similarity index 100% rename from docs/static/images/getting_started_15.png rename to docs/assets/images/getting_started_15.png diff --git a/docs/static/images/getting_started_16.png b/docs/assets/images/getting_started_16.png similarity index 100% rename from docs/static/images/getting_started_16.png rename to docs/assets/images/getting_started_16.png diff --git a/docs/static/images/getting_started_17.png b/docs/assets/images/getting_started_17.png similarity index 100% rename from docs/static/images/getting_started_17.png rename to docs/assets/images/getting_started_17.png diff --git a/docs/static/images/getting_started_18.png b/docs/assets/images/getting_started_18.png similarity index 100% rename from docs/static/images/getting_started_18.png rename to docs/assets/images/getting_started_18.png diff --git a/docs/static/images/getting_started_19.png b/docs/assets/images/getting_started_19.png similarity index 100% rename from docs/static/images/getting_started_19.png rename to docs/assets/images/getting_started_19.png diff --git a/docs/static/images/getting_started_2.png b/docs/assets/images/getting_started_2.png similarity index 100% rename from docs/static/images/getting_started_2.png rename to docs/assets/images/getting_started_2.png diff --git a/docs/static/images/getting_started_20.png b/docs/assets/images/getting_started_20.png similarity index 100% rename from docs/static/images/getting_started_20.png rename to docs/assets/images/getting_started_20.png diff --git a/docs/static/images/getting_started_21.png b/docs/assets/images/getting_started_21.png similarity index 100% rename from docs/static/images/getting_started_21.png rename to docs/assets/images/getting_started_21.png diff --git a/docs/static/images/getting_started_22.png b/docs/assets/images/getting_started_22.png similarity index 100% rename from docs/static/images/getting_started_22.png rename to docs/assets/images/getting_started_22.png diff --git a/docs/static/images/getting_started_3.png b/docs/assets/images/getting_started_3.png similarity index 100% rename from docs/static/images/getting_started_3.png rename to docs/assets/images/getting_started_3.png diff --git a/docs/static/images/getting_started_4.png b/docs/assets/images/getting_started_4.png similarity index 100% rename from docs/static/images/getting_started_4.png rename to docs/assets/images/getting_started_4.png diff --git a/docs/static/images/getting_started_5.png b/docs/assets/images/getting_started_5.png similarity index 100% rename from docs/static/images/getting_started_5.png rename to docs/assets/images/getting_started_5.png diff --git a/docs/static/images/getting_started_6.png b/docs/assets/images/getting_started_6.png similarity index 100% rename from docs/static/images/getting_started_6.png rename to docs/assets/images/getting_started_6.png diff --git a/docs/static/images/getting_started_7.png b/docs/assets/images/getting_started_7.png similarity index 100% rename from docs/static/images/getting_started_7.png rename to docs/assets/images/getting_started_7.png diff --git a/docs/static/images/getting_started_8.png b/docs/assets/images/getting_started_8.png similarity index 100% rename from docs/static/images/getting_started_8.png rename to docs/assets/images/getting_started_8.png diff --git a/docs/static/images/getting_started_9.png b/docs/assets/images/getting_started_9.png similarity index 100% rename from docs/static/images/getting_started_9.png rename to docs/assets/images/getting_started_9.png diff --git a/docs/static/images/google_1.png b/docs/assets/images/google_1.png similarity index 100% rename from docs/static/images/google_1.png rename to docs/assets/images/google_1.png diff --git a/docs/static/images/google_2.png b/docs/assets/images/google_2.png similarity index 100% rename from docs/static/images/google_2.png rename to docs/assets/images/google_2.png diff --git a/docs/static/images/google_3.png b/docs/assets/images/google_3.png similarity index 100% rename from docs/static/images/google_3.png rename to docs/assets/images/google_3.png diff --git a/docs/static/images/google_4.png b/docs/assets/images/google_4.png similarity index 100% rename from docs/static/images/google_4.png rename to docs/assets/images/google_4.png diff --git a/docs/static/images/google_5.png b/docs/assets/images/google_5.png similarity index 100% rename from docs/static/images/google_5.png rename to docs/assets/images/google_5.png diff --git a/docs/static/images/google_sheets_sync_1.png b/docs/assets/images/google_sheets_sync_1.png similarity index 100% rename from docs/static/images/google_sheets_sync_1.png rename to docs/assets/images/google_sheets_sync_1.png diff --git a/docs/static/images/google_sheets_sync_2.png b/docs/assets/images/google_sheets_sync_2.png similarity index 100% rename from docs/static/images/google_sheets_sync_2.png rename to docs/assets/images/google_sheets_sync_2.png diff --git a/docs/static/images/google_sheets_sync_3.png b/docs/assets/images/google_sheets_sync_3.png similarity index 100% rename from docs/static/images/google_sheets_sync_3.png rename to docs/assets/images/google_sheets_sync_3.png diff --git a/docs/static/images/google_sheets_sync_4.png b/docs/assets/images/google_sheets_sync_4.png similarity index 100% rename from docs/static/images/google_sheets_sync_4.png rename to docs/assets/images/google_sheets_sync_4.png diff --git a/docs/static/images/graph-2x.png b/docs/assets/images/graph-2x.png similarity index 100% rename from docs/static/images/graph-2x.png rename to docs/assets/images/graph-2x.png diff --git a/docs/static/images/imp_1.png b/docs/assets/images/imp_1.png similarity index 100% rename from docs/static/images/imp_1.png rename to docs/assets/images/imp_1.png diff --git a/docs/static/images/imp_2.png b/docs/assets/images/imp_2.png similarity index 100% rename from docs/static/images/imp_2.png rename to docs/assets/images/imp_2.png diff --git a/docs/static/images/import_history1.png b/docs/assets/images/import_history1.png similarity index 100% rename from docs/static/images/import_history1.png rename to docs/assets/images/import_history1.png diff --git a/docs/static/images/import_history_details1.png b/docs/assets/images/import_history_details1.png similarity index 100% rename from docs/static/images/import_history_details1.png rename to docs/assets/images/import_history_details1.png diff --git a/docs/static/images/isaac.png b/docs/assets/images/isaac.png similarity index 100% rename from docs/static/images/isaac.png rename to docs/assets/images/isaac.png diff --git a/docs/static/images/jira_issue_templates.png b/docs/assets/images/jira_issue_templates.png similarity index 100% rename from docs/static/images/jira_issue_templates.png rename to docs/assets/images/jira_issue_templates.png diff --git a/docs/static/images/key-2x.png b/docs/assets/images/key-2x.png similarity index 100% rename from docs/static/images/key-2x.png rename to docs/assets/images/key-2x.png diff --git a/docs/static/images/languages_api.png b/docs/assets/images/languages_api.png similarity index 100% rename from docs/static/images/languages_api.png rename to docs/assets/images/languages_api.png diff --git a/docs/static/images/languages_ui.png b/docs/assets/images/languages_ui.png similarity index 100% rename from docs/static/images/languages_ui.png rename to docs/assets/images/languages_ui.png diff --git a/docs/static/images/logo.png b/docs/assets/images/logo.png similarity index 100% rename from docs/static/images/logo.png rename to docs/assets/images/logo.png diff --git a/docs/static/images/maibornwolff-logo.png b/docs/assets/images/maibornwolff-logo.png similarity index 100% rename from docs/static/images/maibornwolff-logo.png rename to docs/assets/images/maibornwolff-logo.png diff --git a/docs/static/images/met_1.png b/docs/assets/images/met_1.png similarity index 100% rename from docs/static/images/met_1.png rename to docs/assets/images/met_1.png diff --git a/docs/static/images/met_2.png b/docs/assets/images/met_2.png similarity index 100% rename from docs/static/images/met_2.png rename to docs/assets/images/met_2.png diff --git a/docs/static/images/met_3.png b/docs/assets/images/met_3.png similarity index 100% rename from docs/static/images/met_3.png rename to docs/assets/images/met_3.png diff --git a/docs/static/images/met_4.png b/docs/assets/images/met_4.png similarity index 100% rename from docs/static/images/met_4.png rename to docs/assets/images/met_4.png diff --git a/docs/static/images/met_5.png b/docs/assets/images/met_5.png similarity index 100% rename from docs/static/images/met_5.png rename to docs/assets/images/met_5.png diff --git a/docs/static/images/notifications_1.png b/docs/assets/images/notifications_1.png similarity index 100% rename from docs/static/images/notifications_1.png rename to docs/assets/images/notifications_1.png diff --git a/docs/static/images/okta_1.png b/docs/assets/images/okta_1.png similarity index 100% rename from docs/static/images/okta_1.png rename to docs/assets/images/okta_1.png diff --git a/docs/static/images/okta_2.png b/docs/assets/images/okta_2.png similarity index 100% rename from docs/static/images/okta_2.png rename to docs/assets/images/okta_2.png diff --git a/docs/static/images/okta_3.png b/docs/assets/images/okta_3.png similarity index 100% rename from docs/static/images/okta_3.png rename to docs/assets/images/okta_3.png diff --git a/docs/static/images/okta_4.png b/docs/assets/images/okta_4.png similarity index 100% rename from docs/static/images/okta_4.png rename to docs/assets/images/okta_4.png diff --git a/docs/static/images/okta_5.png b/docs/assets/images/okta_5.png similarity index 100% rename from docs/static/images/okta_5.png rename to docs/assets/images/okta_5.png diff --git a/docs/static/images/okta_6.png b/docs/assets/images/okta_6.png similarity index 100% rename from docs/static/images/okta_6.png rename to docs/assets/images/okta_6.png diff --git a/docs/static/images/okta_7.png b/docs/assets/images/okta_7.png similarity index 100% rename from docs/static/images/okta_7.png rename to docs/assets/images/okta_7.png diff --git a/docs/static/images/owasp_asvs.png b/docs/assets/images/owasp_asvs.png similarity index 100% rename from docs/static/images/owasp_asvs.png rename to docs/assets/images/owasp_asvs.png diff --git a/docs/static/images/owasp_asvs_level.png b/docs/assets/images/owasp_asvs_level.png similarity index 100% rename from docs/static/images/owasp_asvs_level.png rename to docs/assets/images/owasp_asvs_level.png diff --git a/docs/static/images/owasp_asvs_menu.png b/docs/assets/images/owasp_asvs_menu.png similarity index 100% rename from docs/static/images/owasp_asvs_menu.png rename to docs/assets/images/owasp_asvs_menu.png diff --git a/docs/static/images/owasp_asvs_score.png b/docs/assets/images/owasp_asvs_score.png similarity index 100% rename from docs/static/images/owasp_asvs_score.png rename to docs/assets/images/owasp_asvs_score.png diff --git a/docs/static/images/prod-owner-creds.png b/docs/assets/images/prod-owner-creds.png similarity index 100% rename from docs/static/images/prod-owner-creds.png rename to docs/assets/images/prod-owner-creds.png diff --git a/docs/static/images/product-custom-fields_1.png b/docs/assets/images/product-custom-fields_1.png similarity index 100% rename from docs/static/images/product-custom-fields_1.png rename to docs/assets/images/product-custom-fields_1.png diff --git a/docs/static/images/product-scm-type_1.png b/docs/assets/images/product-scm-type_1.png similarity index 100% rename from docs/static/images/product-scm-type_1.png rename to docs/assets/images/product-scm-type_1.png diff --git a/docs/static/images/product_1.png b/docs/assets/images/product_1.png similarity index 100% rename from docs/static/images/product_1.png rename to docs/assets/images/product_1.png diff --git a/docs/static/images/product_2.png b/docs/assets/images/product_2.png similarity index 100% rename from docs/static/images/product_2.png rename to docs/assets/images/product_2.png diff --git a/docs/static/images/product_3.png b/docs/assets/images/product_3.png similarity index 100% rename from docs/static/images/product_3.png rename to docs/assets/images/product_3.png diff --git a/docs/static/images/questionnaires-add-from-engagement.png b/docs/assets/images/questionnaires-add-from-engagement.png similarity index 100% rename from docs/static/images/questionnaires-add-from-engagement.png rename to docs/assets/images/questionnaires-add-from-engagement.png diff --git a/docs/static/images/questionnaires-added.png b/docs/assets/images/questionnaires-added.png similarity index 100% rename from docs/static/images/questionnaires-added.png rename to docs/assets/images/questionnaires-added.png diff --git a/docs/static/images/questionnaires-assign-user.png b/docs/assets/images/questionnaires-assign-user.png similarity index 100% rename from docs/static/images/questionnaires-assign-user.png rename to docs/assets/images/questionnaires-assign-user.png diff --git a/docs/static/images/questionnaires-create-engagement.png b/docs/assets/images/questionnaires-create-engagement.png similarity index 100% rename from docs/static/images/questionnaires-create-engagement.png rename to docs/assets/images/questionnaires-create-engagement.png diff --git a/docs/static/images/questionnaires-create-new.png b/docs/assets/images/questionnaires-create-new.png similarity index 100% rename from docs/static/images/questionnaires-create-new.png rename to docs/assets/images/questionnaires-create-new.png diff --git a/docs/static/images/questionnaires-main-view.png b/docs/assets/images/questionnaires-main-view.png similarity index 100% rename from docs/static/images/questionnaires-main-view.png rename to docs/assets/images/questionnaires-main-view.png diff --git a/docs/static/images/questionnaires-multiple-choice.png b/docs/assets/images/questionnaires-multiple-choice.png similarity index 100% rename from docs/static/images/questionnaires-multiple-choice.png rename to docs/assets/images/questionnaires-multiple-choice.png diff --git a/docs/static/images/questionnaires-new-engagement.png b/docs/assets/images/questionnaires-new-engagement.png similarity index 100% rename from docs/static/images/questionnaires-new-engagement.png rename to docs/assets/images/questionnaires-new-engagement.png diff --git a/docs/static/images/questionnaires-open-ended.png b/docs/assets/images/questionnaires-open-ended.png similarity index 100% rename from docs/static/images/questionnaires-open-ended.png rename to docs/assets/images/questionnaires-open-ended.png diff --git a/docs/static/images/questionnaires-publicize.png b/docs/assets/images/questionnaires-publicize.png similarity index 100% rename from docs/static/images/questionnaires-publicize.png rename to docs/assets/images/questionnaires-publicize.png diff --git a/docs/static/images/questionnaires-question-search.png b/docs/assets/images/questionnaires-question-search.png similarity index 100% rename from docs/static/images/questionnaires-question-search.png rename to docs/assets/images/questionnaires-question-search.png diff --git a/docs/static/images/questionnaires-questions.png b/docs/assets/images/questionnaires-questions.png similarity index 100% rename from docs/static/images/questionnaires-questions.png rename to docs/assets/images/questionnaires-questions.png diff --git a/docs/static/images/questionnaires-respond.png b/docs/assets/images/questionnaires-respond.png similarity index 100% rename from docs/static/images/questionnaires-respond.png rename to docs/assets/images/questionnaires-respond.png diff --git a/docs/static/images/questionnaires-search.png b/docs/assets/images/questionnaires-search.png similarity index 100% rename from docs/static/images/questionnaires-search.png rename to docs/assets/images/questionnaires-search.png diff --git a/docs/static/images/questionnaires-select-questions.png b/docs/assets/images/questionnaires-select-questions.png similarity index 100% rename from docs/static/images/questionnaires-select-questions.png rename to docs/assets/images/questionnaires-select-questions.png diff --git a/docs/static/images/questionnaires-select-survey.png b/docs/assets/images/questionnaires-select-survey.png similarity index 100% rename from docs/static/images/questionnaires-select-survey.png rename to docs/assets/images/questionnaires-select-survey.png diff --git a/docs/static/images/questionnaires-share.png b/docs/assets/images/questionnaires-share.png similarity index 100% rename from docs/static/images/questionnaires-share.png rename to docs/assets/images/questionnaires-share.png diff --git a/docs/static/images/questionnaires-sidebar.png b/docs/assets/images/questionnaires-sidebar.png similarity index 100% rename from docs/static/images/questionnaires-sidebar.png rename to docs/assets/images/questionnaires-sidebar.png diff --git a/docs/static/images/questionnaires-system-settings.png b/docs/assets/images/questionnaires-system-settings.png similarity index 100% rename from docs/static/images/questionnaires-system-settings.png rename to docs/assets/images/questionnaires-system-settings.png diff --git a/docs/static/images/questionnaires-unassigned.png b/docs/assets/images/questionnaires-unassigned.png similarity index 100% rename from docs/static/images/questionnaires-unassigned.png rename to docs/assets/images/questionnaires-unassigned.png diff --git a/docs/static/images/questionnaires-view-questionnaire.png b/docs/assets/images/questionnaires-view-questionnaire.png similarity index 100% rename from docs/static/images/questionnaires-view-questionnaire.png rename to docs/assets/images/questionnaires-view-questionnaire.png diff --git a/docs/static/images/questionnaires-view-responses.png b/docs/assets/images/questionnaires-view-responses.png similarity index 100% rename from docs/static/images/questionnaires-view-responses.png rename to docs/assets/images/questionnaires-view-responses.png diff --git a/docs/static/images/report_1.png b/docs/assets/images/report_1.png similarity index 100% rename from docs/static/images/report_1.png rename to docs/assets/images/report_1.png diff --git a/docs/static/images/report_2.png b/docs/assets/images/report_2.png similarity index 100% rename from docs/static/images/report_2.png rename to docs/assets/images/report_2.png diff --git a/docs/static/images/reupload_menu1.png b/docs/assets/images/reupload_menu1.png similarity index 100% rename from docs/static/images/reupload_menu1.png rename to docs/assets/images/reupload_menu1.png diff --git a/docs/static/images/risk_exception.png b/docs/assets/images/risk_exception.png similarity index 100% rename from docs/static/images/risk_exception.png rename to docs/assets/images/risk_exception.png diff --git a/docs/static/images/screenshot1.png b/docs/assets/images/screenshot1.png similarity index 100% rename from docs/static/images/screenshot1.png rename to docs/assets/images/screenshot1.png diff --git a/docs/static/images/sda-se-logo.png b/docs/assets/images/sda-se-logo.png similarity index 100% rename from docs/static/images/sda-se-logo.png rename to docs/assets/images/sda-se-logo.png diff --git a/docs/static/images/select_engagement.png b/docs/assets/images/select_engagement.png similarity index 100% rename from docs/static/images/select_engagement.png rename to docs/assets/images/select_engagement.png diff --git a/docs/static/images/signal-iduna.png b/docs/assets/images/signal-iduna.png similarity index 100% rename from docs/static/images/signal-iduna.png rename to docs/assets/images/signal-iduna.png diff --git a/docs/static/images/similar_finding_1.png b/docs/assets/images/similar_finding_1.png similarity index 100% rename from docs/static/images/similar_finding_1.png rename to docs/assets/images/similar_finding_1.png diff --git a/docs/static/images/similar_finding_2.png b/docs/assets/images/similar_finding_2.png similarity index 100% rename from docs/static/images/similar_finding_2.png rename to docs/assets/images/similar_finding_2.png diff --git a/docs/static/images/sla_notification_product_checkboxes.png b/docs/assets/images/sla_notification_product_checkboxes.png similarity index 100% rename from docs/static/images/sla_notification_product_checkboxes.png rename to docs/assets/images/sla_notification_product_checkboxes.png diff --git a/docs/static/images/sla_settings.png b/docs/assets/images/sla_settings.png similarity index 100% rename from docs/static/images/sla_settings.png rename to docs/assets/images/sla_settings.png diff --git a/docs/static/images/slack-logo-icon.png b/docs/assets/images/slack-logo-icon.png similarity index 100% rename from docs/static/images/slack-logo-icon.png rename to docs/assets/images/slack-logo-icon.png diff --git a/docs/static/images/slack_add_product.png b/docs/assets/images/slack_add_product.png similarity index 100% rename from docs/static/images/slack_add_product.png rename to docs/assets/images/slack_add_product.png diff --git a/docs/static/images/slack_import_scan.png b/docs/assets/images/slack_import_scan.png similarity index 100% rename from docs/static/images/slack_import_scan.png rename to docs/assets/images/slack_import_scan.png diff --git a/docs/static/images/slack_rgb.png b/docs/assets/images/slack_rgb.png similarity index 100% rename from docs/static/images/slack_rgb.png rename to docs/assets/images/slack_rgb.png diff --git a/docs/static/images/slack_scopes.png b/docs/assets/images/slack_scopes.png similarity index 100% rename from docs/static/images/slack_scopes.png rename to docs/assets/images/slack_scopes.png diff --git a/docs/static/images/slack_tokens.png b/docs/assets/images/slack_tokens.png similarity index 100% rename from docs/static/images/slack_tokens.png rename to docs/assets/images/slack_tokens.png diff --git a/docs/static/images/source-code-repositories-bitbucket-onpremise_1.png b/docs/assets/images/source-code-repositories-bitbucket-onpremise_1.png similarity index 100% rename from docs/static/images/source-code-repositories-bitbucket-onpremise_1.png rename to docs/assets/images/source-code-repositories-bitbucket-onpremise_1.png diff --git a/docs/static/images/source-code-repositories-bitbucket_1.png b/docs/assets/images/source-code-repositories-bitbucket_1.png similarity index 100% rename from docs/static/images/source-code-repositories-bitbucket_1.png rename to docs/assets/images/source-code-repositories-bitbucket_1.png diff --git a/docs/static/images/source-code-repositories-gitlab_1.png b/docs/assets/images/source-code-repositories-gitlab_1.png similarity index 100% rename from docs/static/images/source-code-repositories-gitlab_1.png rename to docs/assets/images/source-code-repositories-gitlab_1.png diff --git a/docs/static/images/source-code-repositories_1.png b/docs/assets/images/source-code-repositories_1.png similarity index 100% rename from docs/static/images/source-code-repositories_1.png rename to docs/assets/images/source-code-repositories_1.png diff --git a/docs/static/images/source-code-repositories_2.png b/docs/assets/images/source-code-repositories_2.png similarity index 100% rename from docs/static/images/source-code-repositories_2.png rename to docs/assets/images/source-code-repositories_2.png diff --git a/docs/static/images/source-code-repositories_3.png b/docs/assets/images/source-code-repositories_3.png similarity index 100% rename from docs/static/images/source-code-repositories_3.png rename to docs/assets/images/source-code-repositories_3.png diff --git a/docs/static/images/tags-bulk-edit-complete.png b/docs/assets/images/tags-bulk-edit-complete.png similarity index 100% rename from docs/static/images/tags-bulk-edit-complete.png rename to docs/assets/images/tags-bulk-edit-complete.png diff --git a/docs/static/images/tags-bulk-edit-submit.png b/docs/assets/images/tags-bulk-edit-submit.png similarity index 100% rename from docs/static/images/tags-bulk-edit-submit.png rename to docs/assets/images/tags-bulk-edit-submit.png diff --git a/docs/static/images/tags-finding-filter-snippet.png b/docs/assets/images/tags-finding-filter-snippet.png similarity index 100% rename from docs/static/images/tags-finding-filter-snippet.png rename to docs/assets/images/tags-finding-filter-snippet.png diff --git a/docs/static/images/tags-high-level-example.png b/docs/assets/images/tags-high-level-example.png similarity index 100% rename from docs/static/images/tags-high-level-example.png rename to docs/assets/images/tags-high-level-example.png diff --git a/docs/static/images/tags-inherit-exmaple.png b/docs/assets/images/tags-inherit-exmaple.png similarity index 100% rename from docs/static/images/tags-inherit-exmaple.png rename to docs/assets/images/tags-inherit-exmaple.png diff --git a/docs/static/images/tags-management-on-object.png b/docs/assets/images/tags-management-on-object.png similarity index 100% rename from docs/static/images/tags-management-on-object.png rename to docs/assets/images/tags-management-on-object.png diff --git a/docs/static/images/tags-select-findings-for-bulk-edit.png b/docs/assets/images/tags-select-findings-for-bulk-edit.png similarity index 100% rename from docs/static/images/tags-select-findings-for-bulk-edit.png rename to docs/assets/images/tags-select-findings-for-bulk-edit.png diff --git a/docs/static/images/timo-pagel-logo.png b/docs/assets/images/timo-pagel-logo.png similarity index 100% rename from docs/static/images/timo-pagel-logo.png rename to docs/assets/images/timo-pagel-logo.png diff --git a/docs/static/images/uploaded_png_to_finding.png b/docs/assets/images/uploaded_png_to_finding.png similarity index 100% rename from docs/static/images/uploaded_png_to_finding.png rename to docs/assets/images/uploaded_png_to_finding.png diff --git a/docs/static/images/wso2-logo-for-screen.png b/docs/assets/images/wso2-logo-for-screen.png similarity index 100% rename from docs/static/images/wso2-logo-for-screen.png rename to docs/assets/images/wso2-logo-for-screen.png diff --git a/docs/assets/js/custom.js b/docs/assets/js/custom.js new file mode 100644 index 0000000000..c5525d04e5 --- /dev/null +++ b/docs/assets/js/custom.js @@ -0,0 +1 @@ +// Put your custom JS code here diff --git a/docs/assets/jsconfig.json b/docs/assets/jsconfig.json new file mode 100644 index 0000000000..7a19b71458 --- /dev/null +++ b/docs/assets/jsconfig.json @@ -0,0 +1,8 @@ +{ + "compilerOptions": { + "baseUrl": ".", + "paths": { + "*": ["*", "..\\node_modules\\@thulite\\doks-core\\assets\\*"] + } + } +} diff --git a/docs/assets/scss/_variables_project.scss b/docs/assets/scss/_variables_project.scss deleted file mode 100644 index 774f63c80a..0000000000 --- a/docs/assets/scss/_variables_project.scss +++ /dev/null @@ -1,19 +0,0 @@ -/* - -Add styles or override variables from the theme here. - -*/ - -$primary: #e7e7e7; -$secondary: #f8f8f8; - -$navbar-dark-color: #333 !default; -$navbar-dark-hover-color: #666 !default; - -.navbar-brand { - color: #333 !important -} - -.td-sidebar-link.tree-root { - color: #333 !important -} diff --git a/docs/assets/scss/common/_custom.scss b/docs/assets/scss/common/_custom.scss new file mode 100644 index 0000000000..95ecfab1c4 --- /dev/null +++ b/docs/assets/scss/common/_custom.scss @@ -0,0 +1,17 @@ +/* work-sans-regular - latin */ +@font-face { + font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */ + font-family: 'Worksans'; + font-style: normal; + font-weight: 400; + src: url('/fonts/workssans/work-sans-v19-latin-regular.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */ + } + /* work-sans-500 - latin */ + @font-face { + font-display: swap; /* Check https://developer.mozilla.org/en-US/docs/Web/CSS/@font-face/font-display for other options. */ + font-family: 'Worksans'; + font-style: normal; + font-weight: 500; + src: url('/fonts/worksans/work-sans-v19-latin-500.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */ + } + \ No newline at end of file diff --git a/docs/assets/scss/common/_variables-custom.scss b/docs/assets/scss/common/_variables-custom.scss new file mode 100644 index 0000000000..fc237cf0cc --- /dev/null +++ b/docs/assets/scss/common/_variables-custom.scss @@ -0,0 +1,15 @@ +$font-family-sans-serif: + "Worksans", + system-ui, + -apple-system, + "Segoe UI", + Roboto, + "Helvetica Neue", + "Noto Sans", + "Liberation Sans", + Arial, + sans-serif, + "Apple Color Emoji", + "Segoe UI Emoji", + "Segoe UI Symbol", + "Noto Color Emoji"; \ No newline at end of file diff --git a/docs/assets/svgs/.gitkeep b/docs/assets/svgs/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docs/static/images/DD-Architecture.svg b/docs/assets/svgs/DD-Architecture.svg similarity index 100% rename from docs/static/images/DD-Architecture.svg rename to docs/assets/svgs/DD-Architecture.svg diff --git a/docs/static/images/DD-Hierarchy.svg b/docs/assets/svgs/DD-Hierarchy.svg similarity index 100% rename from docs/static/images/DD-Hierarchy.svg rename to docs/assets/svgs/DD-Hierarchy.svg diff --git a/docs/config/_default/hugo.toml b/docs/config/_default/hugo.toml new file mode 100644 index 0000000000..83cfbe1a89 --- /dev/null +++ b/docs/config/_default/hugo.toml @@ -0,0 +1,86 @@ +title = "DefectDojo Documentation" +baseurl = "http://localhost/" +canonifyURLs = false +disableAliases = true +disableHugoGeneratorInject = true +# disableKinds = ["taxonomy", "term"] +enableEmoji = true +enableGitInfo = false +enableRobotsTXT = true +languageCode = "en-US" +pagerSize = 10 +rssLimit = 10 +summarylength = 20 # 70 (default) + +# Multilingual +defaultContentLanguage = "en" +disableLanguages = ["de", "nl"] +defaultContentLanguageInSubdir = false + +copyRight = "Copyright (c) 2020-2024 Thulite" + +[build.buildStats] + enable = true + +[outputs] + home = ["HTML", "RSS", "searchIndex"] + section = ["HTML", "RSS", "SITEMAP"] + +[outputFormats.searchIndex] + mediaType = "application/json" + baseName = "search-index" + isPlainText = true + notAlternative = true + +# Add output format for section sitemap.xml +[outputFormats.SITEMAP] + mediaType = "application/xml" + baseName = "sitemap" + isHTML = false + isPlainText = true + noUgly = true + rel = "sitemap" + +[sitemap] + changefreq = "monthly" + filename = "sitemap.xml" + priority = 0.5 + +[caches] + [caches.getjson] + dir = ":cacheDir/:project" + maxAge = -1 # "30m" + +[taxonomies] + contributor = "contributors" + category = "categories" + tag = "tags" + +[permalinks] + blog = "/blog/:slug/" + docs = "/en/:sections[1:]/:slug/" +# docs = "/docs/1.0/:sections[1:]/:slug/" + +[minify.tdewolff.html] + keepWhitespace = false + +[related] + threshold = 80 + includeNewer = true + toLower = false + [[related.indices]] + name = "categories" + weight = 100 + [[related.indices]] + name = "tags" + weight = 80 + [[related.indices]] + name = "date" + weight = 10 + +[imaging] + anchor = "Center" + bgColor = "#ffffff" + hint = "photo" + quality = 85 + resampleFilter = "Lanczos" diff --git a/docs/config/_default/languages.toml b/docs/config/_default/languages.toml new file mode 100644 index 0000000000..1367f2cb2a --- /dev/null +++ b/docs/config/_default/languages.toml @@ -0,0 +1,7 @@ +[en] + languageName = "English" + contentDir = "content/en" + weight = 10 + [en.params] + languageISO = "EN" + languageTag = "en-US" \ No newline at end of file diff --git a/docs/config/_default/markup.toml b/docs/config/_default/markup.toml new file mode 100644 index 0000000000..23e8d429eb --- /dev/null +++ b/docs/config/_default/markup.toml @@ -0,0 +1,33 @@ +defaultMarkdownHandler = "goldmark" + +[goldmark] + [goldmark.extensions] + linkify = false + [goldmark.parser] + autoHeadingID = true + autoHeadingIDType = "github" + [goldmark.parser.attribute] + block = true + title = true + [goldmark.renderer] + unsafe = true + +[highlight] + anchorLineNos = false + codeFences = true + guessSyntax = false + hl_Lines = '' + hl_inline = false + lineAnchors = '' + lineNoStart = 1 + lineNos = false + lineNumbersInTable = false + noClasses = false + noHl = false + style = 'monokai' + tabWidth = 2 + +[tableOfContents] + endLevel = 3 + ordered = false + startLevel = 2 diff --git a/docs/config/_default/menus/menus.en.toml b/docs/config/_default/menus/menus.en.toml new file mode 100644 index 0000000000..7513565b2f --- /dev/null +++ b/docs/config/_default/menus/menus.en.toml @@ -0,0 +1,25 @@ +[[main]] + name = "Docs" + url = "/en/about_defectdojo/about_docs/" + weight = 10 + +[[social]] + name = "X" + pre = '' + url = "https://twitter.com/defectdojo" + weight = 10 + +[[social]] + name = 'Linkedin' + pre = '' + url = "https://www.linkedin.com/company/defectdojo/" + weight = 10 + +[[social]] + name = "GitHub" + pre = '' + url = "https://github.com/django-defectdojo" + post = "v0.1.0" + weight = 30 + +[[footer]] diff --git a/docs/config/_default/module.toml b/docs/config/_default/module.toml new file mode 100644 index 0000000000..d82136fd06 --- /dev/null +++ b/docs/config/_default/module.toml @@ -0,0 +1,87 @@ +# mounts +## archetypes +[[mounts]] + source = "node_modules/@thulite/doks-core/archetypes" + target = "archetypes" + +[[mounts]] + source = "archetypes" + target = "archetypes" + +## assets +[[mounts]] + source = "node_modules/@thulite/core/assets" + target = "assets" + +[[mounts]] + source = "node_modules/@thulite/images/assets" + target = "assets" + +[[mounts]] + source = "node_modules/@thulite/doks-core/assets" + target = "assets" + +[[mounts]] + source = "node_modules/@tabler/icons/icons" + target = "assets/svgs/tabler-icons" + +[[mounts]] + source = "assets" + target = "assets" + +## content +[[mounts]] + source = "content" + target = "content" + +## data +[[mounts]] + source = "node_modules/@thulite/doks-core/data" + target = "data" + +[[mounts]] + source = "data" + target = "data" + +## i18n +[[mounts]] + source = "node_modules/@thulite/doks-core/i18n" + target = "i18n" + +[[mounts]] + source = "i18n" + target = "i18n" + +## layouts +[[mounts]] + source = "node_modules/@thulite/core/layouts" + target = "layouts" + +[[mounts]] + source = "node_modules/@thulite/seo/layouts" + target = "layouts" + +[[mounts]] + source = "node_modules/@thulite/images/layouts" + target = "layouts" + +[[mounts]] + source = "node_modules/@thulite/doks-core/layouts" + target = "layouts" + +[[mounts]] + source = "node_modules/@thulite/inline-svg/layouts" + target = "layouts" + +[[mounts]] + source = "layouts" + target = "layouts" + +## static +[[mounts]] + source = "node_modules/@thulite/doks-core/static" + target = "static" + +[[mounts]] + source = "static" + target = "static" diff --git a/docs/config/_default/params.toml b/docs/config/_default/params.toml new file mode 100644 index 0000000000..4812f2378b --- /dev/null +++ b/docs/config/_default/params.toml @@ -0,0 +1,138 @@ +# Hugo +title = "My Docs" +description = "Congrats on setting up a new Doks project!" +images = ["cover.png"] + +# mainSections +mainSections = ["docs"] + +[social] + twitter = "getdoks" + +# Doks (@thulite/doks-core) +[doks] + # Color mode + colorMode = "auto" # auto (default), light or dark + colorModeToggler = true # true (default) or false (this setting is only relevant when colorMode = auto) + + # Navbar + navbarSticky = true # true (default) or false + containerBreakpoint = "lg" # "", "sm", "md", "lg" (default), "xl", "xxl", or "fluid" + + ## Button + navBarButton = false # false (default) or true + navBarButtonUrl = "/docs/prologue/introduction/" + navBarButtonText = "Get started" + + # FlexSearch + flexSearch = true # true (default) or false + searchExclKinds = [] # list of page kinds to exclude from search indexing (e.g. ["home", "taxonomy", "term"] ) + searchExclTypes = [] # list of content types to exclude from search indexing (e.g. ["blog", "docs", "legal", "contributors", "categories"]) + showSearch = [] # [] (all pages, default) or homepage (optionally) and list of sections (e.g. ["homepage", "blog", "guides"]) + indexSummary = false # true or false (default); whether to index only the `.Summary` instead of the full `.Content`; limits the respective JSON field size and thus increases loading time + + ## Search results + showDate = false # false (default) or true + showSummary = true # true (default) or false + searchLimit = 99 # 0 (no limit, default) or natural number + + # Global alert + alert = false # false (default) or true + alertDismissable = true # true (default) or false + + # Bootstrap + bootstrapJavascript = false # false (default) or true + + # Nav + sectionNav = ["docs", "en"] # ["docs"] (default) or list of sections (e.g. ["docs", "guides"]) + toTopButton = false # false (default) or true + breadcrumbTrail = true # false (default) or true + headlineHash = true # true (default) or false + scrollSpy = true # true (default) or false + + # Multilingual + multilingualMode = false # false (default) or true + showMissingLanguages = true # whether or not to show untranslated languages in the language menu; true (default) or false + + # Versioning + docsVersioning = false # false (default) or true + docsVersion = "1.0" + + # UX + headerBar = false # true (default) or false + backgroundDots = true # true (default) or false + + # Homepage + sectionFooter = false # false (default) or true + + # Blog + relatedPosts = false # false (default) or true + imageList = true # true (default) or false + imageSingle = true # true (default) or false + + # Repository + editPage = false # false (default) or true + lastMod = false # false (default) or true + repoHost = "GitHub" # GitHub (default), Gitea, GitLab, Bitbucket, or BitbucketServer + docsRepo = "https://github.com/h-enk/doks" + docsRepoBranch = "main" # main (default), master, or + docsRepoSubPath = "" # "" (none, default) or + + # SCSS colors + # backGround = "yellowgreen" + ## Dark theme + # textDark = "#dee2e6" # "#dee2e6" (default), "#dee2e6" (orignal), or custom color + # accentDark = "#5d2f86" # "#5d2f86" (default), "#5d2f86" (original), or custom color + ## Light theme + # textLight = "#1d2d35" # "#1d2d35" (default), "#1d2d35" (orignal), or custom color + # accentLight = "#8ed6fb" # "#8ed6fb" (default), "#8ed6fb" (orignal), or custom color + + # [doks.menu] + # [doks.menu.section] + # auto = true # true (default) or false + # collapsibleSidebar = true # true (default) or false + +# Debug +[render_hooks.image] + errorLevel = 'ignore' # ignore (default), warning, or error (fails the build) + +[render_hooks.link] + errorLevel = 'ignore' # ignore (default), warning, or error (fails the build) + highlightBroken = false # true or false (default) + +# Images (@thulite/images) +[thulite_images] + [thulite_images.defaults] + decoding = "async" # sync, async, or auto (default) + fetchpriority = "auto" # high, low, or auto (default) + loading = "lazy" # eager or lazy (default) + widths = [480, 576, 768, 1025, 1200, 1440] # [640, 768, 1024, 1366, 1600, 1920] for example + sizes = "auto" # 100vw (default), 75vw, or auto for example + process = "" # "fill 1600x900" or "fill 2100x900" for example + lqip = "16x webp q20" # "16x webp q20" or "21x webp q20" for example + +# Inline SVG (@thulite/inline-svg) +[inline_svg] + iconSetDir = "tabler-icons" # "tabler-icons" (default) + +# SEO (@thulite/seo) +[seo] + [seo.title] + separator = " | " + suffix = "" + [seo.favicons] + sizes = [] + icon = "favicon.png" # favicon.png (default) + svgIcon = "favicon.svg" # favicon.svg (default) + maskIcon = "mask-icon.svg" # mask-icon.svg (default) + maskIconColor = "white" # white (default) + [seo.schemas] + type = "Organization" # Organization (default) or Person + logo = "favicon-512x512.png" # Logo of Organization — favicon-512x512.png (default) + name = "Thulite" # Name of Organization or Person + sameAs = [] # E.g. ["https://github.com/thuliteio/thulite", "https://fosstodon.org/@thulite"] + images = ["cover.png"] # ["cover.png"] (default) + article = [] # Article sections + newsArticle = [] # NewsArticle sections + blogPosting = ["blog"] # BlogPosting sections + product = [] # Product sections diff --git a/docs/config/babel.config.js b/docs/config/babel.config.js new file mode 100644 index 0000000000..9a65c09a6e --- /dev/null +++ b/docs/config/babel.config.js @@ -0,0 +1,17 @@ +module.exports = { + presets: [ + [ + '@babel/preset-env', + { + targets: { + browsers: [ + // Best practice: https://github.com/babel/babel/issues/7789 + '>=1%', + 'not ie 11', + 'not op_mini all' + ] + } + } + ] + ] +}; diff --git a/docs/config/next/hugo.toml b/docs/config/next/hugo.toml new file mode 100644 index 0000000000..8821061ae9 --- /dev/null +++ b/docs/config/next/hugo.toml @@ -0,0 +1,2 @@ +# Overrides for next environment +baseurl = "/" diff --git a/docs/config/postcss.config.js b/docs/config/postcss.config.js new file mode 100644 index 0000000000..296b090f26 --- /dev/null +++ b/docs/config/postcss.config.js @@ -0,0 +1,64 @@ +const autoprefixer = require('autoprefixer'); +const purgecss = require('@fullhuman/postcss-purgecss'); +const whitelister = require('purgecss-whitelister'); + +module.exports = { + plugins: [ + autoprefixer(), + purgecss({ + content: ['./hugo_stats.json'], + extractors: [ + { + extractor: (content) => { + const els = JSON.parse(content).htmlElements; + return els.tags.concat(els.classes, els.ids); + }, + extensions: ['json'] + } + ], + dynamicAttributes: [ + 'aria-expanded', + 'data-bs-popper', + 'data-bs-target', + 'data-bs-theme', + 'data-dark-mode', + 'data-global-alert', + 'data-pane', // tabs.js + 'data-popper-placement', + 'data-sizes', + 'data-toggle-tab', // tabs.js + 'id', + 'size', + 'type' + ], + safelist: [ + 'active', + 'btn-clipboard', // clipboards.js + 'clipboard', // clipboards.js + 'disabled', + 'hidden', + 'modal-backdrop', // search-modal.js + 'selected', // search-modal.js + 'show', + 'img-fluid', + 'blur-up', + 'lazyload', + 'lazyloaded', + 'alert-link', + 'container-fw ', + 'container-lg', + 'container-fluid', + 'offcanvas-backdrop', + 'figcaption', + 'dt', + 'dd', + 'showing', + 'hiding', + 'page-item', + 'page-link', + 'not-content', + ...whitelister(['./assets/scss/**/*.scss', './node_modules/@thulite/doks-core/assets/scss/components/_code.scss', './node_modules/@thulite/doks-core/assets/scss/components/_expressive-code.scss', './node_modules/@thulite/doks-core/assets/scss/common/_syntax.scss']) + ] + }) + ] +}; diff --git a/docs/config/production/hugo.toml b/docs/config/production/hugo.toml new file mode 100644 index 0000000000..0dd53ab39c --- /dev/null +++ b/docs/config/production/hugo.toml @@ -0,0 +1,2 @@ +# Overrides for production environment +baseurl = "http://documentation.defectdojo.com/" diff --git a/docs/content/en/_index.md b/docs/content/en/_index.md index 7dceb1bf34..0b481c74ab 100644 --- a/docs/content/en/_index.md +++ b/docs/content/en/_index.md @@ -1,5 +1,5 @@ --- -title: "DefectDojo\'s Documentation" +title: "Index" date: 2021-02-02T20:46:29+01:00 draft: false type: docs @@ -14,45 +14,3 @@ cascade: _target: path: "/**" --- - -![image](images/dashboard.png) - -### What is DefectDojo? - -DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates. DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management. - -### What does DefectDojo do? - -While automation and efficiency are the ultimate end goals, DefectDojo is -a bug tracker at its core for vulnerabilities. Taking advantage of DefectDojo's -Product:Engagement model, enables traceability among multiple projects -/ test cycles, and allows for fine-grained reporting. - -### How does DefectDojo work? - -1. [Getting started]({{< ref "/getting_started" >}}) covers how to install and configure DefectDojo. -2. [Usage]({{< ref "/usage" >}}) covers how to use DefectDojo to manage vulnerabilities. -3. We support a large amount of [integrations]({{< ref "/integrations" >}}) to help fit DefectDojo in your DevSecOps program. - -### Where to find DefectDojo? - -The open-source edition is [available on -GitHub](https://github.com/DefectDojo/django-DefectDojo). - -A running example is available on [our demo server](https://demo.defectdojo.org), -using the credentials `admin` / `1Defectdojo@demo#appsec`. Note: The demo -server is refreshed regularly and provisioned with some sample data. - -### DefectDojo Pro and Enterprise - -DefectDojo Inc. hosts a commercial edition of this software, which includes: -- additional features, smart features and UI improvements -- cloud hosting, with regular backups, updates and maintenance -- premium support and implementation guidance - -For more information, please visit [defectdojo.com](https://www.defectdojo.com/). - -DefectDojo Inc. also maintains an updated Knowledge Base at [https://support.defectdojo.com](https://support.defectdojo.com/en/). The Knowledge Base is written to support DefectDojo's Pro and Enterprise releases, but the tutorials and guides may also be applied to the open-source edition. - -Follow DefectDojo Inc. on [LinkedIn](https://www.linkedin.com/company/33245534) for updates. -To get in touch with us, please reach out to info@defectdojo.com diff --git a/docs/content/en/about_defectdojo/_index.md b/docs/content/en/about_defectdojo/_index.md new file mode 100644 index 0000000000..fe57aac3f0 --- /dev/null +++ b/docs/content/en/about_defectdojo/_index.md @@ -0,0 +1,17 @@ +--- +title: "About DefectDojo" +date: 2021-02-02T20:46:29+01:00 +draft: false +type: docs +weight: 1 + +cascade: +- type: "blog" + # set to false to include a blog section in the section nav along with docs + toc_root: true + _target: + path: "/blog/**" +- type: "docs" + _target: + path: "/**" +--- diff --git a/docs/content/en/about_defectdojo/about_docs.md b/docs/content/en/about_defectdojo/about_docs.md new file mode 100644 index 0000000000..0a8c0f2185 --- /dev/null +++ b/docs/content/en/about_defectdojo/about_docs.md @@ -0,0 +1,60 @@ +--- +title: "About Our Documentation" +date: 2021-02-02T20:46:29+01:00 +draft: false +type: docs + +weight: 1 + +cascade: +- type: "blog" + # set to false to include a blog section in the section nav along with docs + toc_root: true + _target: + path: "/blog/**" +- type: "docs" + _target: + path: "/**" +--- + +![image](images/dashboard.png) + +### What is DefectDojo? + +DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates. DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management. + +### What does DefectDojo do? + +While automation and efficiency are the ultimate end goals, DefectDojo is +a bug tracker at its core for vulnerabilities. Taking advantage of DefectDojo's +Product:Engagement model, enables traceability among multiple projects +/ test cycles, and allows for fine-grained reporting. + +### How does DefectDojo work? + +1. [Installation](../../open_source/installation/) covers how to install and configure DefectDojo. +2. [New User Checklist](../new_user_checklist) covers how to use DefectDojo to manage vulnerabilities. +3. We support a large amount of [integrations](../../connecting_your_tools/parsers/) to help fit DefectDojo in your DevSecOps program. + +### Where to find DefectDojo? + +The open-source edition is [available on +GitHub](https://github.com/DefectDojo/django-DefectDojo). + +A running example is available on [our demo server](https://demo.defectdojo.org), +using the credentials `admin` / `1Defectdojo@demo#appsec`. Note: The demo +server is refreshed regularly and provisioned with some sample data. + +### DefectDojo Pro + +DefectDojo Inc. hosts a commercial edition of this software, which includes: +- additional features, smart features and UI improvements +- cloud hosting, with regular backups, updates and maintenance +- premium support and implementation guidance + +For more information, please visit [defectdojo.com](https://www.defectdojo.com/). + +DefectDojo Inc. maintains this documentation to support both the Community and Pro editions of DefectDojo. + +Follow DefectDojo Inc. on [LinkedIn](https://www.linkedin.com/company/33245534) for updates. +To get in touch with us, please reach out to info@defectdojo.com diff --git a/docs/content/en/about_defectdojo/contact_defectdojo_support.md b/docs/content/en/about_defectdojo/contact_defectdojo_support.md new file mode 100644 index 0000000000..7c2bee2d42 --- /dev/null +++ b/docs/content/en/about_defectdojo/contact_defectdojo_support.md @@ -0,0 +1,31 @@ +--- +title: "Contact DefectDojo Support" +description: "For Pro users: support@defectdojo.com + other options" +draft: "false" +pro-feature: true +weight: 3 +--- + +For DefectDojo Pro users, DefectDojo's Support team can be contacted in a variety of ways. + +## Contacting Support via Email + +Customers / Pro Users can always email our team directly at [support@defectdojo.com](mailto:support@defectdojo.com). + +## Contacting Support through the DefectDojo app + +You can contact us through the DefectDojo App: + +* by opening **Cloud Manager \> Contact Support** from the left sidebar**,** +* or through **{your\-instance}.defectdojo.com/cloud\_portal/support**. + +![Where to find the 'Contact Support' link in DefectDojo](https://defectdojo-inc.intercom-attachments-7.com/i/o/854681122/eca2271b89d62b943e80923b/gpUG1R_oppB0eO2XyzCludfqxjYCFT4xodToow7IBc-GE7zeXNc3CrGAtHCnLBMSAiFs5PRIcW6V58B6kHAxpKRado9NGjU3sBVbXQFCi2X1zNMfr0Xx8jgNED7ZCvt1bQWe83g47pnFcaPZ9L2oEs8?expires=1729720800&signature=74a5200740953f712cfcb0ed6145ac3ad5657bc5974e2e23e62ce5b13032272c&req=fCUjEMF%2FnINdFb4f3HP0gBxcVTY7O4IHl0%2Bn%2BVAfJVMzuNg%2FYQxvJl0daCy2%0AD6E%3D%0A) + +## Contact Support through the DefectDojo Cloud Portal + +You can also contact our support team through your Cloud Portal: + +* by clicking on **Contact Us** (on the left sidebar) +* or via ****. + +![](https://downloads.intercomcdn.com/i/o/850350549/9183fa1703512f79f83a561b/Screenshot+2023-10-10+at+3.30.51+PM.png?expires=1729720800&signature=e6e5cda5d17f233575c7d5267d79de63210a1184a56e1c6d34468883a4c21817&req=fCUnFcx%2BmIVWFb4f3HP0gKi3DGFot4w4iwNAwMDaVsacaQIz63318wb%2BRw7J%0AOFM%3D%0A) \ No newline at end of file diff --git a/docs/content/en/about_defectdojo/new_user_checklist.md b/docs/content/en/about_defectdojo/new_user_checklist.md new file mode 100644 index 0000000000..f1f7a8b4f3 --- /dev/null +++ b/docs/content/en/about_defectdojo/new_user_checklist.md @@ -0,0 +1,27 @@ +--- +title: "New User Checklist" +description: "Get Started With DefectDojo" +draft: "false" +weight: 2 +chapter: true +--- + +Here's a quick reference you can use to ensure successful implementation - from a blank canvas to a fully functional app. + +### The Basics + +1. Start by [importing a file](../../connecting_your_tools/import_scan_files/import_scan_ui) using the UI. This is generally the quickest way to see how your data fits into the DefectDojo model. (note: OS users will need to set up a Product Type and Product before they can import data) + +2. Now that you have data in DefectDojo, learn more about how to organize it with the [Product Hierarchy Overview](../../working_with_findings/organizing_engagements_tests/product-hierarchy-overview). The Product Hierarchy creates a working inventory of your apps, which helps you divide your data up into logical categories. These categories can be used to apply access control rules, or to segement your reports to the correct team. + +3. Try [creating a Report](../../pro_reports/using-the-report-builder/) to summarize the data you've imported. Reports can be used to quickly share Findings with stakeholders such as Product Owners. + +This is the essence of DefectDojo - import security data, organize it, and present it to the folks who need to know. + +All of these features can be automated, and because DefectDojo can handle over 190 tools (at time of writing) you should be all set to create a functional security inventory of your entire organizational output. + +### Other guides + +- Does your organization use Jira? Learn how to use our [Jira integration](../jira_integration/Connect%20DefectDojo%20to%20Jira.md) to create Jira tickets from the data you ingest. +- Are you expecting to share DefectDojo with many users in your organization? Check out our guides to [user management](../user_management/about-permissions-roles) and set up role-based access control (RBAC). +- Ready to dive into automation? Learn how to use the [DefectDojo API](../connecting_your_tools/import_scan_files/api_pipeline_modelling) to automatically import new data, and build a robust CI / CD pipeline. \ No newline at end of file diff --git a/docs/content/en/about_defectdojo/request_a_trial.md b/docs/content/en/about_defectdojo/request_a_trial.md new file mode 100644 index 0000000000..92f4d3b819 --- /dev/null +++ b/docs/content/en/about_defectdojo/request_a_trial.md @@ -0,0 +1,101 @@ +--- +title: "Request a Trial" +description: "How to request and work with a trial of DefectDojo Cloud" +draft: "false" +weight: 4 +pro-feature: true +--- + + +If your team requires an on\-premise DefectDojo installation, please connect with our Sales team by emailing \-\> [info@defectdojo.com](mailto:info@defectdojo.com) . This trial setup process only applies to DefectDojo Cloud users. + + +All DefectDojo plans include a free 2\-week trial, which you can use to evaluate our software. DefectDojo Trial instances are fully\-featured and can be immediately converted to our team into paid instances \- no need to set everything up again, or reupload any data when your trial period ends. + + + +# **Requesting your Trial** + + +In order to sign up for the trial, you'll need to complete the process at . + + + +At the end of this process, you'll be put in touch with our Sales team, who will follow up to receive your billing information, and authorize and set up your company's trial instance. + + + +## Step 1: Select a Plan + + +DefectDojo offers 4 plan tiers: Entry, Team, Business and Enterprise. For more information on these plan tiers, see . + + + +## Step 2: Enter your Company Information \& create your Domain + + +Enter your company's **Name** and the **Server Label** you want to use with DefectDojo. You will then have a custom domain created for your DefectDojo instance on our servers. + + + + +Normally, DefectDojo will name your domain according to your Company Name., but if you select "Use Server Label in Domain", DefectDojo will instead label your domain according to the Server Label you chose. This approach may be preferred if you plan to use multiple DefectDojo instances (such as a Production instance and a Test instance, for example). Please contact our Sales team \-\> [info@defectdojo.com](mailto:info@defectdojo.com) if you require multiple instances. + + + +![](https://downloads.intercomcdn.com/i/o/860988422/eedc579b6677431286d65848/Screenshot+2023-10-24+at+1.40.08+PM.png?expires=1729720800&signature=a5d0777d68939399aaa5ec509c17ed2d416c1ec2a6bf522f1975ba9081556b02&req=fCYnH8F2mYNdFb4f3HP0gE8a9ArLlDRdCgEOOG%2FhF1RTkIUw7Ito80YJSY0l%0AHKg%3D%0A) + +## Step 3: Select a Server Location + + +Select a Server Location from the drop\-down menu. We recommend selecting a server that is geographically closest to the main DefectDojo team to reduce server latency. + + + +![](https://downloads.intercomcdn.com/i/o/876540337/a0a35dcc0d6133d9920ae351/Screenshot+2023-11-06+at+10.52.31+AM.png?expires=1729720800&signature=ca343d1908f901d445fd42e4a6ad36bf5423fe11f5f5499330f12d5bcbb673f8&req=fCchE81%2BnoJYFb4f3HP0gEQv7p4cu3PEeMC%2F7lhGIjWslFuLY7y9ydfxMon8%0AEqc%3D%0A) + +## Step 4: Configure your Firewall Rules + + +Enter the IP address ranges, subnet mask and labels that you want to allow to access DefectDojo. Additional IP addresses and rules can be added or changed by your team after your instance is up and running. + + + +![](https://downloads.intercomcdn.com/i/o/861008661/a96af61112ab368531e5cea3/Screenshot+2023-10-24+at+2.03.54+PM.png?expires=1729720800&signature=dd429751626344d5acdbc978075350b93c1eee4e08b19a7e2600acc32ef5af09&req=fCYmFsl2m4deFb4f3HP0gC9i9UC9KLwQAM03VQIh7iIX1Mte7ZuJem%2FMasGI%0AMOs%3D%0A) +If you want to use external services with DefectDojo (GitHub or JIRA), check the appropriate boxes listed under **Select External Services.** + + + +![](https://downloads.intercomcdn.com/i/o/861010228/9af57d1dbc88ec8eb1aba838/Screenshot+2023-10-24+at+2.05.17+PM.png?expires=1729720800&signature=4de093e7d6e8eb2868d8827d43b21e3fdcca811d54129281312ed2046e8f436b&req=fCYmFsh%2Bn4NXFb4f3HP0gESMYM2ZnzQC0Fiw%2BtpOyJtEyhzu2iwxkZDcgD8G%0AOt8%3D%0A) + +## Step 4: Confirm your Plan type and Billing Frequency + + +Before you complete the process, please confirm the plan you want to use along with your billing frequency \- monthly or annually. + + + +![](https://downloads.intercomcdn.com/i/o/876543637/6e37d8e254905d129b0db4e9/Screenshot+2023-11-06+at+12.50.04+PM.png?expires=1729720800&signature=71aa69825544e058bf464482c7a705d822cabe57df3d147383cd6f78606e2e2d&req=fCchE819m4JYFb4f3HP0gA6Fk0%2FefI4ZjPtNpPBBX2TaKmf7JCyejxcfyEyq%0Asw0%3D%0A) + +## Step 5: Review and Submit your Request + + +We'll prompt you to look over your request one more time. Once submitted, only Firewall rules can be changed by your team without assistance from Support. To contact Support, please email [support@defectdojo.com](mailto:support@defectdojo.com) or follow the instructions in [this article](https://support.defectdojo.com/en/articles/8461544-contact-defectdojo-support). + + + +![](https://downloads.intercomcdn.com/i/o/862067499/929fb73dfcda5759f44d5fe7/Screenshot+2023-10-25+at+3.41.42+PM.png?expires=1729720800&signature=c5c2efdb7cf11724b8e74e0193d63aab8cb6fdd479f5f05a385156dd4ce3f3fc&req=fCYlFs95mYhWFb4f3HP0gF2vZoT3mHEx2TF3mhg3tv%2FwJLi00MGhyKfgGvLa%0AiTI%3D%0A) +After reviewing and accepting DefectDojo's License and Support Agreement, you can click **Proceed To Checkout,** or **Meet The Creators.** + + + +* Proceed To Checkout will take you to a Stripe page where you can enter your billing information. +* If you do not wish to enter your billing info at this time, you can click Meet The Creators \- our Sales team will be in touch to set up your trial. + + +# Once your trial has been approved + + +Our Support team will send you a Welcome email with links to access your DefectDojo instance. You can always reach out to [support@defectdojo.com](mailto:support@defectdojo.com) for product assistance once your trial begins. + diff --git a/docs/content/en/api/_index.md b/docs/content/en/api/_index.md new file mode 100644 index 0000000000..6f2f1ec468 --- /dev/null +++ b/docs/content/en/api/_index.md @@ -0,0 +1,15 @@ +--- +title: "API Documentation" +description: "" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 98 +chapter: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +--- \ No newline at end of file diff --git a/docs/content/en/integrations/api-v2-docs.md b/docs/content/en/api/api-v2-docs.md similarity index 98% rename from docs/content/en/integrations/api-v2-docs.md rename to docs/content/en/api/api-v2-docs.md index a113452242..263a790f77 100644 --- a/docs/content/en/integrations/api-v2-docs.md +++ b/docs/content/en/api/api-v2-docs.md @@ -14,7 +14,7 @@ each endpoint is available within each DefectDojo installation at [`/api/v2/doc/`](https://demo.defectdojo.org/api/v2/) and can be accessed by choosing the API v2 Docs link on the user drop down menu in the header. -![image](../../images/api_v2_1.png) +![image](images/api_v2_1.png) The documentation is generated using [drf-spectacular](https://drf-spectacular.readthedocs.io/) at [`/api/v2/oa3/swagger-ui/`](https://demo.defectdojo.org/api/v2/oa3/swagger-ui/), and is interactive. On the top of API v2 docs is a link that generates an OpenAPI v3 spec. @@ -23,12 +23,12 @@ To interact with the documentation, a valid Authorization header value is needed. Visit the `/api/key-v2` view to generate your API Key (`Token `) and copy the header value provided. -![image](../../images/api_v2_2.png) +![image](images/api_v2_2.png) Each section allows you to make calls to the API and view the Request URL, Response Body, Response Code and Response Headers. -![image](../../images/api_v2_3.png) +![image](images/api_v2_3.png) If you're logged in to the Defect Dojo web UI, you do not need to provide the authorization token. diff --git a/docs/content/en/changelog/_index.md b/docs/content/en/changelog/_index.md new file mode 100644 index 0000000000..28d6d19457 --- /dev/null +++ b/docs/content/en/changelog/_index.md @@ -0,0 +1,15 @@ +--- +title: "Changelog" +description: "" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 98 +chapter: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +--- \ No newline at end of file diff --git a/docs/content/en/changelog/changelog.md b/docs/content/en/changelog/changelog.md new file mode 100644 index 0000000000..3a244f82cc --- /dev/null +++ b/docs/content/en/changelog/changelog.md @@ -0,0 +1,200 @@ +--- +title: "Changes & New Features" +description: "DefectDojo Changelog" +--- + +Here are the release notes for DefectDojo Pro (Cloud Version) releases. For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases). + + +## Nov 17, 2024 +**Version 2.40.2** + +- **(API)** Added an API endpoint to get the DefectDojo version number: `/api/v2/version` (Pro) +- **(API)** Multiple Metadata objects can now be added to a single Endpoint, Finding or Product via POST or PATCH to `/api/v2/metadata/` . Previously, only one Metadata key/value pair could be updated per call. +- **(Beta UI)** You can now Clear Alerts in the Beta UI. +- **(Beta UI)** Corrected an issue with Beta UI’s form validation when trying to connect a Jira Project with an Engagement. +- **(Beta UI)** Fixed an issue in the Beta UI where new Product Tiles could not be created. +- **(Reports)** Changes have been made to the Report Generator's description text to clarify how new reports are created from existing reports. +- **(Findings)** “Verified” is now an optional status for many Finding workflows. This can be changed from the System Settings page in the Legacy UI (not yet implemented in Beta UI). +- **(Tools)** Update to AWS Prowler parser - can now handle the ‘event_time’ parameter + + +## Nov 14, 2024 +**Version 2.40.1** + +- **(API)** Added a method to validate for file extensions, when 'artifact' files are added to a test (images, for example) +- **(Cloud Portal)** Fixed an issue where QR codes were not being generated correctly for MFA setup. (Pro) +- **(Dashboards)** Insights dashboards can now filter by Product Tag (Pro) +- **(Notifications)** Added a new notification template for ‘Engagement Closed’ - Email, Alerts, Teams, Slack +- **(Tools)** Fixed an issue with the Burp Entreprise HTML parser not correctly handling certain reports +- **(Tags)** Tags are now forced to lowercase when created + + + +## Nov 4, 2024 +**Version 2.40.0** + +- **(API)** Engagement_End_Date is now honored when submitted via /import /reimport endpoint. +- **(API)** Corrected an issue with the /import endpoint where old Findings were not being mitigated correctly. +- **(Beta UI)** Certain Error 400 notifications will now be displayed as ‘toasts’ in the beta UI with a better error description, rather than redirecting to a generic 400 page. +- **(Beta UI)** Dojo-CLI and Universal Importer are now available for download in-app. See External Tools menu in the top-right hand menu of the Beta UI. +- **(Connectors)** Multiple connectors of the same type can now be added. Each Connector will create a unique Engagement which will be populated with Findings. (Pro) +- **(Connectors)** AWS Security Hub connector can now find any AWS delegated accounts associated with a centralized account. All Security Hub Findings from a connector will be tagged with the appropriate AwsAccountId field, and additional Products can be added for each. (Pro) +- **(CLI Tools)** Dojo-CLI tool now available: a command-line tool which you can use to manage imports and exports to your Cloud instance. To get started, download the app from the External Tools menu. +- **(Deduplication)** There’s no longer a brief service interruption when changes are applied to Deduplication Settings. Those changes can be applied without restarting the service. +- **(Tools)** Added a new parser for AWS Inspector2 Findings. + +#### Setting up multiple AWS Hub accounts with a Connector + +If you manage Security Hub findings for multiple accounts from a centralized administrator account, you will need to +create the IAM user under that account and configure the Connector with it in order to retrieve findings from those +sub-accounts with a single connector configuration. + +"Member" accounts (either invited manually or automatically associated when using AWS Organizations) will be detected by the Discover operation, and Products will be created for each of your account + region pairs based on the administrator account's cross-region aggregation settings. + +See [this +section of the AWS Docs](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation.html#finding-aggregation-admin-member) about cross-region aggregation with multiple accounts for more information. +* Once you have created your IAM user and assigned it the necessary permissions using an appropriate policy/role, you will +need to generate an access key and provide the "Access Key" and "Secret Key" components in the relevant connector +configuration fields. +* The "Location" field should be populated with the appropriate API endpoint for your region. For example, to retrieve results from the us-east-1 region, you would supply https://securityhub.us-east-1.amazonaws.com. +* Note that we rely on Security Hub's cross-region aggregation to pull findings from more than one region. If cross-region aggregation is enabled, you should supply the API endpoint for your "Aggregation Region". Additional linked regions will have ProductRecords created for them in DefectDojo based on your AWS account IDs and the region names. + +## October 29, 2024 +**Version 2.39.4 / 2.39.3** + +- **(API)** Corrected 'multiple positional arguments' issue with `/import` endpoint +- **(Metrics)** Dashboards can now handle multiple Products or Product Types simultaneously: this includes the Executive, Program, Remediation and Tool insights dashboards. (Pro) +- **(Tools)** OSV, Tenable parsers have been made more robust + + +## October 21, 2024 +**Version 2.39.1** + +- **(Beta UI)** Parent Object links have been added to the Metadata table to help contextualize the page you're on +- **(Beta UI)** Improved "Toggle Columns" menu on tables +- **(Beta UI)** Added additional helptext for Simple Risk Acceptance, SLA Enforcement +- **(Beta UI)** Improved Test View with better Import History and Active Finding Severity Breakdown elements +- **(Import)** Development Environments which do not already exist can now be created via 'auto create context' +- **(Metrics)** All Metrics dashboards can now be exported as a PDF (Remediation Insights, Program Insights, Tool Insights) (Pro) + + +## October 7, 2024 +**Version 2.39.0** + + +- **(Beta UI)** Dropdown menus for Import Scan / Reimport Scan no longer block the active element of a form. +- **(Beta UI)** Finding counts by Severity now disregard Out Of Scope / False Positive Findings. +- **(Dashboard)** Tile filters with a Boolean filter of False are now saving correctly. E.G. If you tried to create a Tile with a filter condition of “Has Jira = No” previously this would not be applied correctly. +- **(Jira)** Added help text for 'Push All Issues'. +- **(Tools)** AWS Security Hub EPSS score now parses correctly. + + +## September 30, 2024 +**Version 2.38.4** + +- **(API)** Object History can now be accessed via the API. +- **(API Docs)** Generating the response schema for certain API endpoints no longer breaks the Swagger interface. +- **(Metrics)** Added Executive Insights dashboard, Select a Product or Product type, and you can view an executive summary of that Product/Product Type’s security posture with relevant stats. (Pro) +- **(Passwords)** Password creation for new users can now be made optional upon request. This feature is toggled via the back-end. + + +## September 23, 2024 +**Version 2.38.3** + +- **(API)** `/global_role` endpoint now supports prefetching. +- **(API)** It is now possible to prefetch a Finding with attached files via API. +- **(Login)** A new "Forgot Username" link has been added to the login form. The link will navigate to a page which requests the user's email address. The username will be sent to that address if it exists. +- **Risk Acceptances** Notes are now added to Findings when they are removed from Risk Acceptances. +- **(Risk Acceptance)** Risk Acceptance overhaul. Feature has been extended with new functions. See [Risk Acceptance documentation](../working_with_findings/risk-acceptances) for more details. +- **Tools** Qualys HackerGuardian parser added. +- **Tools** Semgrep Parser updated with new severity mappings. HackerOne parser updated and now supports bug bounty reports. +- **Tools** fixed an issue where certain tools would not process asyncronously: Whitehat_Sentinel, SSLyze, SSLscan, Qualys_Webapp, Mend, Intsights, H1, and Blackduck. + + +## September 16, 2024 +**Version 2.38.2** + +- **(Beta UI)** Jira integration in Beta UI now has parity with Legacy UI. Ability to Push To Jira has been added, and the Jira ticket view has been added to Findings, Engagements, and all other related objects in DefectDojo. +- **(Finding SLAs)** Added “Mitigated Within SLA” Finding filter, so that users can now count how many Findings were mitigated on time, and how many were not. Previously, we were only able to filter Findings that were currently violating SLA or not, rather than ones that had historically violated SLA or not. +- **(Metrics)** “Mitigated Within SLA” simple metric added to Remediation Insights page. +- **(Reports)** Custom Content text box no longer renders as HTML. +- **(Tools)** Wiz Parser now supports SCA format. +- **(Tools)** Fortify now supports a wider range of .fpr files. +- **(Tools)** Changed name of Netsparker Scan to Invicti Scan following their acquisition. Integrations that use the ‘Netsparker’ terminology will still work as expected, but now ‘Invicti’ appears in our tools list. +- **(Universal Importer)** Tag Inheritance has been added to Universal Importer. Tags can now be added to Findings from that tool. (Pro) + + + +## September 9, 2024 +**Version 2.39.1** + +- **(Beta UI)** Clearing a date filter and re-applying it no longer throws a 400 error. +- **(Dashboard)** Dashboard Tag Filters now work correctly in both legacy and beta UIs. +- **(MFA)** When an admin enforced Global MFA on a DefectDojo instance, there was a loop state that could occur with new users attempting to set up their accounts. This issue has been corrected, and new users can set a password before enabling MFA. +- **(Permissions)** When a user had permission to edit a Product, but not a Product Type, there was a bug where they were unable to submit an ‘Edit Product’ form (due to interaction with the Product Type). This has been corrected. +- **(Reimport)** Reimport now correctly records additional vulnerability IDs beyond 1. In the past, Findings that had more than one Vulnerability ID (a CVE, for example) would have those additional Vulnerability IDs discarded on reimport, so users were potentially losing those additional Vulnerability IDs. +- **(Tools)** Threat Composer parser added +- **(Tools)** Legitify parser added +- **(Tools)** EPSS score / percentile will now be imported from Aquasec files + + +## Sepember 3, 2024 +**Version 2.38.0** + +- **(API)** Better naming conventions on Mitigated and Discovered date filters: these are now labeled Mitigated/Discovered On, Mitigated/Discovered Before, Mitigated/Discovered After. +- **(Beta UI)** Pre-filtered Finding Routes added to Sidebar: you can now quickly filter for Active Findings, Mitigated Findings, All Risk Acceptances, All Finding Groups. +- **(Beta UI)** Beta UI Findings datatable can now apply every filter that the legacy UI could: filter Findings by (Last Reviewed, Mitigated Date, Endpoint Host, Reviewers… etc). +- **(Beta UI)** Beta UI OAuth settings leading to a 404 loop - bug fixed and menu now works as expected. +- **(Beta UI)** Vulnerable Hosts page no longer returns 404. +- **(Beta UI)** Sorting the Findings data table by Reporter now functions correctly. +- **(Connectors)** Dependency-Track Connector now available. (Pro) +- **(Deduplication Tuner)** Deduplication Tuner now available in beta UI under Enterprise Settings > Deduplication Tuner. +- **(Filters)** Filtering Findings by Date now applies the filter as expected. +- **(Filters)** Sorting by Severity now orders by lowest-highest severity instead of alphabetically +- **(Reimport)** Reimporting Findings that have been Risk-Accepted no longer changes their status to ‘Mitigated’. +- **(Risk Acceptance)** Updating the Simple Risk Acceptance or the Full Risk Acceptance flag on a Product now updates the Product as expected. + + +## August 28, 2024 +**Version 2.37.3** + +- **(API)** New Endpoint: /finding_groups allows you to GET, add Findings to, delete, or otherwise interact with Finding Groups. (Pro) +- **(Beta UI)** Relative date ranges for Findings have been added to Finding Filters (last 30 days, last 90 days, etc) +- **(Beta UI)** Bulk Edit / Risk Acceptance / Finding Group actions are now available in beta UI. +- **(Beta UI)** Finding Groups are now available in the beta UI. Selecting multiple Findings allows you to create a Finding Group, provided those Findings are in the same Test. +- **(Beta UI)** Enhanced Endpoint View now available in beta UI. +- **(Beta UI)** Jira Instances can now be added and edited via beta UI. +- **(Connectors)** SonarQube / SonarCloud Connector added. (Pro) +- **(Questionnaires)** Anonymous Questionnaires can now be added to an Engagement after they are completed. This solves an issue where users wanted to have their team complete questionnaires related to a Product without giving the user access to the complete Product on DefectDojo. +- **(Reports)** Report issue where images would disappear from reports has been corrected +- **(SLAs)** “SLA Violation in _ Days” notifications are no longer being sent for unenforced SLAs. +- **(Tools)** New Parser: AppCheck Web Application Scanning +- **(Tools)** Nmap Parser now handles script output + + +## August 7, 2024 +**Version Version 2.37.0** + +- **(API)** Created a method to handle simultaneous async reimports to the same Test via API +- **(API)** Minimum Severity flag now works as expected on /import, /reimport endpoints (Clearsale) +- **(API)** API errors now default to "Expose error details" +- **(Beta UI)** New Filter: by calculated SLA date (you can now filter for SLA due dates between a particular date range, for example) +- **(Beta UI)** New Filter: age of Finding +- **(Beta UI)** Improvements to pagination / loading behavior for large amounts of Findings +- **(Beta UI)** Added ability to Reimport Findings in new UI: +- **(Connectors)** Tenable Connector Released +- **(Dashboard)** Risk Acceptance tile now correctly filters Findings +- **(Jira)** Manually syncing multiple Findings with Jira (via Bulk Edit) now pushes notes correctly +- **(Reports)** Adding the WYSIWYG Heading to a Custom Report now applies a custom Header, instead of a generic ‘WYSIWYG Heading’ +- **(SAML)** Fixed issue where reconfiguring SAML could cause lockout +- **(Tools)** Wizcli Parser released +- **(Tools)** Rapplex Parser released +- **(Tools)** Kiuwan SCA Parser released +- **(Tools)** Test Types can now be set to Inactive so that they won’t appear in menus. This ‘inactive’ setting can only be applied in the legacy UI, via Engagements > Test Types (or defectdojo.com/test_type) + +## July 8, 2024 +**Version 2.36.0** + +- **(Notifications)** Improved email notifications with collapsible Finding lists for greater readability +- **(SLAs)** SLAs can now be optionally enforced. For each SLA associated with a Product you can set or unset the Enforce __ Finding Days box in the relevant SLA Configuration screen. When this box is unchecked, SLAs for Findings that match that Severity level will not be tracked or displayed in the UI. diff --git a/docs/content/en/cloud_management/Connectivity Troubleshooting.md b/docs/content/en/cloud_management/Connectivity Troubleshooting.md new file mode 100644 index 0000000000..5f744091ee --- /dev/null +++ b/docs/content/en/cloud_management/Connectivity Troubleshooting.md @@ -0,0 +1,74 @@ +--- +title: "Connectivity Troubleshooting" +description: "Reconnect to your DefectDojo Instance" +--- + +If you have difficulty accessing your DefectDojo instance, here are some steps you can follow to get reconnected: + + + +# **I can access the site, but I can't log in** + + +1. You can reset the password for your account from the login page: **yourcompanyinstance.cloud.defectdojo.com/login**. Click 'I forgot my password' in order to begin the process. +​ + + +![](https://downloads.intercomcdn.com/i/o/867662528/dbd2358b981f856e7f624c01/Screenshot+2023-10-30+at+2.06.03+PM.png?expires=1729720800&signature=cd15a929f169cf01783a6ed6c5e5d2808896ff64299b8cc14df0c09fd5307d72&req=fCYgEM98mINXFb4f3HP0gO6jJd9YIsKGdFgO9HgVqQpav8SNveR7J%2BvC8rys%0A5d8%3D%0A) +2. Enter your email address, and click "Reset my password". +​ +3. You should receive an email with the subject header "**Password reset on yourcompanyinstance.cloud.defectdojo.com**". This email contains a link which you can click to set a new password. + +​ + + +![](https://downloads.intercomcdn.com/i/o/867664555/cef20544226f5012b4251ea6/Screenshot+2023-10-30+at+2.07.01+PM.png?expires=1729720800&signature=c40a92e6ec5c8c66de22e14b50f0d6a94c4b9eecf39ebefae7da739194efb44f&req=fCYgEM96mIRaFb4f3HP0gH1b%2F68jdpPBfLFZTfDo%2FQdLZvSWWjFM6I7jc5Gz%0AEbA%3D%0A) + + +If you don't receive an email, please check your Spam folder. Failing that, have your team's DefectDojo admin confirm that you have an account registered on your instance. +​ + + + +# **I can't access my company's cloud.defectdojo site** + + +If your company's cloud.defectdojo site does not load in your browser, or times out, it may be necessary for your company to change your firewall rules in order to accept your connection. + + + +Firewall rules can be changed in your Cloud Manager at . + + + +If your company uses a shared VPN, proxy server or a similar tool, make sure it’s authorized to connect to DefectDojo and that the IP address is included in DefectDojo's Firewall rules. + + + +If the problem persists, please contact [support@defectdojo.com](mailto:support@defectdojo.com) . + + + + +# **I can't log in to the Cloud Manager** + + +If you can’t access the Cloud Manager, navigate to the Login page at and click **“Forgot your password?”** + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/867730200/fec4f8e41a85980d9f2b5848/LLaYN22oG70U12Bn8arFUnCJcpyVZioqKmyAc9wgD0EkWqNbGQKx6IfEOIQYADmiL_oxrtcKciq3XYTFr53jF_QuqtOGDJua9JdtdyydYa9A9uwFcNkWiXEVuhwk6X2O7Euz-vfqOmqclvKzrlmiZMU?expires=1729720800&signature=8686957e56b0151acddca629d70588d3a7dc550527417676cdbdf3227efb33c5&req=fCYgEcp%2Bn4FfFb4f3HP0gJcUOE6BwyJhS43Nt3T%2B2A3Jgbqj6fMRKOC7N0bI%0AcUI%3D%0A) +You’ll be prompted to enter your email address, and our team will send you an email with a link to reset your password and enter a new one. + + + +Please note that this login method only works for the **Cloud Manager**, an admin site which your team members may not all have access to. Directly logging into your instance to use DefectDojo is only possible by directly connecting to **yourcompanyinstance.cloud.defectdojo.com/login**. + + + +# **I've lost access to my MFA codes** + + +* **For the Cloud Manager:** If you lose access to your MFA codes, or Authenticator App, please contact DefectDojo Support at [support@defectdojo.com](mailto:support@defectdojo.com). +* **For a DefectDojo Instance:** It is not currently possible to remove MFA access from an account without an MFA code. The best option in this case is to create a new DefectDojo login, and re\-grant all necessary permissions to this account. + diff --git a/docs/content/en/cloud_management/Set up an additional Cloud instance.md b/docs/content/en/cloud_management/Set up an additional Cloud instance.md new file mode 100644 index 0000000000..5c5bb2cb7f --- /dev/null +++ b/docs/content/en/cloud_management/Set up an additional Cloud instance.md @@ -0,0 +1,88 @@ +--- +title: "Set up an additional Cloud instance" +description: "Add a test, dev, or other DefectDojo instance to your account" +--- + +The process for adding a second Cloud instance is more or less the same as adding your first instance. This guide assumes you've already set up your initial DefectDojo server, and have an agreement with our Sales team to add another instance. + + + + +If you have not already requested an additional Cloud instance, please contact [info@defectdojo.com](mailto:info@defectdojo.com) before proceeding. + + + +## Step 1: Open the New Subscription process + + +You can start this process from the following link: , or by clicking 🛒 **New Subscription** from the Cloud Manager page (cloud.defectdojo.com). + + + +![](https://downloads.intercomcdn.com/i/o/876539636/9b4cc38bb1a114bc31904443/Screenshot+2023-11-06+at+12.46.19+PM.png?expires=1729720800&signature=08ce5ffef842d3b4be4aa3f8538376ec461d2bc6d1d83afb85dcc9d801c7bf25&req=fCchE8p3m4JZFb4f3HP0gIHRfF7bqgQfmpwT2LnRImRLxalz2iT9uKYA9mKX%0ARmQ%3D%0A) + +## Step 2: Set your Server Label + + +Enter your company's **Name** and the **Server Label** you want to use with DefectDojo. You will then have a custom domain created for your DefectDojo instance on our servers. + + + +Keep your company name the same as before, but create a new Server Label and check the "**Use Server Label in Domain**" button, so that you can easily differentiate between your servers. + + + +![](https://downloads.intercomcdn.com/i/o/860988422/eedc579b6677431286d65848/Screenshot+2023-10-24+at+1.40.08+PM.png?expires=1729720800&signature=a5d0777d68939399aaa5ec509c17ed2d416c1ec2a6bf522f1975ba9081556b02&req=fCYnH8F2mYNdFb4f3HP0gE8a9ArLlDRdCgEOOG%2FhF1RTkIUw7Ito80YJSY0l%0AHKg%3D%0A) + +## Step 3: Select a Server Location + + +Select a Server Location from the drop\-down menu. As before, we recommend selecting a server that is geographically closest to your users to reduce server latency. + + + +![](https://downloads.intercomcdn.com/i/o/876540337/a0a35dcc0d6133d9920ae351/Screenshot+2023-11-06+at+10.52.31+AM.png?expires=1729720800&signature=ca343d1908f901d445fd42e4a6ad36bf5423fe11f5f5499330f12d5bcbb673f8&req=fCchE81%2BnoJYFb4f3HP0gEQv7p4cu3PEeMC%2F7lhGIjWslFuLY7y9ydfxMon8%0AEqc%3D%0A) + +## Step 4: Configure your Firewall Rules + + +Enter the IP address ranges, subnet mask and labels that you want to allow to access DefectDojo. Additional IP addresses and rules can be added or changed by your team after your instance is up and running. + + + +If you wish, these firewall rules can be different from the rules on your main DefectDojo instance. + + + +![](https://downloads.intercomcdn.com/i/o/861008661/a96af61112ab368531e5cea3/Screenshot+2023-10-24+at+2.03.54+PM.png?expires=1729720800&signature=dd429751626344d5acdbc978075350b93c1eee4e08b19a7e2600acc32ef5af09&req=fCYmFsl2m4deFb4f3HP0gC9i9UC9KLwQAM03VQIh7iIX1Mte7ZuJem%2FMasGI%0AMOs%3D%0A) +If you want to use external services with this instance (GitHub or JIRA), check the appropriate boxes listed under **Select External Services.** + + + +![](https://downloads.intercomcdn.com/i/o/861010228/9af57d1dbc88ec8eb1aba838/Screenshot+2023-10-24+at+2.05.17+PM.png?expires=1729720800&signature=4de093e7d6e8eb2868d8827d43b21e3fdcca811d54129281312ed2046e8f436b&req=fCYmFsh%2Bn4NXFb4f3HP0gESMYM2ZnzQC0Fiw%2BtpOyJtEyhzu2iwxkZDcgD8G%0AOt8%3D%0A) + +## Step 5: Confirm your Plan type and Billing Frequency + + +At the end of our process, you'll be put in touch with our sales team, who can accurately quote your new server. We recommend you select the Plan Type which has the server specifications you require for the new instance. + + + +A second server may not require the same storage, CPU and RAM requirements as your 'main' instance, but this will depend on your team's technical requirements. + + + +![](https://downloads.intercomcdn.com/i/o/876543046/5c065910695edf6d0adf21a1/Screenshot+2023-11-06+at+12.50.04+PM.png?expires=1729720800&signature=3d7becae3895bcab80009b80513edb4e894f89f0bde7165103a554f0b517e2b0&req=fCchE819nYVZFb4f3HP0gP2oc8RWNW5g1tf9s%2BwDUtB9peXdDn2GiZgvSJSn%0AVIc%3D%0A) + +## Step 6: Review and Submit your Request + + +We'll prompt you to look over your request one more time. Once submitted, only Firewall rules can be changed by your team without assistance from Support. + + + +After reviewing and accepting DefectDojo's License and Support Agreement, please click **Meet The Creators.** Our Support team will reach out to you when the process is complete and your server has been provisioned. + + + +![](https://downloads.intercomcdn.com/i/o/862067499/929fb73dfcda5759f44d5fe7/Screenshot+2023-10-25+at+3.41.42+PM.png?expires=1729720800&signature=c5c2efdb7cf11724b8e74e0193d63aab8cb6fdd479f5f05a385156dd4ce3f3fc&req=fCYlFs95mYhWFb4f3HP0gF2vZoT3mHEx2TF3mhg3tv%2FwJLi00MGhyKfgGvLa%0AiTI%3D%0A) diff --git a/docs/content/en/cloud_management/Using the Cloud Manager.md b/docs/content/en/cloud_management/Using the Cloud Manager.md new file mode 100644 index 0000000000..853c75c0d1 --- /dev/null +++ b/docs/content/en/cloud_management/Using the Cloud Manager.md @@ -0,0 +1,77 @@ +--- +title: "Using the Cloud Manager" +description: "Manage your subscription and account settings" +--- + +Logging into DefectDojo's Cloud Manager allows you to configure your account settings and manage your subscription with DefectDojo Cloud. + + + +# **New Subscription** + + +This page allows you to request a new, or additional Cloud instance from DefectDojo. + + + + +# **Manage Subscriptions** + + +The Subscription Management page shows all of your currently active Cloud instances, and allows you to configure the Firewall settings for each instance. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/862089009/21684204f59c8a72fc5cd96c/oWnbKju2gAuFoJyu1HqO8VoY10HF98nGETVQr3qqyVetxwVS9T4dd9BsA07iVpqimE_DbAEOxu4YnETyF4B66bv8eRY7SA0LUfLcZV_cr2EyBBqe13n0XJd7MRFkhtVUYHBmAr7ikL-jqMRP_x3G5Yo?expires=1729720800&signature=c17d819ae6f7d8fcede2df269d2f70ce3a6d52a5fc90ca1eb528ef8fcbc981f4&req=fCYlFsF3nYFWFb4f3HP0gKBBQOIZ9S1HeeHWkUy2iQgj1cIBI%2FsKvYdjil0P%0A7zU%3D%0A)To edit or add firewall rules from within the DefectDojo cloud site, navigate to the **Manage Subscriptions** page, then click the **Edit Subscription** button in the top right corner of the subscription you wish to edit. + + + +Once on the **Edit Subscription** page, enter the IP Address, Mask, and Label for the rule you wish to add. If more than one firewall rule is needed, click **Add New Range** to create a new empty rule. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/862089016/f591206745e3f6fb1e84ebb0/_0YHO3wFX4NOPfXD6lGQrlgyizJG4oI1uAmG6xPjKVNS5LEEsHG_e0NL7S9ghukYJZDGdZnLMLZbf4let3cWyEt1AXL-hKAr2pbJs94NMNGC4d_aCnAZzJwYw_-aisx_lkvSFQGGovg9DTXmHpcZQVE?expires=1729720800&signature=9c30c659541303f0b846c14f397d397d15b15cdbd5f7d06fa069ad94de9d12a6&req=fCYlFsF3nYBZFb4f3HP0gGOaSb2VkqgcS5e1HnxDZWkIvMwr9%2Bcy0%2FpbfIzh%0ABPw%3D%0A)To save these newly added firewall rules, click **Submit** at the bottom of the page to save and update the firewall rules on your DefectDojo cloud instance. + + + +Firewall rules can also be updated from within your DefectDojo cloud instance. For more information on modifying firewall rules from within your instance, detailed documentation can be found here: + + +*[https://documentation.defectdojo.com/proprietary\_plugins/01\_plus/cloud\_portal/\#firewall\-rules](https://documentation.defectdojo.com/proprietary_plugins/01_plus/cloud_portal/#firewall-rules)* + + + +# **Resources** + + +The Resources page contains a Contact Us form, which you can use to get in touch with our Support team. + + + +![](https://downloads.intercomcdn.com/i/o/874730270/5aeed3c6a01d72f6f9cd3744/Screenshot+2023-11-03+at+2.23.51+PM.png?expires=1729720800&signature=64441b86a47e5e90e7d835f9ba7f395cb5e699f550b98afae217c59636841c90&req=fCcjEcp%2Bn4ZfFb4f3HP0gO8a52Smoi05dVcxL5OEbRnX%2BGZMCLHom5a8sWeR%0AhoA%3D%0A)It also contains a link to our Open\-Source Documentation, which can be viewed at https://documentation.defectdojo.com. + + + +# **Account Settings** + + +The account settings page has four sections: + + +* **User Contact** allows you to set your Username, Email Address, First Name and Last Name. +* **Email Accounts** allows you to add additional email addresses to your accounts. Adding an additional email account will send a verification email to the new address. +* **Manage Social Accounts** allows you to connect DefectDojo Cloud to your GitHub or Google credentials, which can be used to log in instead of a username and password. +* **MFA Settings** allow you to add an MFA code to Google Authenticator, 1Password or similar apps. Adding an additional step to your login process is a good proactive step to prevent unauthorized access. + +### Add MFA to your login process + + +This can also be done from the following link: + + +1. Begin by installing an Authenticator app which supports QR code authentication on your smartphone or computer. +2. Once you've done this, click **Generate QR Code**. +3. Scan the QR code provided in DefectDojo using your Authenticator app, and then enter the six\-digit code provided by your app. +4. Click **Enable Multi\-Factor Authentication**. + +![](https://downloads.intercomcdn.com/i/o/874771940/efe7f25c04e1cd3189456f8d/Screenshot+2023-11-03+at+3.09.24+PM.png?expires=1729720800&signature=2664f7e14fe3ac87961f3593b1a123b17482ddca6237863d4acb1c97a97e4a0b&req=fCcjEc5%2FlIVfFb4f3HP0gP1QCbFbvE832eH4u4sdueBzfdtszKhTMHHP9qD7%0AtD4%3D%0A) \ No newline at end of file diff --git a/docs/content/en/cloud_management/_index.md b/docs/content/en/cloud_management/_index.md new file mode 100644 index 0000000000..20cc656700 --- /dev/null +++ b/docs/content/en/cloud_management/_index.md @@ -0,0 +1,15 @@ +--- +title: "DefectDojo Cloud Manager" +description: "Manage Your DefectDojo subscription" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 2 +chapter: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +--- \ No newline at end of file diff --git a/docs/content/en/connecting_your_tools/_index.md b/docs/content/en/connecting_your_tools/_index.md new file mode 100644 index 0000000000..3a39ea2655 --- /dev/null +++ b/docs/content/en/connecting_your_tools/_index.md @@ -0,0 +1,15 @@ +--- +title: "Connect Your Tools" +description: "Import data from 190+ different security tools (and counting)" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 3 +chapter: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +--- \ No newline at end of file diff --git a/docs/content/en/connecting_your_tools/connectors/_index.md b/docs/content/en/connecting_your_tools/connectors/_index.md new file mode 100644 index 0000000000..c60b2f4428 --- /dev/null +++ b/docs/content/en/connecting_your_tools/connectors/_index.md @@ -0,0 +1,98 @@ +--- +title: "Set Up API Connectors" +description: "Seamlessly connect DefectDojo to your security tools suite" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 2 +chapter: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +pro-feature: true +--- + + +DefectDojo allows users to build sophisticated API integrations, and gives users full control over how their vulnerability data is organized. + + + +But everyone needs a starting point, and that's where Connectors come in. Connectors are designed to get your security tools connected and importing data to DefectDojo as quickly as possible. + + + +We currently support Connectors for the following tools, with more on the way: + + +* **AWS Security Hub** +* **BurpSuite** +* **Checkmarx ONE** +* **Dependency\-Track** +* **Probely** +* **Semgrep** +* **SonarQube** +* **Snyk** +* **Tenable** + +These Connectors provide an API\-speed integration with DefectDojo, and can be used to automatically ingest and organize vulnerability data from the tool. + + + + +# Connectors Quick\-Start + + +If you're using DefectDojo's **Auto\-Map** settings, you can have your first Connector up and running in no time. + + +1. Set up a [Connector](https://support.defectdojo.com/en/articles/9056787-add-or-edit-a-connector) from a supported tool. +2. [Discover](https://support.defectdojo.com/en/articles/9056822-discover-operations) your tool's data hierarchy. +3. [Sync](https://support.defectdojo.com/en/articles/9124820-sync-operations) the vulnerabilities found with your tool into DefectDojo. + +That's all, really! And remember, even if you create your Connector the 'easy' way, you can easily change the way things are set up later, without losing any of your work. + + + + +# How Connectors Work + + +As long as you have the API key from the tool you're trying to connect, a connector can be added in just a few minutes. Once the connection is working, DefectDojo will **Discover** your tool's environment to see how you're organizing your scan data. + + + +Let's say you have a BurpSuite tool, which is set up to scan five different repositories for vulnerabilities. Your Connector will take note of this organizational structure and set up **Records** to help you translate those separate repositories into DefectDojo's Product / Engagement / Test hierarchy. If you have **'Auto\-Map Records'** enabled, DefectDojo will learn and copy that structure automatically. + + + + +![](https://downloads.intercomcdn.com/i/o/1004622773/fe375ad7f2ee3717a3688901/Screenshot+2024-03-27+at+15_50_38+%281%29.png?expires=1729720800&signature=85f08ec969cd4a5301882380414de0c3dfd2bf15a949aaec061d45f28f58cbd4&req=dSAnEs98n4ZYWvMW1HO4zYmbfqRB1Lp1LMtjuVEv4eEqMiwOkI085QOf4I6W%0AxAQ%2B%0A) + +Once your **Record** mappings are set up, DefectDojo will start importing scan data on a regular basis. You'll be kept up to date on any new vulnerabilities detected by the tool, and you can start working with existing vulnerabilities immediately, using DefectDojo's **Findings** system. + + + +When you're ready to add more tools to DefectDojo, you can easily rearrange your import mappings to something else. Multiple tools can be set up to import vulnerabilities to the same destination, and you can always reorganize your setup for a better fit without losing any work. + + + + +# My Connector isn't supported + + +Fortunately, DefectDojo can still handle manual import for a wide range of security tools. Please see our [Supported Tool List](https://support.defectdojo.com/en/articles/9641650-supported-tool-list), as well as our guide to Importing data. + + + + +# **Next Steps** + + +* Check out the Connectors page by switching to DefectDojo's [Beta UI](https://support.defectdojo.com/en/articles/9056775-switching-to-the-beta-ui). +* Follow our guide to [create your first Connector](https://support.defectdojo.com/en/articles/9056787-add-or-edit-a-connector). +* Check out the process of [Discovering \& Mapping](https://support.defectdojo.com/en/articles/9056822-discovery-records) your security tools and see how they can be configured to import data. diff --git a/docs/content/en/connecting_your_tools/connectors/add_edit_connectors.md b/docs/content/en/connecting_your_tools/connectors/add_edit_connectors.md new file mode 100644 index 0000000000..de5c342867 --- /dev/null +++ b/docs/content/en/connecting_your_tools/connectors/add_edit_connectors.md @@ -0,0 +1,42 @@ +--- +title: "Add or Edit a Connector" +description: "Connect to a supported security tool" +--- + +The process for adding and configuring a connector is similar, regardless of the tool you’re trying to connect. However, certain tools may require you to create API keys or complete additional steps. + + + +Before you begin this process, we recommend checking our [tool\-specific reference](https://support.defectdojo.com/en/articles/9056761-tool-specific-reference) to find the API resources for the tool you're trying to connect. + + + +1. If you haven't already, start by [switching to the Beta UI](https://support.defectdojo.com/en/articles/9056775-switching-to-the-beta-ui) in DefectDojo. +2. From the left\-side menu, click on the **API Connectors** menu item. This is nested under the **Import** header. +​ + + +![](https://downloads.intercomcdn.com/i/o/991915026/296fa5c67043d0abb4e2860c/Screenshot+2024-03-14+at+3_41_33+PM.png?expires=1729720800&signature=454263ddd9ba6944c1aa25e40f04f6b8130c84f16becd427c0261deb236719f8&req=fSkmH8h7nYNZFb4f3HP0gOGM2TgIbGVR3EfvdJsMjdCRCO26w%2FUujN5NeNyz%0At28%3D%0A) +3. Choose a new Connector you want to add to DefectDojo in **Available Connections**, and click the **Add Configuration** underneath the tool. +​ +You can also edit an existing Connection under the **Configured Connections** header. Click **Manage Configuration \> Edit Configuration** for the Configured Connection you want to Edit. +​ + + +![](https://downloads.intercomcdn.com/i/o/991916807/64e7bdb93a079883a6e3ab00/Screenshot+2024-03-14+at+3_43_22+PM.png?expires=1729720800&signature=a481892cc1793c842ffd9adf3679b09a53237f2573dacec45f938d872c7b3f47&req=fSkmH8h4lYFYFb4f3HP0gGj91l%2Fky%2BN9vPwzBx%2FPhnP8bP3dLpQaBHMDBqps%0ADMg%3D%0A) +4. You will need an accessible URL **Location** for the tool, along with an API **Secret** key. The location of the API key will depend on the tool you are trying to configure. See our **[Tool\-Specific Reference](https://support.defectdojo.com/en/articles/9056761-tool-specific-reference)** for more details. +​ +5. Set a **Label** for this connection to help you identify it in DefectDojo. +​ +6. Schedule the **Connector’s** automatic Discovery and Synchronization activities. These can be changed later. +​ +7. Select whether you wish to **Enable Auto\-Mapping**. Enable Auto\-Mapping will create a new Product in DefectDojo to store the data from this connector. Auto\-Mapping can be turned on or off at any time. +​ +8. Click **Submit.** + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/988485966/e745529a9c3ade55fe1b1b9b/gRMI254yf9N8orh2k25z6VzW7ttWszvrSg1w_IIirHu3QfOWzTM6Ct84XRBE8-KkVxhYncqI_pGhk3w1HJcyZK1Y7YNKqSQ_k0QLosULR_vb59V42X-JbAgvc15-tMxUalbF8nwig3N_koW11W-zqDM?expires=1729720800&signature=bfe1a7891af553d6711345393f9090070d889a8d00570ccbe16097fa5bd598d9&req=fSgvEsF7lIdZFb4f3HP0gCWhPQoxsd9Oygc4cz%2Furk3F2DljlYx3PggsKpTL%0AOg8%3D%0A) + +## Next Steps + + +* Now that you've added a connector, you can confirm everything is set up correctly by running a **[Discover](https://support.defectdojo.com/en/articles/9056822-discovery-records)** operation. diff --git a/docs/content/en/connecting_your_tools/connectors/connectors_tool_reference.md b/docs/content/en/connecting_your_tools/connectors/connectors_tool_reference.md new file mode 100644 index 0000000000..2963ee5239 --- /dev/null +++ b/docs/content/en/connecting_your_tools/connectors/connectors_tool_reference.md @@ -0,0 +1,273 @@ +--- +title: "Tool-Specific API Reference (Connectors)" +description: "Our list of supported Connector tools, and how to set them up with DefectDojo" +--- + +When setting up a Connector for a supported tool, you'll need to give DefectDojo specific information related to the tool's API. At a base level, you'll need: + + +* **Location** \-a field whichgenerallyrefers to your tool's URL in your network, +* **Secret** \- generally an API key. + +Some tools will require additional API\-related fields beyond **Location** and **Secret**. They may also require you to make changes on their side to accommodate an incoming Connector from DefectDojo. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/988476659/ceba1d2432ceef4f8ddd43ab/E4fVPzan1qaSwnVt96hVz2yE_ByLc8_Db-vmEezGHdmEQfWWPiawiSCV3gl-01VaJgWOx63uotxQjGl9cj6TG-Pb9AScvyRV12Q5dEU0gt4Qr5aoEUwYYa0HPQF_5iLTbz7Av2tAKqIRgj_9vE13328?expires=1729720800&signature=959e698083b3f013ebf4f44d7cd171460891ce0f88bacbc1abf9725763656363&req=fSgvEs54m4RWFb4f3HP0gDOvGCQsUdne6p9SGA1J6JbofhdNIhHVi1tX81ms%0A7sI%3D%0A) +Each tool has different API requirements, and this guide is intended to help you set up the tool's API so that DefectDojo can connect. + + + +Whenever possible, we recommend creating a new 'DefectDojo Bot' account within your Security Tool which will only be used by the Connector. This will help you better differentiate between actions manually taken by your team, and automated actions taken by the Connector. + + + + +# **Supported Connectors** + + + +## **AWS Security Hub** + + +The AWS Security Hub connector uses an AWS access key to interact with the Security Hub APIs. + + +#### Prerequisites + + +Rather than use the AWS access key from a team member, we recommend creating an IAM User in your AWS account specifically for DefectDojo, with that user's permissions limited to those necessary for interacting with Security Hub. + + + +AWS's "**[AWSSecurityHubReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSSecurityHubReadOnlyAccess.html)**policy" provides the required level of access for a connector. If you would like to write a custom policy for a Connector, you will need to include the following permissions: + + +* [DescribeHub](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeHub.html) +* [GetFindingAggregator](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindingAggregator.html) +* [GetFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) +* [ListFindingAggregators](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ListFindingAggregators.html) + +A working policy definition might look like the following: + + + + +``` +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AWSSecurityHubConnectorPerms", + "Effect": "Allow", + "Action": [ + "securityhub:DescribeHub", + "securityhub:GetFindingAggregator", + "securityhub:GetFindings", + "securityhub:ListFindingAggregators" + ], + "Resource": "*" + } + ] +} +``` + + +**Please note:** we may need to use additional API actions in the future to provide the best possible experience, which will require updates to this policy. + + +Once you have created your IAM user and assigned it the necessary permissions using an appropriate policy/role, you will need to generate an access key, which you can then use to create a Connector. + + + +#### Connector Mappings + + +1. Enter the appropriate [AWS API Endpoint for your region](https://docs.aws.amazon.com/general/latest/gr/sechub.html#sechub_region) in the **Location** field**:** for example, to retrieve results from the `us-east-1` region, you would supply + + +`https://securityhub.us-east-1.amazonaws.com` +2. Enter a valid **AWS Access Key** in the **Access Key** field. +3. Enter a matching **Secret Key** in the **Secret Key** field. + +DefectDojo can pull Findings from more than one region using Security Hub's **cross\-region aggregation** feature. If [cross\-region aggregation](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-aggregation.html) is enabled, you should supply the API endpoint for your "**Aggregation Region**". Additional linked regions will have ProductRecords created for them in DefectDojo based on your AWS account ID and the region name. + + + + +## **BurpSuite** + + +DefectDojo’s Burp connector calls Burp’s GraphQL API to fetch data. + + +#### Prerequisites + + + +Before you can set up this connector, you will need an API key from a Burp Service Account. Burp user accounts don’t have API keys by default, so you may need to create a new user specifically for this purpose. + + + +See [Burp Documentation](https://portswigger.net/burp/documentation/enterprise/user-guide/api-documentation/create-api-user) for a guide on setting up a Service Account user with an API key. + + +#### Connector Mappings + + +1. Enter Burp’s root URL in the **Location** field: this is the URL where you access the Burp tool. +2. Enter a valid API Key in the Secret field. This is the API key associated with your Burp Service account. + +See the official [Burp documentation](https://portswigger.net/burp/extensibility/enterprise/graphql-api/index.html) for more information on the Burp API. + + + + +## **Checkmarx ONE** + + +DefectDojo's Checkmarx ONE connector calls the Checkmarx API to fetch data. + + +#### **Connector Mappings** + + +1. Enter your **Tenant Name** in the **Checkmarx Tenant** field. This name should be visible on the Checkmarx ONE login page in the top\-right hand corner: +" Tenant: \<**your tenant name**\> " +​ + + +![](https://downloads.intercomcdn.com/i/o/1109449914/5ea92d383f2d09af8459a6ed/Screenshot+2024-07-10+at+2_57_34+PM.png?expires=1729720800&signature=d72362ec01a93727039ea6b52e32856d8fca74fb8f8751de50665f5779842968&req=dSEnH816lIheXfMW1HO4zW3Rem0XHydNRIiZJHcwnXoqZgIXk5Jl9kZAXhIg%0A8EbF%0A) +2. Enter a valid API key. You may need to generate a new one: see [Checkmarx API Documentation](https://docs.checkmarx.com/en/34965-68618-generating-an-api-key.html#UUID-f3b6481c-47f4-6cd8-9f0d-990896e36cd6_UUID-39ccc262-c7cb-5884-52ed-e1692a635e08) for details. +3. Enter your tenant location in the **Location** field. This URL is formatted as follows: +​`https://.ast.checkmarx.net/` . Your Region can be found at the beginning of your Checkmarx URL when using the Checkmarx app. **** is the primary US server (which has no region prefix). + + +## Dependency\-Track + + +This connector fetches data from a on\-premise Dependency\-Track instance, via REST API. + + + +​**Connector Mappings** + + +1. Enter your local Dependency\-Track server URL in the **Location** field. +2. Enter a valid API key in the **Secret** field. + +To generate a Dependency\-Track API key: + + +1. **Access Management**: Navigate to Administration \> Access Management \> Teams in the Dependency\-Track interface. +2. **Teams Setup**: You can either create a new team or select an existing one. Teams allow you to manage API access based on group membership. +3. **Generate API Key**: In the selected team's details page, find the "API Keys" section. Click the \+ button to generate a new API key. +4. **Assign Permissions**: In the "Permissions" section of the team's page, click the \+ button to open the permissions selector. Choose **VIEW\_PORTFOLIO** and **VIEW\_VULNERABILITY** permissions to enable API access to project portfolios and vulnerability details. +5. Click "**Select**" to confirm and save these permissions. + +For more information, see **[Dependency\-Track Documentation](https://docs.dependencytrack.org/integrations/rest-api/)**. + + + + +## Probely + + +This connector uses the Probely REST API to fetch data. + + + +​**Connector Mappings** + + +1. Enter the appropriate API server address in the **Location** field. (either or ) +2. Enter a valid API key in the **Secret** field. + +You can find an API key under the User \> API Keys menu in Probely. +See [Probely documentation](https://help.probely.com/en/articles/8592281-how-to-generate-an-api-key) for more info. + + + + +## **SemGrep** + + +This connector uses the SemGrep REST API to fetch data. + + +#### Connector Mappings + + +Enter https://semgrep.dev/api/v1/in the **Location** field. + + +1. Enter a valid API key in the **Secret** field. You can find this on the Tokens page: +​ +"Settings" in the left navbar \> Tokens \> Create new token ([https://semgrep.dev/orgs/\-/settings/tokens](https://semgrep.dev/orgs/-/settings/tokens)) + +See [SemGrep documentation](https://semgrep.dev/docs/semgrep-cloud-platform/semgrep-api/#tag__badge-list) for more info. + + + + +## SonarQube + + +The SonarQube Connector can fetch data from either a SonarCloud account or from a local SonarQube instance. + + + +**For SonarCloud users:** + + +1. Enter https://sonarcloud.io/ in the Location field. +2. Enter a valid **API key** in the Secret field. + +**For SonarQube (on\-premise) users:** + + +1. Enter the base url of your SonarQube instance in the Location field: for example `https://my.sonarqube.com/` +2. Enter a valid **API key** in the Secret field. This will need to be a **[User](https://docs.sonarsource.com/sonarqube/latest/user-guide/user-account/generating-and-using-tokens/)** [API Token Type](https://docs.sonarsource.com/sonarqube/latest/user-guide/user-account/generating-and-using-tokens/). + +API tokens can be found and generated via **My Account \-\> Security \-\> Generate Token** in the SonarQube app. For more information, [see SonarQube documentation](https://docs.sonarsource.com/sonarqube/latest/user-guide/user-account/generating-and-using-tokens/). + + + + +## **Snyk** + + +The Snyk connector uses the Snyk REST API to fetch data. + + +#### Connector Mappings + + +1. Enter **[https://api.snyk.io/rest](https://api.snyk.io/v1)** or **[https://api.eu.snyk.io/rest](https://api.eu.snyk.io/v1)** (for a regional EU deployment) in the **Location** field. +2. Enter a valid API key in the **Secret** field. API Tokens are found on a user's **[Account Settings](https://docs.snyk.io/getting-started/how-to-obtain-and-authenticate-with-your-snyk-api-token)** [page](https://docs.snyk.io/getting-started/how-to-obtain-and-authenticate-with-your-snyk-api-token) in Snyk. + +See the [Snyk API documentation](https://docs.snyk.io/snyk-api) for more info. + + + + +## Tenable + + +The Tenable connector uses the **Tenable.io** REST API to fetch data. + + +On\-premise Tenable Connectors are not available at this time. + + +#### **Connector Mappings** + + +1. Enter in the Location field. +2. Enter a valid **API key** in the Secret field. + +See [Tenable's API Documentation](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm) for more info. + + + + diff --git a/docs/content/en/connecting_your_tools/connectors/edit_ignore_delete_records.md b/docs/content/en/connecting_your_tools/connectors/edit_ignore_delete_records.md new file mode 100644 index 0000000000..ec2178f44a --- /dev/null +++ b/docs/content/en/connecting_your_tools/connectors/edit_ignore_delete_records.md @@ -0,0 +1,97 @@ +--- +title: "Edit, Ignore or Delete Records" +description: "" +--- + +Records can be Edited, Ignored or Deleted from the **Manage Records \& Operations Page.** + + + +Although Mapped and Unmapped records are located in separate tables, they can both be edited in the same way. + + + +From the Records table, click the blue ▼ Arrow next to the State column on a given Record. From there, you can select **Edit Record,** or **Delete Record.** + + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/991861519/038163776895e87723a52384/T6IvYbAUMdmrbVWj8fe_rYCn_MzgFXI9aEOu-PvVERtgZ7FjdurerkkobRY3R9uZfBuOO-7okvDSdEdjZLKpvEwbXAKlSHbiTEYOCfmfKXC-_eHsPXdX8sfMlQPL-A-NU9IiVJ5esQtdwcNSlsuD_u0?expires=1729720800&signature=f36d18c3de5b05361f4af20d4e7d3374f1d25358dfeffbf439f3462377d87054&req=fSkmHs9%2FmIBWFb4f3HP0gEja47GdQdb%2B%2BLFrIsBuvBMOnN0G6SdozTFKik%2BB%0AVx0%3D%0A) + +# Edit a Record + + +Clicking **Edit Record** will open a window which allows you to change the destination product in DefectDojo. You can either select an existing Product from the drop\-down menu, or you can type in the name of a new Product you wish to create. + + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/991861534/aaf6ffb16062460fa2876879/TRC8bfnFqHV6U3TZgqM92vSVg81pP_WgV1PJ8V4DnZ3dAdHlNTr0jTJdz6ojNOjCI9YQtmpczZQu2nSKMeReW-PLn7fx_kXYdryw2JCpmmlLkzqCHTW-cKnkZmTosww7Yjgm50IIedC-cTD4okrMj28?expires=1729720800&signature=5e419291cf110bce4ca16eb2b22faffc9fedd19e3125b2a994a333d342048612&req=fSkmHs9%2FmIJbFb4f3HP0gIkWHYe6PkjxMsN25eARnSCqNIbbjH8DQpCnmqYa%0AYZQ%3D%0A) + +## **Change the Mapping of a Record** + + +The scan data associated with a Record can be directed to flow into a different Product by changing the mapping. + + + +Select, or type in the name of a new Product from the drop\-down menu to the right. + + + +## **Edit the State of a Record** + + +The State of a Record can be changed from this menu as well. Records can be switched from Good to Ignored (or vice versa) by choosing an option from the **State** dropdown list. + + + +### Ignoring a Record + + +If you wish to ‘switch off’ one of the records or disregard the data it’s sending to DefectDojo, you can choose to ‘Ignore’ the record. An ‘Ignored’ record will move to the Unmapped Records list and will not push any new data to DefectDojo. + + +You can Ignore a Mapped Record (which will remove the mapping), or a New Record (from the unmapped Records list). + + + +### Restoring an Ignored Record + + +If you would like to remove the Ignored status from a record, you can change it back to New with the same State dropdown menu. + + +* If Auto\-Map Records is enabled, the Record will return to its original mapping once the Discover operation runs again. +​ +* If Auto\-Map Records is not enabled, DefectDojo will not automatically restore a previous mapping, so you’ll need to set up the mapping for this Record again. + + + +# **Delete a Record** + + +You can also Delete Records, which will remove them from the Unmapped or Mapped Records table. + + + +Keep in mind that the Discover function will always import all records from a tool \- meaning that even if a Record is deleted from DefectDojo, it will become re\-discovered later (and will return to the list of Records to be mapped again). + + + +* If you plan on removing the underlying Vendor\-Equivalent Product from your scan tool, then Deleting the Record is a good option. Otherwise, the next Discover operation will see that the associated data is missing, and this Record will change state to 'Missing'. +​ +* However, if the underlying Vendor\-Equivalent Product still exists, it will be Discovered again on a future Discover operation. To prevent this behaviour, you can instead Ignore the Record. + +## Does this affect any imported data? + + +No. All Findings, Tests and Engagements created by a sync record will remain in DefectDojo even after a Record is deleted. Deleting a record or a configuration will only remove the data\-flow process, and won’t delete any vulnerability data from DefectDojo or your tool. + + + + +# Next Steps + + +* If your Records have been mapped, learn how to import data via [Sync operations](https://support.defectdojo.com/en/articles/9124820-sync-operations). diff --git a/docs/content/en/connecting_your_tools/connectors/manage_records.md b/docs/content/en/connecting_your_tools/connectors/manage_records.md new file mode 100644 index 0000000000..a14a4eb898 --- /dev/null +++ b/docs/content/en/connecting_your_tools/connectors/manage_records.md @@ -0,0 +1,153 @@ +--- +title: "Manage Records" +description: "Direct the flow of data from your tool into DefectDojo" +--- + +Once you have run your first Discover operation, you should see a list of Mapped or Unmapped records on the **Manage Records and Operations** page. + + + + +# What's a Record? + + +A Record is a connection between a DefectDojo **Product** and a **Vendor\-Equivalent\-Product**. You can use your Records list to control the flow of data between your tool and DefectDojo. + + + +Records are created and updated during the **[Discover](https://support.defectdojo.com/en/articles/9056822-discover-operations)** operation, which DefectDojo runs daily to look for new Vendor\-Equivalent Products. + + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1004512180/25e5f0ff8bba23800a7c622d/l-b4Vm_oV1tyCZVwQPo2KJm2DTsVPZCOwQTSV2xXSw5CB9sc9OwBZDcKyNSGXqFjOBaDxaFADjbQ_tJGM_nVn6rFFr2Vdmdx7zMwRcMUIBT3aEjSKF5iMEksZwuJigydkUP2ZuxIUZlzQ9fVvmVYEpo?expires=1729720800&signature=6306cb7f1aa9afa737ccedcaa74cda82c3e2e8c3956166fa0891abce583e830f&req=dSAnEsx%2Fn4BXWfMW1HO4zcnC6uhR8d3wWPDnXoQJQeY5bTtW3w2ujN9NrzRk%0A4ZsY%0A) + +Records have various attributes, including: + + +* The **State** of the Record +* The **Product** the Record imports data to +* When the Record was **First and Last Discovered** (by the **Discover** process) +* When the Record mapping was **Finalized** by a user +* A link to the DefectDojo **Product** + + +# How Records are Mapped + + +Each Record needs to have a Mapping assigned. The Mapping tells DefectDojo where to store the scan data from the tool. A Mapped Record assigns the Vendor\-Equivalent Product to a DefectDojo Product, and tells the Connector to start importing scan data to that location (as Engagements and Tests). + + + +You can assign Mappings yourself, or you can have DefectDojo assign them automatically. + + + +## Auto\-Mapping + + +If you have **Auto\-Mapping** enabled, new Records will be Mapped to Products automatically. Each time DefectDojo **Discovers** a new Record, a matching DefectDojo Product will be automatically created for each Record**.** That Record will be stored under **Mapped Records** to indicate that it is ready to import data to DefectDojo. + + + +If you don't have Auto\-Mapping enabled, you can make your own decisions about where you want data to flow. Each time the Connector finds a new Vendor\-Equivalent Product (via **Discover**), it will add a new Record to your **Unmapped Records** list, and you can then manually assign that Record to a new or existing Product in DefectDojo. + + + +### Mapping \- Example Workflow: + + +David has just finished setting up a connector for his BurpSuite tool, and runs a Discover operation. David has Burp set up to scan 4 different 'Sites', and DefectDojo creates a new Record for each of those Sites. + + +* If David decides to use Auto\-Mapping, DefectDojo will create a new Product for each Site. From now on, when DefectDojo runs a Synchronize operation, the Connector will import scan data directly from the Site into the Product (via the Record mapping) +​ +* If David leaves Auto\-Mapping off, DefectDojo will still discover those 4 Sites and create Records, but it won't import any data until David creates the Mappings himself. +​ +* David can always change how these mappings are set up later. Maybe he wants to consolidate the output of a few different Burp Sites into a single Product. Or maybe he's looking to have a Product which records scan data from a few different tools \- including Burp. It's easy for David to change where Burp scan data is stored into DefectDojo by changing the Mapping of these Records. + + + +# How Records interact with Products + + +Once a Record is Mapped, DefectDojo will be ready to import your tool’s scans through a Sync Operation. Connectors can work alongside other DefectDojo import processes or interactive testing. + + +* Record Mappings are designed to be non\-invasive. If you map a Product to a Record which contains existing Engagements or Findings, those existing Engagements and Findings will not be affected or overwritten by the data sync process. +​ +* All data created via a connector will be stored under a single Engagement called **Global Connectors**. That Engagement will create a separate Test for each Connector mapped to the Product. +​ + +![](https://downloads.intercomcdn.com/i/o/1013197785/3dbf123a6fda3b38a7185bc7/Connectors+A.jpg?expires=1729720800&signature=c7f75935ff962f5f2e688fae915642793b545842c26db385f3da67e60afefba9&req=dSAmFch3moZXXPMW1HO4zbyD24POnHMJT72woKj99bWzm7uSUFDBRDBKiIRK%0AM7Le%0A) +This makes it possible to send scan data from multiple Connectors to the same Product. All of the data will be stored in the same Engagement, but each Connector will store data in a separate Test. + + + +To learn more about Products, Engagements and Tests, see our [Core Data Classes Overview](https://support.defectdojo.com/en/articles/8545273-core-data-classes-overview). + + + + +# Record States \- Glossary + + +Each Record has an associated state to communicate how the Record is working. + + + +### New + + +A New Record is an Unmapped Record which DefectDojo has Discovered. It can be Mapped to a Product or Ignored. To Map a new Record to a Product, see our guide on [Editing Records](https://support.defectdojo.com/en/articles/9072546-edit-ignore-or-delete-records). + + + + +### Good + + +'Good' indicates that a Record is Mapped and operating correctly. Future Discover Operations check to see if the underlying Vendor\-Equivalent Product still exists, to ensure that the Sync operation will run correctly. + + + + +### Ignored + + +'Ignored' Records have been successfully Discovered, but a DefectDojo user has decided not to map the data to a Product. If you wish to change a New or Mapped Record to Ignored, or re\-map an Ignored Record, see our guide on [Editing Records](https://support.defectdojo.com/en/articles/9072546-edit-ignore-or-delete-records). + + + + +## Warning States: Stale or Missing + + +If the connection between tool and DefectDojo changes, the state of a Record will change to let you know. + + + +### Stale + + +A Mapping is moved to ‘Stale’ when a related Product, Engagement or Test has been deleted from DefectDojo. The mapping still exists, but there isn’t anywhere in DefectDojo for the Tool’s data to import to. + + + +Stale records can be remapped to an existing Product, or Ignored if the scan data is no longer relevant. + + + +### Missing + + +If a Record has been Mapped, but the source data (or Vendor\-Equivalent Product) is not being detected by DefectDojo, the Record will be labeled as **Missing**. + + + +DefectDojo Connectors will adapt to name changes, directory changes and other data shifts, so this is possibly because the related Vendor\-Equivalent Product was deleted from the Tool you’re using. + + + +If you intended to remove the Vendor Equivalent Product from your tool, you can Delete a Missing Record. If not, you'll need to troubleshoot the problem within the Tool so that the source data can be Discovered correctly. + diff --git a/docs/content/en/connecting_your_tools/connectors/operations_discover.md b/docs/content/en/connecting_your_tools/connectors/operations_discover.md new file mode 100644 index 0000000000..3f09eb18a7 --- /dev/null +++ b/docs/content/en/connecting_your_tools/connectors/operations_discover.md @@ -0,0 +1,50 @@ +--- +title: "'Discover' Operations" +description: "Create Records, and direct the flow of scan data into DefectDojo" +--- + +Once you have a Connector set up, you can start making decisions about how data will flow from the tool into DefectDojo. This is managed through the Discovery process. + + + +You can manage all of these processes from the **Manage Records \& Operations** page. From the **API Connectors** page, click the drop\-down menu on the Connector you wish to work with, and select Manage Records \& Operations. + + + + +![](https://downloads.intercomcdn.com/i/o/991931761/2369607091f047ab7d9fc8f7/Screenshot+2024-03-14+at+3_58_06+PM.png?expires=1729720800&signature=a4514b13c28657c59684f62d83a2a341a021974c3039c4c1eb589378813803cd&req=fSkmH8p%2FmodeFb4f3HP0gD4PB4jnqjGHlvfM6JxkdxjjZLvtUsa3sBPCZn0%2F%0Au4Q%3D%0A) + +# Creating New Records + + +The first step a DefectDojo Connector needs to take is to **Discover** your tool's environment to see how you're organizing your scan data. + + + + +Let's say you have a BurpSuite tool, which is set up to scan five different repositories for vulnerabilities. Your Connector will take note of this organizational structure and set up **Records** to help you translate those separate repositories into DefectDojos Product/Engagement/Test hierarchy. + + +Each time your Connector runs a **Discover** operation, it will look for new **Vendor\-Equivalent\-Products (VEPs)**. DefectDojo looks at the way the Vendor tool is set up and will create **Records** of VEPs based on how your tool is organized. + + + + +![](https://downloads.intercomcdn.com/i/o/1004625297/5617e086a605102544ec5e37/Screenshot+2024-03-27+at+15_50_38+%281%29.png?expires=1729720800&signature=39ed2d006535fe6f3734ded90af212341d18725ac189fd6c93ef22efe83f22f0&req=dSAnEs98mINWXvMW1HO4zTo0ZAoA6if8rY3f2TjKX%2F98dBmwNaEs4%2B5s07hV%0Ab4FT%0A) + + +## Run Discover Manually + + +**Discover** operations will automatically run on a regular basis, but they can also be run manually. If you're setting up this Connector for the first time, you can click the **Discover** button next to the **Unmapped Records** header. After you refresh the page, you will see your initial list of **Records**. + + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1004506539/8f01b33b93821550f5198bd5/v8-yUUR6-EVcDMgbo4hOYp_5Q8gT96Zua_yqvPK2yubDZS0s_SVwFBwfKq4lPjuUJEfYtaLOL5syqJi0y_jND2aQj89l2xogKQaD4lO_alleK76L4WRbttxODT2Edui0erbhJ1xQApA0pws8X-opzc4?expires=1729720800&signature=5514f4b5a2d991188e7053d287a8e61f60301eb83cdae8384090808f224577b3&req=dSAnEsx%2Bm4RcUPMW1HO4zXucwJiAhf5WfVviwSTTFchq7bwThIMffCCban%2Bv%0AzwFl%0A) + +# **Next Steps:** + + +* Learn how to [manage the Records](https://support.defectdojo.com/en/articles/9073083-managing-records) discovered by a Connector, and start importing data. +* If your Records have already been mapped (such as through Auto\-Map Records), learn how to import data via [Sync operations](https://support.defectdojo.com/en/articles/9124820-sync-operations). diff --git a/docs/content/en/connecting_your_tools/connectors/operations_page.md b/docs/content/en/connecting_your_tools/connectors/operations_page.md new file mode 100644 index 0000000000..e5b63f1f02 --- /dev/null +++ b/docs/content/en/connecting_your_tools/connectors/operations_page.md @@ -0,0 +1,32 @@ +--- +title: "The Operations Page" +description: "Check the status of your Connector's Discover & Sync Operations" +--- + +The Operations Page provides an overview of your connector's Discover \& Sync Operations, along with additional details for each. These operations are tracked using a table. + + + +To access a Connector's Operations Page, open **Manage Records \& Operations** for the connector you wish to edit, and then switch to the **\ Operations From (tool)** tab. + + + +# The Operations Table + + +![](https://downloads.intercomcdn.com/i/o/991827471/4d72c3317f0291cd32911fa5/Screenshot+2024-03-14+at+2_10_33+PM.png?expires=1729720800&signature=383e48f88441677a74ca34118c501306bab4113071dccf81990a7c9d90f74c23&req=fSkmHst5mYZeFb4f3HP0gOmBiHLaYOL69I6UJegg%2FgTo8pPwwq0puToKhHMk%0AtVk%3D%0A) +Each entry on the Operations Table is a record of an operation event, with the following traits: + + + +* **Type** describes whether the event was a **Sync** or a **Discover** operation. +* **Status** describes whether the event ran successfully. +* **Trigger** describes how the event was triggered \- was it a **Scheduled** operation which ran automatically, or a **Manual** operation which was triggered by a DefectDojo user? +* The **Start \& End Time** of each operation is recorded here, along with the **Duration**. + + + +# **Next Steps** + + +* Learn more about [Discover](https://support.defectdojo.com/en/articles/9056822-discover-operations) and [Sync](https://support.defectdojo.com/en/articles/9124820-sync-operations) operations from our guides. diff --git a/docs/content/en/connecting_your_tools/connectors/operations_sync.md b/docs/content/en/connecting_your_tools/connectors/operations_sync.md new file mode 100644 index 0000000000..79b9e08175 --- /dev/null +++ b/docs/content/en/connecting_your_tools/connectors/operations_sync.md @@ -0,0 +1,43 @@ +--- +title: "'Sync' Operations" +description: "Import data from your Connector into DefectDojo" +--- + +The primary ‘Job’ of a DefectDojo Connector is to import data from a security tool, and this process is handled by the Sync Operation. + +On a daily basis, DefectDojo will look at each **Mapped** **Record** for new scan data. DefectDojo will then run a **Reimport**, which compares the state of each scan. + +# The Sync Process + +### Where is my vulnerability data stored? + +* DefectDojo will create an **Engagement** nested under the Product specified in the **Record Mapping**. This Engagement will be called **Global Connectors**. +* The **Global Connectors** Engagement will track each separate Connection associated with the Product as a **Test**. +* On this sync, and each subsequent sync, the **Test** will store each vulnerability found by the tool as a **Finding**. + +## How Sync handles new vulnerability data + +Whenever Sync runs, it will compare the latest scan data against the existing list of Findings for changes. + +* If there are new Findings detected, they will be added to the Test as new Findings. +* If there are any Findings which aren’t detected in the latest scan, they will be marked as Inactive in the Test. + +To learn more about Products, Engagements, Tests and Findings, see our [Core Data Classes Overview](https://support.defectdojo.com/en/articles/8545273-core-data-classes-overview). + + +# Running Sync Manually + +To have DefectDojo run a Sync operation off\-schedule: + +1. Navigate to the **Manage Records \& Operations** page for the connector you want to use. From the **API Connectors** page, click the drop\-down menu on the Connector you wish to work with, and select Manage Records \& Operations. +​ +2. From this page, click the **Sync** button. This button is located next to the **Mapped Records** header. + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1004529047/60f9b6df50f0d760de32f4f8/tLFaONBcKeFaybG7_YPdNx0Pk8yU2aSaANDTWiWkRL1NK9LJKyw7YMOD9Q0W6KUj6rQT8G9WvSeQrpzmVFyHWPaCTN3H_pvvdNYQo3queMqyyiB33wdbJFzBDm_QDbUGdRpRcsr8gzIH4arl2_6zLeQ?expires=1729720800&signature=824ac56f5e429a6841c7230f3097512452145aeb02b356d875b7a527e3f15e72&req=dSAnEsx8lIFbXvMW1HO4zSTetF5h5nFufHIHQsC%2F9kC8JSzNlTSMZg1aDUs5%0A89TQ%0A) + +# Next Steps + + +* Learn how to set up the flow of data into DefectDojo through a [Discover operation](https://support.defectdojo.com/en/articles/9056822-discover-operations). +* Adjust the schedule of your Sync and Discover operations by [Editing a Connector](https://support.defectdojo.com/en/articles/9056787-add-or-edit-a-connector). +* Learn about Engagements, Tests and Findings with our guide to [Core Data Classes](https://support.defectdojo.com/en/articles/8545273-core-data-classes-overview). diff --git a/docs/content/en/connecting_your_tools/connectors/run_operations_manually.md b/docs/content/en/connecting_your_tools/connectors/run_operations_manually.md new file mode 100644 index 0000000000..96d80c88f3 --- /dev/null +++ b/docs/content/en/connecting_your_tools/connectors/run_operations_manually.md @@ -0,0 +1,28 @@ +--- +title: "How to run Operations manually" +description: "Run a Sync or Discover operation outside of schedule" +--- + +Connectors import data to DefectDojo on a regular interval (which you defined when adding the connector). However, if you want to import data manually (such as if you want to import historical data) you can follow this process: + + + +Select the tool which you want to test from **Configured Connections,** and click the **Manage Configuration button.** From the drop\-down list, select **Manage Records and Operations.** + + + +## Run Discover Manually + + +* To have DefectDojo search for, and import new records from the API, click the **🔎 Discover** button. This button is located next to the **Unmapped Records** header. + +![](https://downloads.intercomcdn.com/i/o/991836936/76086dea0cb2846d58bcb1fa/Screenshot+2024-03-14+at+2_21_22+PM.png?expires=1729720800&signature=0bb6b3d68adae5492db7928dbedec8559f10756593583259b65e25026988177e&req=fSkmHsp4lIJZFb4f3HP0gF3QGQtZ8dVqHD%2BP1iSP%2FmzeYzCXZIgTZHepumPU%0ACGw%3D%0A) +## Run Sync Manually + + +* To have DefectDojo import new data from each Mapped Record, click the **Sync** button. This button is located next to the **Mapped Records** header. + +![](https://downloads.intercomcdn.com/i/o/991838900/4910dc9a0b353c218a5077e4/Screenshot+2024-03-14+at+2_23_17+PM.png?expires=1729720800&signature=3300a0e96e57dc864fc6b64ba8b87ecd5551f1c3cf5017b7bdb8bc9a276f1970&req=fSkmHsp2lIFfFb4f3HP0gK3OFXi%2B%2BLng5nWOhwpc%2BdJQdRYzv2w4BBZ%2BRIh5%0AXAE%3D%0A) + +If there are no Mapped Records associated with this Connector, DefectDojo will not be able to import any data via Sync. You may need to run a Discover operation first, or map each record to a Product. + diff --git a/docs/content/en/connecting_your_tools/import_intro.md b/docs/content/en/connecting_your_tools/import_intro.md new file mode 100644 index 0000000000..55b5a24963 --- /dev/null +++ b/docs/content/en/connecting_your_tools/import_intro.md @@ -0,0 +1,44 @@ +--- +title: "Import Methods" +description: "Learn how to import data manually, through the API, or via a connector" +weight: 0 +--- + +One of the things we understand at DefectDojo is that every company’s security needs are completely different. There is no ‘one\-size\-fits\-all’ approach. As your organization changes, having a flexible approach is key. + +DefectDojo allows you to connect your security tools in a flexible way to match those changes. + +# Scan Upload Methods + +When DefectDojo receives a vulnerability report from a security tool, it will create Findings based on the vulnerabilities contained within that report. DefectDojo acts as the central repository for these Findings where they can be triaged, remediated or otherwise addressed by you and your team. + +There are four main ways that DefectDojo can upload Finding reports: + +* Via direct **import** through the UI (“**Add Findings**”) +* Via **API** endpoint (allowing for automated data ingest) +* Via **Connectors** for certain tools, an ‘out of the box’ data integration +* Via **Smart Upload** for certain tools, an importer designed to handle infrastructure scans + + +## Comparing Upload Methods + +| | **UI Import** | **API Import** | **Connectors** | **Smart Upload** | +| --- | --- | --- | --- | --- | +| **Supported Scan Types** | All (see **Supported Tools**) | All (see **Supported Tools**) | Snyk, Semgrep, Burp Suite, AWS Security Hub, Probely, Checkmarx, Tenable | Nexpose, NMap, OpenVas, Qualys, Tenable | +| **Can it be automated?** | Not directly, though method can be automated through API | Yes, calls to API can be made manually or via script | Yes, Connectors is a natively automated process which leverages your tool’s API to rapidly import data | Yes, can be automated via /smart\_upload\_import API endpoint | + + +## Product Hierarchy + +Each of these methods can create Product Hierarchy on the spot. Product Hierarchy refers to DefectDojo’s Product Types, Products, Engagements or Tests: objects in DefectDojo which help organize your data into relevant context. + + +* **Vulnerability data can be imported into an existing Product Hierarchy**. Product Types, Products, Engagements and Tests can all be created in advance, and then data can be imported to that location in DefectDojo. +* **The contextual Product Hierarchy can be created at the time of import.** When importing a report, you can create a new Product Type, Product, Engagement and/or Test. This is handled by DefectDojo through the ‘auto\-create context’ option. + +# Next Steps + + +* If you have a brand new DefectDojo instance, learning how to use the **Import Scan Form** is a great starting point. +* If you want to learn how to translate DefectDojo’s organizational system into a robust pipeline, you can start by consulting our article on **[Core Data Classes](https://support.defectdojo.com/en/articles/8545273-core-data-classes-overview)**. +* If you want to set up Connectors to work with a supported tool, see our **[Introducing Connectors](https://support.defectdojo.com/en/articles/9072654-introducing-connectors)** article. diff --git a/docs/content/en/connecting_your_tools/import_scan_files/_index.md b/docs/content/en/connecting_your_tools/import_scan_files/_index.md new file mode 100644 index 0000000000..03eda102b7 --- /dev/null +++ b/docs/content/en/connecting_your_tools/import_scan_files/_index.md @@ -0,0 +1,17 @@ +--- +title: "Import Scans" +description: "Use DefectDojo's Import / Reimport to ingest data and build a pipeline" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 1 +chapter: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +--- \ No newline at end of file diff --git a/docs/content/en/connecting_your_tools/import_scan_files/api_pipeline_modelling.md b/docs/content/en/connecting_your_tools/import_scan_files/api_pipeline_modelling.md new file mode 100644 index 0000000000..ef71757e8c --- /dev/null +++ b/docs/content/en/connecting_your_tools/import_scan_files/api_pipeline_modelling.md @@ -0,0 +1,67 @@ +--- +title: "Creating an automated import pipeline via API" +description: "" +--- + +DefectDojo’s API allows for robust pipeline solutions, which automatically ingest new scans to your instance. Automation like this can take a few different forms: + + +* A daily import which scans your environment on a daily basis, and then imports the results of the scan to DefectDojo (similar to our **Connectors** feature) +* A CI/CD pipeline which scans new code as it is deployed, and imports the results to DefectDojo as a triggered action + +These pipelines can be created by directly calling our API **/reimport** endpoint with an attached scan file in a way that closely resembles our **Import Scan Form**. + + + + +# Universal Importer \- out of the box CI/CD tool + + +DefectDojo maintains a **Universal Importer** which can be set up with existing CI/CD pipelines, triggered via GitHub actions, or run in any other automated context. The **Universal Importer** runs in a separate container, and will call your DefectDojo instance’s API in the appropriate way. + + + +The Universal Importer is a useful way to leverage the API without needing to create and maintain the necessary API calls in your own pipeline. This is generally a faster solution than writing your own code. + + + +If you have an active DefectDojo subscription and want to request a copy of the Universal Importer, please contact us at **[support@defectdojo.com](mailto:support@defectdojo.com)** along with the operating system you want to use to run the tool. + + + + +# Working with DefectDojo’s API + + +DefectDojo’s API is documented in\-app using the OpenAPI framework. You can access this documentation from the User Menu in the top right\-hand corner, under **‘API v2 OpenAPI3’**. + + + +\- The documentation can be used to test API calls with various parameters, and does so using your own user’s API Token. + + + +If you need to access an API token for a script or another integration, you can find that information under the **API v2 Token** option from the same menu. + + + + +![](https://downloads.intercomcdn.com/i/o/1194909638/703454b50036cf2ca1a81f32/AD_4nXfIr4WW26929_IyD_QPSwgKNOuCOGjAmWDgSG8xspkV9wTnaSoAAZfDALaryqiB2oveX28Q6vjDKHvwmb0ifQeLHgBu0wiBj_3koRlREsgeVlqoaCXQsF0aKrEFRvW9nHbAcN7j3sZ5CYBf8PAlyIVdUUrv?expires=1729720800&signature=e40de8269826823a00522ded678a3c30dc87de5a6e19eeea8fc3af90cad39c9b&req=dSEuEsB%2BlIdcUfMW1HO4zeLU2UHEgkjAHhhk9dUYCHZLgsIxMijLHi39L0MB%0AIeeQ%0A) +## General API Considerations + + +* Although our OpenAPI documentation is detailed regarding the parameters that can be used with each endpoint, it assumes that the reader has a solid understanding of DefectDojo’s key concepts. (Product Hierarchy, Findings, Deduplication, etc). +* Users who want a working import integration but are less familiar with DefectDojo as a whole should consider our **Universal Importer**. +* DefectDojo’s API can sometimes create unintended data objects, particularly if ‘Auto\-Create Context’ is used on the **/import** or **/reimport** endpoint. +* Fortunately, it is very difficult to accidentally delete data using the API. Most objects can only be removed using a dedicated **DELETE** call to the relevant endpoint. + + +## Specific notes on /import and /reimport endpoints + + +The **/reimport** endpoint can be used for both an initial Import, or a “Reimport” which extends a Test with additional Findings. You do not need to first create a Test with **/import** before you can use the **/reimport** endpoint. As long as ‘Auto Create Context’ is enabled, the /reimport endpoint can create a new Test, Engagement, Product or Product Type. In almost all cases, you can use the **/reimport** endpoint exclusively when adding data via API. + + + +However, the **/import** endpoint can instead be used for a pipeline where you always want to store each scan result in a discrete Test object, rather than using **/reimport** to handle the diff within a single Test object. Either option is acceptable, and the endpoint you choose depends on your reporting structure, or whether you need to inspect an isolated run of a Pipeline. + diff --git a/docs/content/en/connecting_your_tools/import_scan_files/import_scan_ui.md b/docs/content/en/connecting_your_tools/import_scan_files/import_scan_ui.md new file mode 100644 index 0000000000..fdd4663f29 --- /dev/null +++ b/docs/content/en/connecting_your_tools/import_scan_files/import_scan_ui.md @@ -0,0 +1,91 @@ +--- +title: "Import Scan Form" +description: "" +--- + +If you have a brand new DefectDojo instance, the Import Scan Form is a logical first step to learn the software and set up your environment. From this form, you upload a scan file from a supported tool, which will create Findings to represent those vulnerabilities. While filling out the form, you can decide whether to: + + + +* Store these Findings under an existing Product Type / Product / Engagement **or** +* Create a new Product Type / Product / Engagement to store these Findings + +It’s easy to reorganize your Product Hierarchy in DefectDojo, so it’s ok if you’re not sure how to set things up yet. + + + +For now, it’s good to know that **Engagements** can store data from multiple tools, which can be useful if you’re running different scans concurrently. + + + +# Accessing the Import Scan Form + + +The Import Scan form can be accessed from multiple locations: + + +1. Via the **Import \> Add Findings** menu option on the sidebar +2. From a **Product’s** **‘⋮’ (horizontal dots) Menu**, from a **Products Table** +3. From the **⚙️Gear Menu** on a **Product Page** + + +# Completing the Import Scan Form + + + +![](https://downloads.intercomcdn.com/i/o/1194906679/a60baa110d050daaa532a102/AD_4nXcEnbN_x3AjBNKGsmncJsN8_L1IlYrBpTMJZxytGO_e_VB8WJku0fWpCRW0b1TsvEYkBgPgQzO9qa4qhfu1PNFZA8SVuUXbnITNbsOcy4I4VUa-r2biSV8HZQ8YkF6-ymWuVITT4yJr6faw2pU4YoeOK7v-?expires=1729720800&signature=850b7c98efd22ee1657f19fb2dbb322a31a44ba2ae5c6bd9d20c14ba4597b79b&req=dSEuEsB%2Bm4dYUPMW1HO4zU0nB9s5bQTJ2NRVzn8adEyCFbo8CH9pmXxFmv4P%0AqUkB%0A) +The Import Scan form will create a new Test nested under an Engagement, which will contain a unique Finding for each vulnerability contained within your scan file. + + + +The Test will be created with a name that matches the Scan Type: e.g. a Tenable scan will be titled ‘Tenable Scan’. + + + +## Form Options + + +* **Scan File:** by clicking on the Choose button, you can select a file from your computer to upload. +* **Scan Date (optional):** if you want to select a single Scan Date to be applied to all Findings that result from this import, you can select the date in this field. +If you do not select a Scan Date, Findings created from this report will use the date specified by the tool. SLAs for each Finding will be calculated based on their date. +* **Scan Type:** select the tool used to create this data. +* **Product Type / Product / Engagement Name:** select the Product Type, Product, and Engagement Name which you want to create a new Test under. You can also create a new Product Type, Product and/or Engagement at this time if you wish to, by entering the names of the objects that you want to create. +* **Environment:** select an Environment that corresponds to the data you’re uploading. +* **Tags:** if you want to use tags to further organize your Test data, you can add Tags using this form. Type in the name of the tag you want to create, and press Enter on your keyboard to add it to the list of tags. +* **Process Findings Asynchronously**: this field is enabled by default, but it can be disabled if you wish. See explanation below. + +## Process Findings Asynchronously + + +When this field is enabled, DefectDojo will use a background process to populate your Test file with Findings. This allows you to continue working with DefectDojo while Findings are being created from your scan file. + + + +When this field is disabled, DefectDojo will wait until all Findings have been successfully created before you can proceed to the next screen. This could take significant time depending on the size of your file. + + + +This option is especially relevant when using the API. If uploading data with Process Findings Asynchronously turned **off**, DefectDojo will not return a successful response until all Findings have been created successfully, + + + +## Optional Fields + + +* **Minimum Severity**: If you only want to create Findings for a particular Severity level and above, you can select the minimum Severity level here. All vulnerabilities with lower severity than this field will be ignored. +* **Active**: if you want to set all of the incoming Findings to either Active or Inactive, you can specify that here. Otherwise, DefectDojo will use the tool’s vulnerability data to determine whether the Finding is Active or Inactive. This option is relevant if you need your team to manually triage and verify Findings from a particular tool. +* **Verified**: as with Active you can set the new set of Findings to either Verified or Unverified by default. This depends on your workflow preferences. For example, if your team prefers to assume Findings are verified unless proven otherwise, you can set this field to True. +* **Version, Branch Tag, Commit Hash, Build ID, Service** can all be specified if you want to include these details in the Test. +* **Source Code Management URI** can also be specified. This form option must be a valid URI. +* **Group By:** if you want to create Finding Groups out of this File, you can specify the grouping method here. + + +## Next Steps + + +Once your upload has completed, you should be redirected to the Test Page which contains the Findings found in the scan file. You can start working with those results right away, but feel free to consult the following articles: + + + +* Learn how to organize your Product Hierarchy to manage different contexts for your Findings and Tests: **[Core Data Classes](https://support.defectdojo.com/en/articles/8545273-core-data-classes-overview)**. +* Learn how to add new Findings to this test: **Reimport Data To Extend a Test** diff --git a/docs/content/en/connecting_your_tools/import_scan_files/smart_upload.md b/docs/content/en/connecting_your_tools/import_scan_files/smart_upload.md new file mode 100644 index 0000000000..7e037b6512 --- /dev/null +++ b/docs/content/en/connecting_your_tools/import_scan_files/smart_upload.md @@ -0,0 +1,82 @@ +--- +title: "Smart Upload" +description: "Automatically route incoming Findings to the correct Product" +--- + +Smart upload is a specialized importer that ingests reports from **infrastructure scanning tools**, including: + + + +* Nexpose +* NMap +* OpenVas +* Qualys +* Tenable + + +Smart Upload is unique in that it can split Findings from a scan file into separate Products. This is relevant in an Infrastructure scanning context, where the Findings may apply to many different teams, have different implicit SLAs, or need to be included in separate reports due to where they were discovered in your infrastructure. + + + +Smart Upload handles this by sorting incoming findings based on the Endpoints discovered in the scan. At first, those Findings will need to be manually assigned, or directed into the correct Product from an Unassigned Findings list. However, once a Finding has been assigned to a Product, all subsequent Findings that share an Endpoint or Host will be sent to the same Product. + + + +# Smart Upload menu options + + +The Smart Upload menu is stored in a collapsible section of the sidebar. + + + +* **Add Findings allows you to import a new scan file, similar to DefectDojo’s Import Scan method** +* **Unassigned Findings lists all Findings from Smart Upload which have yet to be assigned to a Product.** + + +![](https://downloads.intercomcdn.com/i/o/1194910967/0360afc3606c62b972b29fb0/AD_4nXeghMk_jectcbz_xSEWILQ6TKfMAkJFaYqtLjaeCgjscW0-H0BAM5M2oFQxB4aY4-R6qRcFp4G1-6HP3z9uc7_mICl5JSkxw9lRnKtH4OQBkoRuRYFbtBKMhENVa0HRsuEmH8n-S3vc7s0F_3uTyPOh8Rk?expires=1729720800&signature=182c23fcf2186f97130f369f44608461240088b1545d6053de9e107a589b3ee0&req=dSEuEsB%2FnYhZXvMW1HO4zQ9CTDLAIv7psFxRziJwPE1a%2B1rCBkMxAnkniABG%0AsM3u%0A) + +## The Smart Upload Form + + + +The Smart Upload Import Scan form is essentially the same as the Import Scan form. See our notes on the **Import Scan Form** for more details. + + + +![](https://downloads.intercomcdn.com/i/o/1194910970/28b48ec77b1b3fd2ff19d0ea/AD_4nXddw4i_wM6uS34D1FgNp6XXc4jS-LymrQ6-CrkG2zle6mAq9Kwec0c_OrrNiyyBVfm6val4zOm6Luw_NpJcENyk2QX3eGDaPFjQDutPDHq8mbIW5UZ5wTM5va2FfKi9iJszc90_Mmv5aK6SY5wxtN_fuqGF?expires=1729720800&signature=d3665007fd8712695fb627563c2d805a1805cc9b23aaf12c4ddee2bece914413&req=dSEuEsB%2FnYhYWfMW1HO4zXr9jg9CVymHsc8jFHm%2BzRoBsZZTnkdGy3G57DLP%0A1xVl%0A) + +# Unassigned Findings + + +Once a Smart Upload has been completed, any Findings which are not automatically assigned to a Product (based on their Endpoint) will be placed in the **Unassigned Findings** list. The first Smart Upload for a given tool does not yet have any method to Assign Findings, so each Finding from this file will be sent to this page for sorting. + + + +Unassigned Findings are not included in the Product Hierarchy and will not appear in reports, filters or metrics until they have been assigned. + + + +## Working with Unassigned Findings + + + +![](https://downloads.intercomcdn.com/i/o/1194910969/b302152dd308050bc2cabb3f/AD_4nXf4caWaw6HYn1LqY5zv42mQztXQyeNWMmDwQVFRZ7smFzH7rvmZ4NCmDEA3gMVBkGwl51bSvK4sSAf7o8NjtDtuaxVJsC9PLLLbLU5coe0SFHDkoAS_WnqCYSyQbDWmpoNx7dfkLoDQDg9yCj6n8mnuWXqi?expires=1729720800&signature=b68b7f0d6ad8b8761fbd5abd6e390626dbd1a5eefc32911cd11fd94ffb0eb669&req=dSEuEsB%2FnYhZUPMW1HO4zdffFk2MwOJJkdNLPpAJSJFznXtdp%2Fn2TAS3J7sE%0A5jzx%0A) + +You can select one or more Unassigned Findings for sorting with the checkbox, and perform one of the following actions: + + + +* **Assign to New Product, which will create a new Product** +* **Assign to Existing Product which will move the Finding into an existing Product** +* **Disregard Selected Findings**, which will remove the Finding from the list + + +Whenever a Finding is assigned to a New or Existing Product, it will be placed in a dedicated Engagement called ‘Smart Upload’. This Engagement will contain a Test named according to the Scan Type (e.g. Tenable Scan). Subsequent Findings uploaded via Smart Upload which match those Endpoints will be placed under that Engagement \> Test. + + + +## Disregarded Findings + + +If a Finding is Disregarded it will be removed from the Unassigned Findings list. However, the Finding will not be recorded in memory, so subsequent scan uploads may cause the Finding to appear in the Unassigned Findings list again. + diff --git a/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md b/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md new file mode 100644 index 0000000000..34cdf235aa --- /dev/null +++ b/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md @@ -0,0 +1,128 @@ +--- +title: "Adding new Findings to a Test via Reimport" +description: "" +--- + +When a Test is created in DefectDojo (either in advance or by importing a scan file), the Test can be extended with new Finding data. + + + +For example, let’s say you have a CI/CD pipeline, which is designed to send a new report to DefectDojo every day. Rather than create a new Test or Engagement for each ‘run’ of the pipeline, you could have each report flow into the same Test using **Reimport**. + + + + +# Reimport: Process Summary + + +Reimporting data does not replace any old data in the Test, instead, it compares the incoming scan file with the existing scan data in a test to make informed decisions: + + + +* Based on the latest file, which vulnerabilities are still present? +* Which vulnerabilities are no longer present? +* Which vulnerabilities have been previously solved, but have since been reintroduced? + + +The Test will track and separate each scan version via **Import History,** so that you can check the Finding changes in your Test over time. + + + +![](https://downloads.intercomcdn.com/i/o/1194908628/52e2f3805bfbc2ef483e80f6/AD_4nXd1WNxopcweiK0ewbROIATPwKW6I4wRkMf83VQHOp3VGnwFbx3PIF_dKM_bTXxeRWdyOZRnXvlAIQUX4yPEwb0fg3P6NQZeRWY2qj6JN0T5BRaz2GZXGvbg-hWPmq2fhPCQHGUDdUMhQgFLkYN901McsDSw?expires=1729720800&signature=92270ab31ae91539655a6579d7f0b64bb18780ba93039b9457970b66e20edfbe&req=dSEuEsB%2BlYddUfMW1HO4zXlQLIbdnHicZ5UbPT1ZwpIiIYEWtY3aCewJOpvL%0Ab%2FjM%0A) + + +# Reimport Logic: Create, Ignore, Close or Reopen + + +When using Reimport, DefectDojo will compare the incoming scan data with the existing scan data, and then apply changes to the Findings contained within your Test as follows: + + + +## Create Findings + + +Any vulnerabilities which were not contained in the previous import will be added to the Test automatically as new Findings. + + + +## Ignore existing Findings + + +If any incoming Findings match Findings that already exist, the incoming Findings will be discarded rather than recorded as Duplicates. These Findings have been recorded already \- no need to add a new Finding object. The Test page will show these Findings as **Left Untouched**. + + + +## Close Findings + + +If there are any Findings that already exist in the Test but which are not present in the incoming report, you can choose to automatically set those Findings to Inactive and Mitigated (on the assumption that those vulnerabilities have been resolved since the previous import). The Test page will show these Findings as **Closed**. + + + +If you don’t want any Findings to be closed, you can disable this behavior on Reimport: + + +* Uncheck the **Close Old Findings** checkbox if using the UI +* Set **close\_old\_findings** to **False** if using the API + +## Reopen Findings + + +* If there are any Closed Findings which appear again in a Reimport, they will automatically be Reopened. The assumption is that these vulnerabilities have occurred again, despite previous mitigation. The Test page will track these Findings as **Reactivated**. + + +If you’re using a triage\-less scanner, or you don’t otherwise want Closed Findings to reactivate, you can disable this behavior on Reimport: + + +* Set **do\_not\_reactivate** to **True** if using the API +* Check the **Do Not Reactivate** checkbox if using the UI + + + +# Opening the Reimport form + + +The **Re\-Import Findings** form can be accessed on any Test page, under the **⚙️Gear** drop\-down menu. + + +## + + +![](https://downloads.intercomcdn.com/i/o/1194908627/eb05840e395795550e54466f/AD_4nXfOUJldIKEa6Yr3NsphqeCAnOa-VlBgyLTYw0z_daFCQjNzdt_1way4w0t8nrX2ggjnllNAVqv6SfCn3BTfytYjATb6cf0tb6u-9ccz4QC6Qg8p_21aXACIMF1dTy2LeTSnpYtYwHEos9JKD5Hz7Ui4JUP7?expires=1729720800&signature=522addc1e53490316243b947db3014fcda398cf1a328d60f3473168682d55871&req=dSEuEsB%2BlYddXvMW1HO4zY5Pd0UWoQFJUVi4V0iRH%2B%2BKw1%2BMkgb%2BSEFmSpeX%0Ac54n%0A)## + + +The **Re\-import Findings** **Form** will **not** allow you to import a different scan type, or change the destination of the Findings you’re trying to upload. If you’re trying to do one of those things, you’ll need to use the **Import Scan Form**. + + + + +# Working with Import History + + +Import History for a given test is listed under the **Test Overview** header on the **Test** page. + + + +This table shows each Import or Reimport as a single line with a **Timestamp**, along with **Branch Tag, Build ID, Commit Hash** and **Version** columns if those were specified. + + + + +![](https://downloads.intercomcdn.com/i/o/1194908626/72dc8e30a9f35b80e50c45d7/AD_4nXdjK_vtcbopS89UxEkLbbTF5yaKjNaEKoEbm15zq6m_yQcs8RTZWhGpD_FzaKFyp3p9ubrHfQPG1Hxa7mCuJN71_eK8f7gpiFRFrtLQavLz04J4odtBoN2HODhX-2bXgdK6hXZTQs5eoKiMU42BWc2aD7_s?expires=1729720800&signature=7e53ae3bd29381e3a20b8fdb72dd909c5271530c278fb5b1827217b0571218fa&req=dSEuEsB%2BlYddX%2FMW1HO4zaYdUMRuJgJFAp64fyc3gN8EIWfxL2bJjLRubpH%2B%0Amq%2Bo%0A) +## Actions + + +This header indicates the actions taken by an Import/Reimport. + + +* **\# created indicates the number of new Findings created at the time of Import/Reimport** +* **\# closed shows the number of Findings that were closed by a Reimport (due to not existing in the incoming report).** +* **\# left untouched shows the count of Open Findings which were unchanged by a Reimport (because they also existed in the incoming report).** +* **\#** **reactivated** shows any Closed Findings which were reopened by an incoming Reimport. + + +# Reimport via API \- special note + + +Note that the /reimport API endpoint can both **extend an existing Test** (apply the method in this article) **or** **create a new Test** with new data \- an initial call to /import, or setting up a Test in advance is not required. + diff --git a/docs/content/en/integrations/parsers/_index.md b/docs/content/en/connecting_your_tools/parsers/_index.md similarity index 71% rename from docs/content/en/integrations/parsers/_index.md rename to docs/content/en/connecting_your_tools/parsers/_index.md index 88f7d105bf..3583fd52f5 100644 --- a/docs/content/en/integrations/parsers/_index.md +++ b/docs/content/en/connecting_your_tools/parsers/_index.md @@ -1,6 +1,8 @@ --- -title: "Supported reports" +title: "Supported Reports" description: "DefectDojo has the ability to import scan reports from a large number of security tools." draft: false weight: 1 +sidebar: + collapsed: true --- diff --git a/docs/content/en/integrations/parsers/api/_index.md b/docs/content/en/connecting_your_tools/parsers/api/_index.md similarity index 97% rename from docs/content/en/integrations/parsers/api/_index.md rename to docs/content/en/connecting_your_tools/parsers/api/_index.md index e25cd7f6f7..1d1e5a3e09 100644 --- a/docs/content/en/integrations/parsers/api/_index.md +++ b/docs/content/en/connecting_your_tools/parsers/api/_index.md @@ -3,6 +3,8 @@ title: "API Pull" description: "Report pulled to DefectDojo via API exposed by scanning service" weight: 2 chapter: true +sidebar: + collapsed: true --- All parsers that use API pull have common basic configuration steps, but with different values. diff --git a/docs/content/en/integrations/parsers/api/blackduck.md b/docs/content/en/connecting_your_tools/parsers/api/blackduck.md similarity index 100% rename from docs/content/en/integrations/parsers/api/blackduck.md rename to docs/content/en/connecting_your_tools/parsers/api/blackduck.md diff --git a/docs/content/en/integrations/parsers/api/bugcrowd.md b/docs/content/en/connecting_your_tools/parsers/api/bugcrowd.md similarity index 100% rename from docs/content/en/integrations/parsers/api/bugcrowd.md rename to docs/content/en/connecting_your_tools/parsers/api/bugcrowd.md diff --git a/docs/content/en/integrations/parsers/api/cobalt.md b/docs/content/en/connecting_your_tools/parsers/api/cobalt.md similarity index 100% rename from docs/content/en/integrations/parsers/api/cobalt.md rename to docs/content/en/connecting_your_tools/parsers/api/cobalt.md diff --git a/docs/content/en/integrations/parsers/api/edgescan.md b/docs/content/en/connecting_your_tools/parsers/api/edgescan.md similarity index 100% rename from docs/content/en/integrations/parsers/api/edgescan.md rename to docs/content/en/connecting_your_tools/parsers/api/edgescan.md diff --git a/docs/content/en/integrations/parsers/api/sonarqube.md b/docs/content/en/connecting_your_tools/parsers/api/sonarqube.md similarity index 100% rename from docs/content/en/integrations/parsers/api/sonarqube.md rename to docs/content/en/connecting_your_tools/parsers/api/sonarqube.md diff --git a/docs/content/en/integrations/parsers/api/vulners.md b/docs/content/en/connecting_your_tools/parsers/api/vulners.md similarity index 100% rename from docs/content/en/integrations/parsers/api/vulners.md rename to docs/content/en/connecting_your_tools/parsers/api/vulners.md diff --git a/docs/content/en/integrations/parsers/file/_index.md b/docs/content/en/connecting_your_tools/parsers/file/_index.md similarity index 78% rename from docs/content/en/integrations/parsers/file/_index.md rename to docs/content/en/connecting_your_tools/parsers/file/_index.md index f567eacb2d..29b8448a85 100644 --- a/docs/content/en/integrations/parsers/file/_index.md +++ b/docs/content/en/connecting_your_tools/parsers/file/_index.md @@ -3,4 +3,6 @@ title: "Files" description: "Report uploaded to DefectDojo as files" weight: 1 chapter: true +sidebar: + collapsed: true --- diff --git a/docs/content/en/integrations/parsers/file/acunetix.md b/docs/content/en/connecting_your_tools/parsers/file/acunetix.md similarity index 100% rename from docs/content/en/integrations/parsers/file/acunetix.md rename to docs/content/en/connecting_your_tools/parsers/file/acunetix.md diff --git a/docs/content/en/integrations/parsers/file/anchore_engine.md b/docs/content/en/connecting_your_tools/parsers/file/anchore_engine.md similarity index 100% rename from docs/content/en/integrations/parsers/file/anchore_engine.md rename to docs/content/en/connecting_your_tools/parsers/file/anchore_engine.md diff --git a/docs/content/en/integrations/parsers/file/anchore_enterprise.md b/docs/content/en/connecting_your_tools/parsers/file/anchore_enterprise.md similarity index 100% rename from docs/content/en/integrations/parsers/file/anchore_enterprise.md rename to docs/content/en/connecting_your_tools/parsers/file/anchore_enterprise.md diff --git a/docs/content/en/integrations/parsers/file/anchore_grype.md b/docs/content/en/connecting_your_tools/parsers/file/anchore_grype.md similarity index 100% rename from docs/content/en/integrations/parsers/file/anchore_grype.md rename to docs/content/en/connecting_your_tools/parsers/file/anchore_grype.md diff --git a/docs/content/en/integrations/parsers/file/anchorectl_policies.md b/docs/content/en/connecting_your_tools/parsers/file/anchorectl_policies.md similarity index 100% rename from docs/content/en/integrations/parsers/file/anchorectl_policies.md rename to docs/content/en/connecting_your_tools/parsers/file/anchorectl_policies.md diff --git a/docs/content/en/integrations/parsers/file/anchorectl_vulns.md b/docs/content/en/connecting_your_tools/parsers/file/anchorectl_vulns.md similarity index 100% rename from docs/content/en/integrations/parsers/file/anchorectl_vulns.md rename to docs/content/en/connecting_your_tools/parsers/file/anchorectl_vulns.md diff --git a/docs/content/en/integrations/parsers/file/appcheck_web_application_scanner.md b/docs/content/en/connecting_your_tools/parsers/file/appcheck_web_application_scanner.md similarity index 100% rename from docs/content/en/integrations/parsers/file/appcheck_web_application_scanner.md rename to docs/content/en/connecting_your_tools/parsers/file/appcheck_web_application_scanner.md diff --git a/docs/content/en/integrations/parsers/file/appspider.md b/docs/content/en/connecting_your_tools/parsers/file/appspider.md similarity index 100% rename from docs/content/en/integrations/parsers/file/appspider.md rename to docs/content/en/connecting_your_tools/parsers/file/appspider.md diff --git a/docs/content/en/integrations/parsers/file/aqua.md b/docs/content/en/connecting_your_tools/parsers/file/aqua.md similarity index 100% rename from docs/content/en/integrations/parsers/file/aqua.md rename to docs/content/en/connecting_your_tools/parsers/file/aqua.md diff --git a/docs/content/en/integrations/parsers/file/arachni.md b/docs/content/en/connecting_your_tools/parsers/file/arachni.md similarity index 100% rename from docs/content/en/integrations/parsers/file/arachni.md rename to docs/content/en/connecting_your_tools/parsers/file/arachni.md diff --git a/docs/content/en/integrations/parsers/file/asff.md b/docs/content/en/connecting_your_tools/parsers/file/asff.md similarity index 100% rename from docs/content/en/integrations/parsers/file/asff.md rename to docs/content/en/connecting_your_tools/parsers/file/asff.md diff --git a/docs/content/en/integrations/parsers/file/auditjs.md b/docs/content/en/connecting_your_tools/parsers/file/auditjs.md similarity index 100% rename from docs/content/en/integrations/parsers/file/auditjs.md rename to docs/content/en/connecting_your_tools/parsers/file/auditjs.md diff --git a/docs/content/en/integrations/parsers/file/aws_inspector2.md b/docs/content/en/connecting_your_tools/parsers/file/aws_inspector2.md similarity index 100% rename from docs/content/en/integrations/parsers/file/aws_inspector2.md rename to docs/content/en/connecting_your_tools/parsers/file/aws_inspector2.md diff --git a/docs/content/en/integrations/parsers/file/aws_prowler.md b/docs/content/en/connecting_your_tools/parsers/file/aws_prowler.md similarity index 100% rename from docs/content/en/integrations/parsers/file/aws_prowler.md rename to docs/content/en/connecting_your_tools/parsers/file/aws_prowler.md diff --git a/docs/content/en/integrations/parsers/file/aws_prowler_v3plus.md b/docs/content/en/connecting_your_tools/parsers/file/aws_prowler_v3plus.md similarity index 100% rename from docs/content/en/integrations/parsers/file/aws_prowler_v3plus.md rename to docs/content/en/connecting_your_tools/parsers/file/aws_prowler_v3plus.md diff --git a/docs/content/en/integrations/parsers/file/awssecurityhub.md b/docs/content/en/connecting_your_tools/parsers/file/awssecurityhub.md similarity index 100% rename from docs/content/en/integrations/parsers/file/awssecurityhub.md rename to docs/content/en/connecting_your_tools/parsers/file/awssecurityhub.md diff --git a/docs/content/en/integrations/parsers/file/azure_security_center_recommendations.md b/docs/content/en/connecting_your_tools/parsers/file/azure_security_center_recommendations.md similarity index 100% rename from docs/content/en/integrations/parsers/file/azure_security_center_recommendations.md rename to docs/content/en/connecting_your_tools/parsers/file/azure_security_center_recommendations.md diff --git a/docs/content/en/integrations/parsers/file/bandit.md b/docs/content/en/connecting_your_tools/parsers/file/bandit.md similarity index 100% rename from docs/content/en/integrations/parsers/file/bandit.md rename to docs/content/en/connecting_your_tools/parsers/file/bandit.md diff --git a/docs/content/en/integrations/parsers/file/bearer_cli.md b/docs/content/en/connecting_your_tools/parsers/file/bearer_cli.md similarity index 100% rename from docs/content/en/integrations/parsers/file/bearer_cli.md rename to docs/content/en/connecting_your_tools/parsers/file/bearer_cli.md diff --git a/docs/content/en/integrations/parsers/file/blackduck.md b/docs/content/en/connecting_your_tools/parsers/file/blackduck.md similarity index 100% rename from docs/content/en/integrations/parsers/file/blackduck.md rename to docs/content/en/connecting_your_tools/parsers/file/blackduck.md diff --git a/docs/content/en/integrations/parsers/file/blackduck_binary_analysis.md b/docs/content/en/connecting_your_tools/parsers/file/blackduck_binary_analysis.md similarity index 100% rename from docs/content/en/integrations/parsers/file/blackduck_binary_analysis.md rename to docs/content/en/connecting_your_tools/parsers/file/blackduck_binary_analysis.md diff --git a/docs/content/en/integrations/parsers/file/blackduck_component_risk.md b/docs/content/en/connecting_your_tools/parsers/file/blackduck_component_risk.md similarity index 100% rename from docs/content/en/integrations/parsers/file/blackduck_component_risk.md rename to docs/content/en/connecting_your_tools/parsers/file/blackduck_component_risk.md diff --git a/docs/content/en/integrations/parsers/file/brakeman.md b/docs/content/en/connecting_your_tools/parsers/file/brakeman.md similarity index 100% rename from docs/content/en/integrations/parsers/file/brakeman.md rename to docs/content/en/connecting_your_tools/parsers/file/brakeman.md diff --git a/docs/content/en/integrations/parsers/file/bugcrowd.md b/docs/content/en/connecting_your_tools/parsers/file/bugcrowd.md similarity index 100% rename from docs/content/en/integrations/parsers/file/bugcrowd.md rename to docs/content/en/connecting_your_tools/parsers/file/bugcrowd.md diff --git a/docs/content/en/integrations/parsers/file/bundler_audit.md b/docs/content/en/connecting_your_tools/parsers/file/bundler_audit.md similarity index 100% rename from docs/content/en/integrations/parsers/file/bundler_audit.md rename to docs/content/en/connecting_your_tools/parsers/file/bundler_audit.md diff --git a/docs/content/en/integrations/parsers/file/burp.md b/docs/content/en/connecting_your_tools/parsers/file/burp.md similarity index 100% rename from docs/content/en/integrations/parsers/file/burp.md rename to docs/content/en/connecting_your_tools/parsers/file/burp.md diff --git a/docs/content/en/integrations/parsers/file/burp_api.md b/docs/content/en/connecting_your_tools/parsers/file/burp_api.md similarity index 100% rename from docs/content/en/integrations/parsers/file/burp_api.md rename to docs/content/en/connecting_your_tools/parsers/file/burp_api.md diff --git a/docs/content/en/integrations/parsers/file/burp_dastardly.md b/docs/content/en/connecting_your_tools/parsers/file/burp_dastardly.md similarity index 100% rename from docs/content/en/integrations/parsers/file/burp_dastardly.md rename to docs/content/en/connecting_your_tools/parsers/file/burp_dastardly.md diff --git a/docs/content/en/integrations/parsers/file/burp_enterprise.md b/docs/content/en/connecting_your_tools/parsers/file/burp_enterprise.md similarity index 100% rename from docs/content/en/integrations/parsers/file/burp_enterprise.md rename to docs/content/en/connecting_your_tools/parsers/file/burp_enterprise.md diff --git a/docs/content/en/integrations/parsers/file/burp_graphql.md b/docs/content/en/connecting_your_tools/parsers/file/burp_graphql.md similarity index 100% rename from docs/content/en/integrations/parsers/file/burp_graphql.md rename to docs/content/en/connecting_your_tools/parsers/file/burp_graphql.md diff --git a/docs/content/en/integrations/parsers/file/cargo_audit.md b/docs/content/en/connecting_your_tools/parsers/file/cargo_audit.md similarity index 100% rename from docs/content/en/integrations/parsers/file/cargo_audit.md rename to docs/content/en/connecting_your_tools/parsers/file/cargo_audit.md diff --git a/docs/content/en/integrations/parsers/file/checkmarx.md b/docs/content/en/connecting_your_tools/parsers/file/checkmarx.md similarity index 100% rename from docs/content/en/integrations/parsers/file/checkmarx.md rename to docs/content/en/connecting_your_tools/parsers/file/checkmarx.md diff --git a/docs/content/en/integrations/parsers/file/checkmarx_one.md b/docs/content/en/connecting_your_tools/parsers/file/checkmarx_one.md similarity index 100% rename from docs/content/en/integrations/parsers/file/checkmarx_one.md rename to docs/content/en/connecting_your_tools/parsers/file/checkmarx_one.md diff --git a/docs/content/en/integrations/parsers/file/checkov.md b/docs/content/en/connecting_your_tools/parsers/file/checkov.md similarity index 100% rename from docs/content/en/integrations/parsers/file/checkov.md rename to docs/content/en/connecting_your_tools/parsers/file/checkov.md diff --git a/docs/content/en/integrations/parsers/file/chefinspect.md b/docs/content/en/connecting_your_tools/parsers/file/chefinspect.md similarity index 100% rename from docs/content/en/integrations/parsers/file/chefinspect.md rename to docs/content/en/connecting_your_tools/parsers/file/chefinspect.md diff --git a/docs/content/en/integrations/parsers/file/clair.md b/docs/content/en/connecting_your_tools/parsers/file/clair.md similarity index 100% rename from docs/content/en/integrations/parsers/file/clair.md rename to docs/content/en/connecting_your_tools/parsers/file/clair.md diff --git a/docs/content/en/integrations/parsers/file/cloudsploit.md b/docs/content/en/connecting_your_tools/parsers/file/cloudsploit.md similarity index 100% rename from docs/content/en/integrations/parsers/file/cloudsploit.md rename to docs/content/en/connecting_your_tools/parsers/file/cloudsploit.md diff --git a/docs/content/en/integrations/parsers/file/cobalt.md b/docs/content/en/connecting_your_tools/parsers/file/cobalt.md similarity index 100% rename from docs/content/en/integrations/parsers/file/cobalt.md rename to docs/content/en/connecting_your_tools/parsers/file/cobalt.md diff --git a/docs/content/en/integrations/parsers/file/codechecker.md b/docs/content/en/connecting_your_tools/parsers/file/codechecker.md similarity index 100% rename from docs/content/en/integrations/parsers/file/codechecker.md rename to docs/content/en/connecting_your_tools/parsers/file/codechecker.md diff --git a/docs/content/en/integrations/parsers/file/codeql.md b/docs/content/en/connecting_your_tools/parsers/file/codeql.md similarity index 100% rename from docs/content/en/integrations/parsers/file/codeql.md rename to docs/content/en/connecting_your_tools/parsers/file/codeql.md diff --git a/docs/content/en/integrations/parsers/file/contrast.md b/docs/content/en/connecting_your_tools/parsers/file/contrast.md similarity index 100% rename from docs/content/en/integrations/parsers/file/contrast.md rename to docs/content/en/connecting_your_tools/parsers/file/contrast.md diff --git a/docs/content/en/integrations/parsers/file/coverity_api.md b/docs/content/en/connecting_your_tools/parsers/file/coverity_api.md similarity index 100% rename from docs/content/en/integrations/parsers/file/coverity_api.md rename to docs/content/en/connecting_your_tools/parsers/file/coverity_api.md diff --git a/docs/content/en/integrations/parsers/file/coverity_scan.md b/docs/content/en/connecting_your_tools/parsers/file/coverity_scan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/coverity_scan.md rename to docs/content/en/connecting_your_tools/parsers/file/coverity_scan.md diff --git a/docs/content/en/integrations/parsers/file/crashtest_security.md b/docs/content/en/connecting_your_tools/parsers/file/crashtest_security.md similarity index 100% rename from docs/content/en/integrations/parsers/file/crashtest_security.md rename to docs/content/en/connecting_your_tools/parsers/file/crashtest_security.md diff --git a/docs/content/en/integrations/parsers/file/cred_scan.md b/docs/content/en/connecting_your_tools/parsers/file/cred_scan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/cred_scan.md rename to docs/content/en/connecting_your_tools/parsers/file/cred_scan.md diff --git a/docs/content/en/integrations/parsers/file/crunch42.md b/docs/content/en/connecting_your_tools/parsers/file/crunch42.md similarity index 100% rename from docs/content/en/integrations/parsers/file/crunch42.md rename to docs/content/en/connecting_your_tools/parsers/file/crunch42.md diff --git a/docs/content/en/integrations/parsers/file/cyclonedx.md b/docs/content/en/connecting_your_tools/parsers/file/cyclonedx.md similarity index 100% rename from docs/content/en/integrations/parsers/file/cyclonedx.md rename to docs/content/en/connecting_your_tools/parsers/file/cyclonedx.md diff --git a/docs/content/en/integrations/parsers/file/dawnscanner.md b/docs/content/en/connecting_your_tools/parsers/file/dawnscanner.md similarity index 100% rename from docs/content/en/integrations/parsers/file/dawnscanner.md rename to docs/content/en/connecting_your_tools/parsers/file/dawnscanner.md diff --git a/docs/content/en/integrations/parsers/file/deepfence_threatmapper.md b/docs/content/en/connecting_your_tools/parsers/file/deepfence_threatmapper.md similarity index 100% rename from docs/content/en/integrations/parsers/file/deepfence_threatmapper.md rename to docs/content/en/connecting_your_tools/parsers/file/deepfence_threatmapper.md diff --git a/docs/content/en/integrations/parsers/file/dependency_check.md b/docs/content/en/connecting_your_tools/parsers/file/dependency_check.md similarity index 100% rename from docs/content/en/integrations/parsers/file/dependency_check.md rename to docs/content/en/connecting_your_tools/parsers/file/dependency_check.md diff --git a/docs/content/en/integrations/parsers/file/dependency_track.md b/docs/content/en/connecting_your_tools/parsers/file/dependency_track.md similarity index 100% rename from docs/content/en/integrations/parsers/file/dependency_track.md rename to docs/content/en/connecting_your_tools/parsers/file/dependency_track.md diff --git a/docs/content/en/integrations/parsers/file/detect_secrets.md b/docs/content/en/connecting_your_tools/parsers/file/detect_secrets.md similarity index 100% rename from docs/content/en/integrations/parsers/file/detect_secrets.md rename to docs/content/en/connecting_your_tools/parsers/file/detect_secrets.md diff --git a/docs/content/en/integrations/parsers/file/dockerbench.md b/docs/content/en/connecting_your_tools/parsers/file/dockerbench.md similarity index 100% rename from docs/content/en/integrations/parsers/file/dockerbench.md rename to docs/content/en/connecting_your_tools/parsers/file/dockerbench.md diff --git a/docs/content/en/integrations/parsers/file/dockle.md b/docs/content/en/connecting_your_tools/parsers/file/dockle.md similarity index 100% rename from docs/content/en/integrations/parsers/file/dockle.md rename to docs/content/en/connecting_your_tools/parsers/file/dockle.md diff --git a/docs/content/en/integrations/parsers/file/drheader.md b/docs/content/en/connecting_your_tools/parsers/file/drheader.md similarity index 100% rename from docs/content/en/integrations/parsers/file/drheader.md rename to docs/content/en/connecting_your_tools/parsers/file/drheader.md diff --git a/docs/content/en/integrations/parsers/file/dsop.md b/docs/content/en/connecting_your_tools/parsers/file/dsop.md similarity index 100% rename from docs/content/en/integrations/parsers/file/dsop.md rename to docs/content/en/connecting_your_tools/parsers/file/dsop.md diff --git a/docs/content/en/integrations/parsers/file/edgescan.md b/docs/content/en/connecting_your_tools/parsers/file/edgescan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/edgescan.md rename to docs/content/en/connecting_your_tools/parsers/file/edgescan.md diff --git a/docs/content/en/integrations/parsers/file/eslint.md b/docs/content/en/connecting_your_tools/parsers/file/eslint.md similarity index 100% rename from docs/content/en/integrations/parsers/file/eslint.md rename to docs/content/en/connecting_your_tools/parsers/file/eslint.md diff --git a/docs/content/en/integrations/parsers/file/fortify.md b/docs/content/en/connecting_your_tools/parsers/file/fortify.md similarity index 100% rename from docs/content/en/integrations/parsers/file/fortify.md rename to docs/content/en/connecting_your_tools/parsers/file/fortify.md diff --git a/docs/content/en/integrations/parsers/file/gcloud_artifact_scan.md b/docs/content/en/connecting_your_tools/parsers/file/gcloud_artifact_scan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/gcloud_artifact_scan.md rename to docs/content/en/connecting_your_tools/parsers/file/gcloud_artifact_scan.md diff --git a/docs/content/en/integrations/parsers/file/generic.md b/docs/content/en/connecting_your_tools/parsers/file/generic.md similarity index 100% rename from docs/content/en/integrations/parsers/file/generic.md rename to docs/content/en/connecting_your_tools/parsers/file/generic.md diff --git a/docs/content/en/integrations/parsers/file/ggshield.md b/docs/content/en/connecting_your_tools/parsers/file/ggshield.md similarity index 100% rename from docs/content/en/integrations/parsers/file/ggshield.md rename to docs/content/en/connecting_your_tools/parsers/file/ggshield.md diff --git a/docs/content/en/integrations/parsers/file/github_vulnerability.md b/docs/content/en/connecting_your_tools/parsers/file/github_vulnerability.md similarity index 100% rename from docs/content/en/integrations/parsers/file/github_vulnerability.md rename to docs/content/en/connecting_your_tools/parsers/file/github_vulnerability.md diff --git a/docs/content/en/integrations/parsers/file/gitlab_api_fuzzing.md b/docs/content/en/connecting_your_tools/parsers/file/gitlab_api_fuzzing.md similarity index 100% rename from docs/content/en/integrations/parsers/file/gitlab_api_fuzzing.md rename to docs/content/en/connecting_your_tools/parsers/file/gitlab_api_fuzzing.md diff --git a/docs/content/en/integrations/parsers/file/gitlab_container_scan.md b/docs/content/en/connecting_your_tools/parsers/file/gitlab_container_scan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/gitlab_container_scan.md rename to docs/content/en/connecting_your_tools/parsers/file/gitlab_container_scan.md diff --git a/docs/content/en/integrations/parsers/file/gitlab_dast.md b/docs/content/en/connecting_your_tools/parsers/file/gitlab_dast.md similarity index 100% rename from docs/content/en/integrations/parsers/file/gitlab_dast.md rename to docs/content/en/connecting_your_tools/parsers/file/gitlab_dast.md diff --git a/docs/content/en/integrations/parsers/file/gitlab_dep_scan.md b/docs/content/en/connecting_your_tools/parsers/file/gitlab_dep_scan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/gitlab_dep_scan.md rename to docs/content/en/connecting_your_tools/parsers/file/gitlab_dep_scan.md diff --git a/docs/content/en/integrations/parsers/file/gitlab_sast.md b/docs/content/en/connecting_your_tools/parsers/file/gitlab_sast.md similarity index 100% rename from docs/content/en/integrations/parsers/file/gitlab_sast.md rename to docs/content/en/connecting_your_tools/parsers/file/gitlab_sast.md diff --git a/docs/content/en/integrations/parsers/file/gitlab_secret_detection_report.md b/docs/content/en/connecting_your_tools/parsers/file/gitlab_secret_detection_report.md similarity index 100% rename from docs/content/en/integrations/parsers/file/gitlab_secret_detection_report.md rename to docs/content/en/connecting_your_tools/parsers/file/gitlab_secret_detection_report.md diff --git a/docs/content/en/integrations/parsers/file/gitleaks.md b/docs/content/en/connecting_your_tools/parsers/file/gitleaks.md similarity index 100% rename from docs/content/en/integrations/parsers/file/gitleaks.md rename to docs/content/en/connecting_your_tools/parsers/file/gitleaks.md diff --git a/docs/content/en/integrations/parsers/file/gosec.md b/docs/content/en/connecting_your_tools/parsers/file/gosec.md similarity index 100% rename from docs/content/en/integrations/parsers/file/gosec.md rename to docs/content/en/connecting_your_tools/parsers/file/gosec.md diff --git a/docs/content/en/integrations/parsers/file/govulncheck.md b/docs/content/en/connecting_your_tools/parsers/file/govulncheck.md similarity index 100% rename from docs/content/en/integrations/parsers/file/govulncheck.md rename to docs/content/en/connecting_your_tools/parsers/file/govulncheck.md diff --git a/docs/content/en/integrations/parsers/file/h1.md b/docs/content/en/connecting_your_tools/parsers/file/h1.md similarity index 100% rename from docs/content/en/integrations/parsers/file/h1.md rename to docs/content/en/connecting_your_tools/parsers/file/h1.md diff --git a/docs/content/en/integrations/parsers/file/hadolint.md b/docs/content/en/connecting_your_tools/parsers/file/hadolint.md similarity index 100% rename from docs/content/en/integrations/parsers/file/hadolint.md rename to docs/content/en/connecting_your_tools/parsers/file/hadolint.md diff --git a/docs/content/en/integrations/parsers/file/harbor_vulnerability.md b/docs/content/en/connecting_your_tools/parsers/file/harbor_vulnerability.md similarity index 100% rename from docs/content/en/integrations/parsers/file/harbor_vulnerability.md rename to docs/content/en/connecting_your_tools/parsers/file/harbor_vulnerability.md diff --git a/docs/content/en/integrations/parsers/file/hcl_appscan.md b/docs/content/en/connecting_your_tools/parsers/file/hcl_appscan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/hcl_appscan.md rename to docs/content/en/connecting_your_tools/parsers/file/hcl_appscan.md diff --git a/docs/content/en/integrations/parsers/file/horusec.md b/docs/content/en/connecting_your_tools/parsers/file/horusec.md similarity index 100% rename from docs/content/en/integrations/parsers/file/horusec.md rename to docs/content/en/connecting_your_tools/parsers/file/horusec.md diff --git a/docs/content/en/integrations/parsers/file/humble.md b/docs/content/en/connecting_your_tools/parsers/file/humble.md similarity index 100% rename from docs/content/en/integrations/parsers/file/humble.md rename to docs/content/en/connecting_your_tools/parsers/file/humble.md diff --git a/docs/content/en/integrations/parsers/file/huskyci.md b/docs/content/en/connecting_your_tools/parsers/file/huskyci.md similarity index 100% rename from docs/content/en/integrations/parsers/file/huskyci.md rename to docs/content/en/connecting_your_tools/parsers/file/huskyci.md diff --git a/docs/content/en/integrations/parsers/file/hydra.md b/docs/content/en/connecting_your_tools/parsers/file/hydra.md similarity index 100% rename from docs/content/en/integrations/parsers/file/hydra.md rename to docs/content/en/connecting_your_tools/parsers/file/hydra.md diff --git a/docs/content/en/integrations/parsers/file/ibm_app.md b/docs/content/en/connecting_your_tools/parsers/file/ibm_app.md similarity index 100% rename from docs/content/en/integrations/parsers/file/ibm_app.md rename to docs/content/en/connecting_your_tools/parsers/file/ibm_app.md diff --git a/docs/content/en/integrations/parsers/file/immuniweb.md b/docs/content/en/connecting_your_tools/parsers/file/immuniweb.md similarity index 100% rename from docs/content/en/integrations/parsers/file/immuniweb.md rename to docs/content/en/connecting_your_tools/parsers/file/immuniweb.md diff --git a/docs/content/en/integrations/parsers/file/intsights.md b/docs/content/en/connecting_your_tools/parsers/file/intsights.md similarity index 100% rename from docs/content/en/integrations/parsers/file/intsights.md rename to docs/content/en/connecting_your_tools/parsers/file/intsights.md diff --git a/docs/content/en/integrations/parsers/file/invicti.md b/docs/content/en/connecting_your_tools/parsers/file/invicti.md similarity index 100% rename from docs/content/en/integrations/parsers/file/invicti.md rename to docs/content/en/connecting_your_tools/parsers/file/invicti.md diff --git a/docs/content/en/integrations/parsers/file/jfrog_xray_api_summary_artifact.md b/docs/content/en/connecting_your_tools/parsers/file/jfrog_xray_api_summary_artifact.md similarity index 100% rename from docs/content/en/integrations/parsers/file/jfrog_xray_api_summary_artifact.md rename to docs/content/en/connecting_your_tools/parsers/file/jfrog_xray_api_summary_artifact.md diff --git a/docs/content/en/integrations/parsers/file/jfrog_xray_on_demand_binary_scan.md b/docs/content/en/connecting_your_tools/parsers/file/jfrog_xray_on_demand_binary_scan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/jfrog_xray_on_demand_binary_scan.md rename to docs/content/en/connecting_your_tools/parsers/file/jfrog_xray_on_demand_binary_scan.md diff --git a/docs/content/en/integrations/parsers/file/jfrog_xray_unified.md b/docs/content/en/connecting_your_tools/parsers/file/jfrog_xray_unified.md similarity index 100% rename from docs/content/en/integrations/parsers/file/jfrog_xray_unified.md rename to docs/content/en/connecting_your_tools/parsers/file/jfrog_xray_unified.md diff --git a/docs/content/en/integrations/parsers/file/jfrogxray.md b/docs/content/en/connecting_your_tools/parsers/file/jfrogxray.md similarity index 100% rename from docs/content/en/integrations/parsers/file/jfrogxray.md rename to docs/content/en/connecting_your_tools/parsers/file/jfrogxray.md diff --git a/docs/content/en/integrations/parsers/file/kics.md b/docs/content/en/connecting_your_tools/parsers/file/kics.md similarity index 100% rename from docs/content/en/integrations/parsers/file/kics.md rename to docs/content/en/connecting_your_tools/parsers/file/kics.md diff --git a/docs/content/en/integrations/parsers/file/kiuwan.md b/docs/content/en/connecting_your_tools/parsers/file/kiuwan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/kiuwan.md rename to docs/content/en/connecting_your_tools/parsers/file/kiuwan.md diff --git a/docs/content/en/integrations/parsers/file/kiuwan_sca.md b/docs/content/en/connecting_your_tools/parsers/file/kiuwan_sca.md similarity index 100% rename from docs/content/en/integrations/parsers/file/kiuwan_sca.md rename to docs/content/en/connecting_your_tools/parsers/file/kiuwan_sca.md diff --git a/docs/content/en/integrations/parsers/file/krakend_audit.md b/docs/content/en/connecting_your_tools/parsers/file/krakend_audit.md similarity index 100% rename from docs/content/en/integrations/parsers/file/krakend_audit.md rename to docs/content/en/connecting_your_tools/parsers/file/krakend_audit.md diff --git a/docs/content/en/integrations/parsers/file/kubeaudit.md b/docs/content/en/connecting_your_tools/parsers/file/kubeaudit.md similarity index 100% rename from docs/content/en/integrations/parsers/file/kubeaudit.md rename to docs/content/en/connecting_your_tools/parsers/file/kubeaudit.md diff --git a/docs/content/en/integrations/parsers/file/kubebench.md b/docs/content/en/connecting_your_tools/parsers/file/kubebench.md similarity index 100% rename from docs/content/en/integrations/parsers/file/kubebench.md rename to docs/content/en/connecting_your_tools/parsers/file/kubebench.md diff --git a/docs/content/en/integrations/parsers/file/kubehunter.md b/docs/content/en/connecting_your_tools/parsers/file/kubehunter.md similarity index 100% rename from docs/content/en/integrations/parsers/file/kubehunter.md rename to docs/content/en/connecting_your_tools/parsers/file/kubehunter.md diff --git a/docs/content/en/integrations/parsers/file/kubescape.md b/docs/content/en/connecting_your_tools/parsers/file/kubescape.md similarity index 100% rename from docs/content/en/integrations/parsers/file/kubescape.md rename to docs/content/en/connecting_your_tools/parsers/file/kubescape.md diff --git a/docs/content/en/integrations/parsers/file/legitify.md b/docs/content/en/connecting_your_tools/parsers/file/legitify.md similarity index 100% rename from docs/content/en/integrations/parsers/file/legitify.md rename to docs/content/en/connecting_your_tools/parsers/file/legitify.md diff --git a/docs/content/en/integrations/parsers/file/mend.md b/docs/content/en/connecting_your_tools/parsers/file/mend.md similarity index 100% rename from docs/content/en/integrations/parsers/file/mend.md rename to docs/content/en/connecting_your_tools/parsers/file/mend.md diff --git a/docs/content/en/integrations/parsers/file/meterian.md b/docs/content/en/connecting_your_tools/parsers/file/meterian.md similarity index 100% rename from docs/content/en/integrations/parsers/file/meterian.md rename to docs/content/en/connecting_your_tools/parsers/file/meterian.md diff --git a/docs/content/en/integrations/parsers/file/microfocus_webinspect.md b/docs/content/en/connecting_your_tools/parsers/file/microfocus_webinspect.md similarity index 100% rename from docs/content/en/integrations/parsers/file/microfocus_webinspect.md rename to docs/content/en/connecting_your_tools/parsers/file/microfocus_webinspect.md diff --git a/docs/content/en/integrations/parsers/file/mobsf.md b/docs/content/en/connecting_your_tools/parsers/file/mobsf.md similarity index 100% rename from docs/content/en/integrations/parsers/file/mobsf.md rename to docs/content/en/connecting_your_tools/parsers/file/mobsf.md diff --git a/docs/content/en/integrations/parsers/file/mobsf_scorecard.md b/docs/content/en/connecting_your_tools/parsers/file/mobsf_scorecard.md similarity index 100% rename from docs/content/en/integrations/parsers/file/mobsf_scorecard.md rename to docs/content/en/connecting_your_tools/parsers/file/mobsf_scorecard.md diff --git a/docs/content/en/integrations/parsers/file/mobsfscan.md b/docs/content/en/connecting_your_tools/parsers/file/mobsfscan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/mobsfscan.md rename to docs/content/en/connecting_your_tools/parsers/file/mobsfscan.md diff --git a/docs/content/en/integrations/parsers/file/mozilla_observatory.md b/docs/content/en/connecting_your_tools/parsers/file/mozilla_observatory.md similarity index 100% rename from docs/content/en/integrations/parsers/file/mozilla_observatory.md rename to docs/content/en/connecting_your_tools/parsers/file/mozilla_observatory.md diff --git a/docs/content/en/integrations/parsers/file/ms_defender.md b/docs/content/en/connecting_your_tools/parsers/file/ms_defender.md similarity index 100% rename from docs/content/en/integrations/parsers/file/ms_defender.md rename to docs/content/en/connecting_your_tools/parsers/file/ms_defender.md diff --git a/docs/content/en/integrations/parsers/file/nancy.md b/docs/content/en/connecting_your_tools/parsers/file/nancy.md similarity index 100% rename from docs/content/en/integrations/parsers/file/nancy.md rename to docs/content/en/connecting_your_tools/parsers/file/nancy.md diff --git a/docs/content/en/integrations/parsers/file/netsparker.md b/docs/content/en/connecting_your_tools/parsers/file/netsparker.md similarity index 100% rename from docs/content/en/integrations/parsers/file/netsparker.md rename to docs/content/en/connecting_your_tools/parsers/file/netsparker.md diff --git a/docs/content/en/integrations/parsers/file/neuvector.md b/docs/content/en/connecting_your_tools/parsers/file/neuvector.md similarity index 100% rename from docs/content/en/integrations/parsers/file/neuvector.md rename to docs/content/en/connecting_your_tools/parsers/file/neuvector.md diff --git a/docs/content/en/integrations/parsers/file/neuvector_compliance.md b/docs/content/en/connecting_your_tools/parsers/file/neuvector_compliance.md similarity index 100% rename from docs/content/en/integrations/parsers/file/neuvector_compliance.md rename to docs/content/en/connecting_your_tools/parsers/file/neuvector_compliance.md diff --git a/docs/content/en/integrations/parsers/file/nexpose.md b/docs/content/en/connecting_your_tools/parsers/file/nexpose.md similarity index 100% rename from docs/content/en/integrations/parsers/file/nexpose.md rename to docs/content/en/connecting_your_tools/parsers/file/nexpose.md diff --git a/docs/content/en/integrations/parsers/file/nikto.md b/docs/content/en/connecting_your_tools/parsers/file/nikto.md similarity index 100% rename from docs/content/en/integrations/parsers/file/nikto.md rename to docs/content/en/connecting_your_tools/parsers/file/nikto.md diff --git a/docs/content/en/integrations/parsers/file/nmap.md b/docs/content/en/connecting_your_tools/parsers/file/nmap.md similarity index 100% rename from docs/content/en/integrations/parsers/file/nmap.md rename to docs/content/en/connecting_your_tools/parsers/file/nmap.md diff --git a/docs/content/en/integrations/parsers/file/noseyparker.md b/docs/content/en/connecting_your_tools/parsers/file/noseyparker.md similarity index 100% rename from docs/content/en/integrations/parsers/file/noseyparker.md rename to docs/content/en/connecting_your_tools/parsers/file/noseyparker.md diff --git a/docs/content/en/integrations/parsers/file/npm_audit.md b/docs/content/en/connecting_your_tools/parsers/file/npm_audit.md similarity index 100% rename from docs/content/en/integrations/parsers/file/npm_audit.md rename to docs/content/en/connecting_your_tools/parsers/file/npm_audit.md diff --git a/docs/content/en/integrations/parsers/file/npm_audit_7_plus.md b/docs/content/en/connecting_your_tools/parsers/file/npm_audit_7_plus.md similarity index 100% rename from docs/content/en/integrations/parsers/file/npm_audit_7_plus.md rename to docs/content/en/connecting_your_tools/parsers/file/npm_audit_7_plus.md diff --git a/docs/content/en/integrations/parsers/file/nsp.md b/docs/content/en/connecting_your_tools/parsers/file/nsp.md similarity index 100% rename from docs/content/en/integrations/parsers/file/nsp.md rename to docs/content/en/connecting_your_tools/parsers/file/nsp.md diff --git a/docs/content/en/integrations/parsers/file/nuclei.md b/docs/content/en/connecting_your_tools/parsers/file/nuclei.md similarity index 100% rename from docs/content/en/integrations/parsers/file/nuclei.md rename to docs/content/en/connecting_your_tools/parsers/file/nuclei.md diff --git a/docs/content/en/integrations/parsers/file/openscap.md b/docs/content/en/connecting_your_tools/parsers/file/openscap.md similarity index 100% rename from docs/content/en/integrations/parsers/file/openscap.md rename to docs/content/en/connecting_your_tools/parsers/file/openscap.md diff --git a/docs/content/en/integrations/parsers/file/openvas.md b/docs/content/en/connecting_your_tools/parsers/file/openvas.md similarity index 100% rename from docs/content/en/integrations/parsers/file/openvas.md rename to docs/content/en/connecting_your_tools/parsers/file/openvas.md diff --git a/docs/content/en/integrations/parsers/file/ort.md b/docs/content/en/connecting_your_tools/parsers/file/ort.md similarity index 100% rename from docs/content/en/integrations/parsers/file/ort.md rename to docs/content/en/connecting_your_tools/parsers/file/ort.md diff --git a/docs/content/en/integrations/parsers/file/ossindex_devaudit.md b/docs/content/en/connecting_your_tools/parsers/file/ossindex_devaudit.md similarity index 100% rename from docs/content/en/integrations/parsers/file/ossindex_devaudit.md rename to docs/content/en/connecting_your_tools/parsers/file/ossindex_devaudit.md diff --git a/docs/content/en/integrations/parsers/file/osv_scanner.md b/docs/content/en/connecting_your_tools/parsers/file/osv_scanner.md similarity index 100% rename from docs/content/en/integrations/parsers/file/osv_scanner.md rename to docs/content/en/connecting_your_tools/parsers/file/osv_scanner.md diff --git a/docs/content/en/integrations/parsers/file/outpost24.md b/docs/content/en/connecting_your_tools/parsers/file/outpost24.md similarity index 100% rename from docs/content/en/integrations/parsers/file/outpost24.md rename to docs/content/en/connecting_your_tools/parsers/file/outpost24.md diff --git a/docs/content/en/integrations/parsers/file/php_security_audit_v2.md b/docs/content/en/connecting_your_tools/parsers/file/php_security_audit_v2.md similarity index 100% rename from docs/content/en/integrations/parsers/file/php_security_audit_v2.md rename to docs/content/en/connecting_your_tools/parsers/file/php_security_audit_v2.md diff --git a/docs/content/en/integrations/parsers/file/php_symfony_security_check.md b/docs/content/en/connecting_your_tools/parsers/file/php_symfony_security_check.md similarity index 100% rename from docs/content/en/integrations/parsers/file/php_symfony_security_check.md rename to docs/content/en/connecting_your_tools/parsers/file/php_symfony_security_check.md diff --git a/docs/content/en/integrations/parsers/file/pip_audit.md b/docs/content/en/connecting_your_tools/parsers/file/pip_audit.md similarity index 100% rename from docs/content/en/integrations/parsers/file/pip_audit.md rename to docs/content/en/connecting_your_tools/parsers/file/pip_audit.md diff --git a/docs/content/en/integrations/parsers/file/pmd.md b/docs/content/en/connecting_your_tools/parsers/file/pmd.md similarity index 100% rename from docs/content/en/integrations/parsers/file/pmd.md rename to docs/content/en/connecting_your_tools/parsers/file/pmd.md diff --git a/docs/content/en/integrations/parsers/file/popeye.md b/docs/content/en/connecting_your_tools/parsers/file/popeye.md similarity index 100% rename from docs/content/en/integrations/parsers/file/popeye.md rename to docs/content/en/connecting_your_tools/parsers/file/popeye.md diff --git a/docs/content/en/integrations/parsers/file/progpilot.md b/docs/content/en/connecting_your_tools/parsers/file/progpilot.md similarity index 100% rename from docs/content/en/integrations/parsers/file/progpilot.md rename to docs/content/en/connecting_your_tools/parsers/file/progpilot.md diff --git a/docs/content/en/integrations/parsers/file/ptart.md b/docs/content/en/connecting_your_tools/parsers/file/ptart.md similarity index 100% rename from docs/content/en/integrations/parsers/file/ptart.md rename to docs/content/en/connecting_your_tools/parsers/file/ptart.md diff --git a/docs/content/en/integrations/parsers/file/pwn_sast.md b/docs/content/en/connecting_your_tools/parsers/file/pwn_sast.md similarity index 100% rename from docs/content/en/integrations/parsers/file/pwn_sast.md rename to docs/content/en/connecting_your_tools/parsers/file/pwn_sast.md diff --git a/docs/content/en/integrations/parsers/file/qualys.md b/docs/content/en/connecting_your_tools/parsers/file/qualys.md similarity index 100% rename from docs/content/en/integrations/parsers/file/qualys.md rename to docs/content/en/connecting_your_tools/parsers/file/qualys.md diff --git a/docs/content/en/integrations/parsers/file/qualys_hacker_guardian.md b/docs/content/en/connecting_your_tools/parsers/file/qualys_hacker_guardian.md similarity index 100% rename from docs/content/en/integrations/parsers/file/qualys_hacker_guardian.md rename to docs/content/en/connecting_your_tools/parsers/file/qualys_hacker_guardian.md diff --git a/docs/content/en/integrations/parsers/file/qualys_infrascan_webgui.md b/docs/content/en/connecting_your_tools/parsers/file/qualys_infrascan_webgui.md similarity index 100% rename from docs/content/en/integrations/parsers/file/qualys_infrascan_webgui.md rename to docs/content/en/connecting_your_tools/parsers/file/qualys_infrascan_webgui.md diff --git a/docs/content/en/integrations/parsers/file/qualys_webapp.md b/docs/content/en/connecting_your_tools/parsers/file/qualys_webapp.md similarity index 100% rename from docs/content/en/integrations/parsers/file/qualys_webapp.md rename to docs/content/en/connecting_your_tools/parsers/file/qualys_webapp.md diff --git a/docs/content/en/integrations/parsers/file/rapplex.md b/docs/content/en/connecting_your_tools/parsers/file/rapplex.md similarity index 100% rename from docs/content/en/integrations/parsers/file/rapplex.md rename to docs/content/en/connecting_your_tools/parsers/file/rapplex.md diff --git a/docs/content/en/integrations/parsers/file/redhatsatellite.md b/docs/content/en/connecting_your_tools/parsers/file/redhatsatellite.md similarity index 100% rename from docs/content/en/integrations/parsers/file/redhatsatellite.md rename to docs/content/en/connecting_your_tools/parsers/file/redhatsatellite.md diff --git a/docs/content/en/integrations/parsers/file/retirejs.md b/docs/content/en/connecting_your_tools/parsers/file/retirejs.md similarity index 100% rename from docs/content/en/integrations/parsers/file/retirejs.md rename to docs/content/en/connecting_your_tools/parsers/file/retirejs.md diff --git a/docs/content/en/integrations/parsers/file/risk_recon.md b/docs/content/en/connecting_your_tools/parsers/file/risk_recon.md similarity index 100% rename from docs/content/en/integrations/parsers/file/risk_recon.md rename to docs/content/en/connecting_your_tools/parsers/file/risk_recon.md diff --git a/docs/content/en/integrations/parsers/file/rubocop.md b/docs/content/en/connecting_your_tools/parsers/file/rubocop.md similarity index 100% rename from docs/content/en/integrations/parsers/file/rubocop.md rename to docs/content/en/connecting_your_tools/parsers/file/rubocop.md diff --git a/docs/content/en/integrations/parsers/file/rusty_hog.md b/docs/content/en/connecting_your_tools/parsers/file/rusty_hog.md similarity index 100% rename from docs/content/en/integrations/parsers/file/rusty_hog.md rename to docs/content/en/connecting_your_tools/parsers/file/rusty_hog.md diff --git a/docs/content/en/integrations/parsers/file/sarif.md b/docs/content/en/connecting_your_tools/parsers/file/sarif.md similarity index 89% rename from docs/content/en/integrations/parsers/file/sarif.md rename to docs/content/en/connecting_your_tools/parsers/file/sarif.md index 2b7f2d1009..a6ed9e679c 100644 --- a/docs/content/en/integrations/parsers/file/sarif.md +++ b/docs/content/en/connecting_your_tools/parsers/file/sarif.md @@ -6,14 +6,10 @@ OASIS Static Analysis Results Interchange Format (SARIF). SARIF is supported by many tools. More details about the format here: -{{% alert title="Information" color="info" %}} SARIF parser customizes the Test_Type with data from the report. For example, a report with `Dockle` as a driver name will produce a Test with a Test_Type named `Dockle Scan (SARIF)` -{{% /alert %}} -{{% alert title="Warning" color="warning" %}} Current implementation is limited and will aggregate all the findings in the SARIF file in one single report. -{{% /alert %}} ##### Support for de-duplication (fingerprinting) diff --git a/docs/content/en/integrations/parsers/file/scantist.md b/docs/content/en/connecting_your_tools/parsers/file/scantist.md similarity index 100% rename from docs/content/en/integrations/parsers/file/scantist.md rename to docs/content/en/connecting_your_tools/parsers/file/scantist.md diff --git a/docs/content/en/integrations/parsers/file/scout_suite.md b/docs/content/en/connecting_your_tools/parsers/file/scout_suite.md similarity index 100% rename from docs/content/en/integrations/parsers/file/scout_suite.md rename to docs/content/en/connecting_your_tools/parsers/file/scout_suite.md diff --git a/docs/content/en/integrations/parsers/file/semgrep.md b/docs/content/en/connecting_your_tools/parsers/file/semgrep.md similarity index 100% rename from docs/content/en/integrations/parsers/file/semgrep.md rename to docs/content/en/connecting_your_tools/parsers/file/semgrep.md diff --git a/docs/content/en/integrations/parsers/file/skf.md b/docs/content/en/connecting_your_tools/parsers/file/skf.md similarity index 100% rename from docs/content/en/integrations/parsers/file/skf.md rename to docs/content/en/connecting_your_tools/parsers/file/skf.md diff --git a/docs/content/en/integrations/parsers/file/snyk.md b/docs/content/en/connecting_your_tools/parsers/file/snyk.md similarity index 100% rename from docs/content/en/integrations/parsers/file/snyk.md rename to docs/content/en/connecting_your_tools/parsers/file/snyk.md diff --git a/docs/content/en/integrations/parsers/file/snyk_code.md b/docs/content/en/connecting_your_tools/parsers/file/snyk_code.md similarity index 100% rename from docs/content/en/integrations/parsers/file/snyk_code.md rename to docs/content/en/connecting_your_tools/parsers/file/snyk_code.md diff --git a/docs/content/en/integrations/parsers/file/solar_appscreener.md b/docs/content/en/connecting_your_tools/parsers/file/solar_appscreener.md similarity index 100% rename from docs/content/en/integrations/parsers/file/solar_appscreener.md rename to docs/content/en/connecting_your_tools/parsers/file/solar_appscreener.md diff --git a/docs/content/en/integrations/parsers/file/sonarqube.md b/docs/content/en/connecting_your_tools/parsers/file/sonarqube.md similarity index 100% rename from docs/content/en/integrations/parsers/file/sonarqube.md rename to docs/content/en/connecting_your_tools/parsers/file/sonarqube.md diff --git a/docs/content/en/integrations/parsers/file/sonatype.md b/docs/content/en/connecting_your_tools/parsers/file/sonatype.md similarity index 100% rename from docs/content/en/integrations/parsers/file/sonatype.md rename to docs/content/en/connecting_your_tools/parsers/file/sonatype.md diff --git a/docs/content/en/integrations/parsers/file/spotbugs.md b/docs/content/en/connecting_your_tools/parsers/file/spotbugs.md similarity index 100% rename from docs/content/en/integrations/parsers/file/spotbugs.md rename to docs/content/en/connecting_your_tools/parsers/file/spotbugs.md diff --git a/docs/content/en/integrations/parsers/file/ssh_audit.md b/docs/content/en/connecting_your_tools/parsers/file/ssh_audit.md similarity index 100% rename from docs/content/en/integrations/parsers/file/ssh_audit.md rename to docs/content/en/connecting_your_tools/parsers/file/ssh_audit.md diff --git a/docs/content/en/integrations/parsers/file/ssl_labs.md b/docs/content/en/connecting_your_tools/parsers/file/ssl_labs.md similarity index 100% rename from docs/content/en/integrations/parsers/file/ssl_labs.md rename to docs/content/en/connecting_your_tools/parsers/file/ssl_labs.md diff --git a/docs/content/en/integrations/parsers/file/sslscan.md b/docs/content/en/connecting_your_tools/parsers/file/sslscan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/sslscan.md rename to docs/content/en/connecting_your_tools/parsers/file/sslscan.md diff --git a/docs/content/en/integrations/parsers/file/sslyze.md b/docs/content/en/connecting_your_tools/parsers/file/sslyze.md similarity index 100% rename from docs/content/en/integrations/parsers/file/sslyze.md rename to docs/content/en/connecting_your_tools/parsers/file/sslyze.md diff --git a/docs/content/en/integrations/parsers/file/stackhawk.md b/docs/content/en/connecting_your_tools/parsers/file/stackhawk.md similarity index 100% rename from docs/content/en/integrations/parsers/file/stackhawk.md rename to docs/content/en/connecting_your_tools/parsers/file/stackhawk.md diff --git a/docs/content/en/integrations/parsers/file/sysdig_reports.md b/docs/content/en/connecting_your_tools/parsers/file/sysdig_reports.md similarity index 100% rename from docs/content/en/integrations/parsers/file/sysdig_reports.md rename to docs/content/en/connecting_your_tools/parsers/file/sysdig_reports.md diff --git a/docs/content/en/integrations/parsers/file/talisman.md b/docs/content/en/connecting_your_tools/parsers/file/talisman.md similarity index 100% rename from docs/content/en/integrations/parsers/file/talisman.md rename to docs/content/en/connecting_your_tools/parsers/file/talisman.md diff --git a/docs/content/en/integrations/parsers/file/tenable.md b/docs/content/en/connecting_your_tools/parsers/file/tenable.md similarity index 100% rename from docs/content/en/integrations/parsers/file/tenable.md rename to docs/content/en/connecting_your_tools/parsers/file/tenable.md diff --git a/docs/content/en/integrations/parsers/file/terrascan.md b/docs/content/en/connecting_your_tools/parsers/file/terrascan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/terrascan.md rename to docs/content/en/connecting_your_tools/parsers/file/terrascan.md diff --git a/docs/content/en/integrations/parsers/file/testssl.md b/docs/content/en/connecting_your_tools/parsers/file/testssl.md similarity index 100% rename from docs/content/en/integrations/parsers/file/testssl.md rename to docs/content/en/connecting_your_tools/parsers/file/testssl.md diff --git a/docs/content/en/integrations/parsers/file/tfsec.md b/docs/content/en/connecting_your_tools/parsers/file/tfsec.md similarity index 100% rename from docs/content/en/integrations/parsers/file/tfsec.md rename to docs/content/en/connecting_your_tools/parsers/file/tfsec.md diff --git a/docs/content/en/integrations/parsers/file/threagile.md b/docs/content/en/connecting_your_tools/parsers/file/threagile.md similarity index 100% rename from docs/content/en/integrations/parsers/file/threagile.md rename to docs/content/en/connecting_your_tools/parsers/file/threagile.md diff --git a/docs/content/en/integrations/parsers/file/threat_composer.md b/docs/content/en/connecting_your_tools/parsers/file/threat_composer.md similarity index 100% rename from docs/content/en/integrations/parsers/file/threat_composer.md rename to docs/content/en/connecting_your_tools/parsers/file/threat_composer.md diff --git a/docs/content/en/integrations/parsers/file/trivy.md b/docs/content/en/connecting_your_tools/parsers/file/trivy.md similarity index 100% rename from docs/content/en/integrations/parsers/file/trivy.md rename to docs/content/en/connecting_your_tools/parsers/file/trivy.md diff --git a/docs/content/en/integrations/parsers/file/trivy_operator.md b/docs/content/en/connecting_your_tools/parsers/file/trivy_operator.md similarity index 100% rename from docs/content/en/integrations/parsers/file/trivy_operator.md rename to docs/content/en/connecting_your_tools/parsers/file/trivy_operator.md diff --git a/docs/content/en/integrations/parsers/file/trufflehog.md b/docs/content/en/connecting_your_tools/parsers/file/trufflehog.md similarity index 100% rename from docs/content/en/integrations/parsers/file/trufflehog.md rename to docs/content/en/connecting_your_tools/parsers/file/trufflehog.md diff --git a/docs/content/en/integrations/parsers/file/trufflehog3.md b/docs/content/en/connecting_your_tools/parsers/file/trufflehog3.md similarity index 100% rename from docs/content/en/integrations/parsers/file/trufflehog3.md rename to docs/content/en/connecting_your_tools/parsers/file/trufflehog3.md diff --git a/docs/content/en/integrations/parsers/file/trustwave.md b/docs/content/en/connecting_your_tools/parsers/file/trustwave.md similarity index 100% rename from docs/content/en/integrations/parsers/file/trustwave.md rename to docs/content/en/connecting_your_tools/parsers/file/trustwave.md diff --git a/docs/content/en/integrations/parsers/file/trustwave_fusion_api.md b/docs/content/en/connecting_your_tools/parsers/file/trustwave_fusion_api.md similarity index 100% rename from docs/content/en/integrations/parsers/file/trustwave_fusion_api.md rename to docs/content/en/connecting_your_tools/parsers/file/trustwave_fusion_api.md diff --git a/docs/content/en/integrations/parsers/file/twistlock.md b/docs/content/en/connecting_your_tools/parsers/file/twistlock.md similarity index 100% rename from docs/content/en/integrations/parsers/file/twistlock.md rename to docs/content/en/connecting_your_tools/parsers/file/twistlock.md diff --git a/docs/content/en/integrations/parsers/file/vcg.md b/docs/content/en/connecting_your_tools/parsers/file/vcg.md similarity index 100% rename from docs/content/en/integrations/parsers/file/vcg.md rename to docs/content/en/connecting_your_tools/parsers/file/vcg.md diff --git a/docs/content/en/integrations/parsers/file/veracode.md b/docs/content/en/connecting_your_tools/parsers/file/veracode.md similarity index 100% rename from docs/content/en/integrations/parsers/file/veracode.md rename to docs/content/en/connecting_your_tools/parsers/file/veracode.md diff --git a/docs/content/en/integrations/parsers/file/veracode_sca.md b/docs/content/en/connecting_your_tools/parsers/file/veracode_sca.md similarity index 100% rename from docs/content/en/integrations/parsers/file/veracode_sca.md rename to docs/content/en/connecting_your_tools/parsers/file/veracode_sca.md diff --git a/docs/content/en/integrations/parsers/file/wapiti.md b/docs/content/en/connecting_your_tools/parsers/file/wapiti.md similarity index 100% rename from docs/content/en/integrations/parsers/file/wapiti.md rename to docs/content/en/connecting_your_tools/parsers/file/wapiti.md diff --git a/docs/content/en/integrations/parsers/file/wazuh.md b/docs/content/en/connecting_your_tools/parsers/file/wazuh.md similarity index 100% rename from docs/content/en/integrations/parsers/file/wazuh.md rename to docs/content/en/connecting_your_tools/parsers/file/wazuh.md diff --git a/docs/content/en/integrations/parsers/file/wfuzz.md b/docs/content/en/connecting_your_tools/parsers/file/wfuzz.md similarity index 100% rename from docs/content/en/integrations/parsers/file/wfuzz.md rename to docs/content/en/connecting_your_tools/parsers/file/wfuzz.md diff --git a/docs/content/en/integrations/parsers/file/whispers.md b/docs/content/en/connecting_your_tools/parsers/file/whispers.md similarity index 100% rename from docs/content/en/integrations/parsers/file/whispers.md rename to docs/content/en/connecting_your_tools/parsers/file/whispers.md diff --git a/docs/content/en/integrations/parsers/file/whitehat_sentinel.md b/docs/content/en/connecting_your_tools/parsers/file/whitehat_sentinel.md similarity index 100% rename from docs/content/en/integrations/parsers/file/whitehat_sentinel.md rename to docs/content/en/connecting_your_tools/parsers/file/whitehat_sentinel.md diff --git a/docs/content/en/integrations/parsers/file/wiz.md b/docs/content/en/connecting_your_tools/parsers/file/wiz.md similarity index 100% rename from docs/content/en/integrations/parsers/file/wiz.md rename to docs/content/en/connecting_your_tools/parsers/file/wiz.md diff --git a/docs/content/en/integrations/parsers/file/wizcli_dir.md b/docs/content/en/connecting_your_tools/parsers/file/wizcli_dir.md similarity index 100% rename from docs/content/en/integrations/parsers/file/wizcli_dir.md rename to docs/content/en/connecting_your_tools/parsers/file/wizcli_dir.md diff --git a/docs/content/en/integrations/parsers/file/wizcli_iac.md b/docs/content/en/connecting_your_tools/parsers/file/wizcli_iac.md similarity index 100% rename from docs/content/en/integrations/parsers/file/wizcli_iac.md rename to docs/content/en/connecting_your_tools/parsers/file/wizcli_iac.md diff --git a/docs/content/en/integrations/parsers/file/wizcli_img.md b/docs/content/en/connecting_your_tools/parsers/file/wizcli_img.md similarity index 100% rename from docs/content/en/integrations/parsers/file/wizcli_img.md rename to docs/content/en/connecting_your_tools/parsers/file/wizcli_img.md diff --git a/docs/content/en/integrations/parsers/file/wpscan.md b/docs/content/en/connecting_your_tools/parsers/file/wpscan.md similarity index 100% rename from docs/content/en/integrations/parsers/file/wpscan.md rename to docs/content/en/connecting_your_tools/parsers/file/wpscan.md diff --git a/docs/content/en/integrations/parsers/file/xanitizer.md b/docs/content/en/connecting_your_tools/parsers/file/xanitizer.md similarity index 100% rename from docs/content/en/integrations/parsers/file/xanitizer.md rename to docs/content/en/connecting_your_tools/parsers/file/xanitizer.md diff --git a/docs/content/en/integrations/parsers/file/yarn_audit.md b/docs/content/en/connecting_your_tools/parsers/file/yarn_audit.md similarity index 100% rename from docs/content/en/integrations/parsers/file/yarn_audit.md rename to docs/content/en/connecting_your_tools/parsers/file/yarn_audit.md diff --git a/docs/content/en/integrations/parsers/file/zap.md b/docs/content/en/connecting_your_tools/parsers/file/zap.md similarity index 100% rename from docs/content/en/integrations/parsers/file/zap.md rename to docs/content/en/connecting_your_tools/parsers/file/zap.md diff --git a/docs/content/en/dashboard/About Custom Dashboard Tiles.md b/docs/content/en/dashboard/About Custom Dashboard Tiles.md new file mode 100644 index 0000000000..36553fc2c9 --- /dev/null +++ b/docs/content/en/dashboard/About Custom Dashboard Tiles.md @@ -0,0 +1,233 @@ +--- +title: "About Custom Dashboard Tiles" +description: "How to make Dashboard Tiles work for you, with examples" +--- + +Dashboard Tiles are customizable sets of filters for your DefectDojo instance, which can be added to your 🏠 **Home** dashboard. Tiles are designed to provide relevant information and speed up navigation within DefectDojo. + + + +![](https://downloads.intercomcdn.com/i/o/1099250898/404bca1e149473568dff200d/crop+ss.png?expires=1729720800&signature=47755368f0a8dbdca29e39525f65564a22b025d67e9b51796368e16018d77ad2&req=dSAuH8t7nYlWUfMW1HO4zXvTdcWRXscEwUdV8OwjwmK0av2hoFfHDgIB50xI%0AUOa8%0A) +Tiles can: + + +* Act as shortcuts for particular sets of Findings, Products, or other objects +* Visualize relevant metrics related to your Product +* Provide alerts on particular activity, track SLA Violations, failing imports or new Critical Findings + + +# Tile Components + + +Each Tile contains four main components: + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245892/8c5490bb29d7b4f030a18ef9/AD_4nXfwA_eCPCfAA35-lMO4ffSlKcvHfRXwVCfFDwhhILI4jjUZMzwGrpuze1U96t0j4qyHvA1qas-A2uyPNjTezdaiyifnvU0ek_M0u6cQrEy_5l6q-VHfH3GOyqKu9xMCwgptjGZ2seU0MFI1Xkcu9dR1kI9h?expires=1729720800&signature=41cd9a22f70dc51017855672d3c10ed400370dce7729030fcacb9a30bbfdb670&req=dSAuH8t6mIlWW%2FMW1HO4zTGMWjMSWgYAIBlHC20hq4YJxOp35zLpAV2AKudY%0AxcC2%0A)1. **A customizable icon**. You can choose an icon and color for the Tile. If you wish, you can also have an icon’s color dynamically change from Green \-\> Yellow \-\> Red based on a value range. +2. **A count of each object** that meets the Tile’s filter conditions. For example, a Findings Tile will count the number of Findings filtered by the Tile. +3. **A customizable Header** which can be set to describe the function of the tile. +4. **A customizable Footer** which brings you to the related list of objects. For example, a Findings Tile’s footer will bring you to a list of Findings filtered by the Tile. + + +# Types of Dashboard Tiles + + +There are eight Tiles which you can choose from. These Tiles are explained in more detail below, along with examples of usage. + + +* **Product Tile** +* **Engagement Tile** +* **Test Tile** +* **Endpoint Tile** +* **SLA Violation Tile** +* **Scan Time Violation Tile** +* **Product Grade Tile** + + +## Product, Engagement or Test Tile + + +These Tiles allow you to quickly select a list of Products, Engagements or Tests based on the filter parameters you set. You can use this tile for ease in navigation. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245901/b112e4dad8eb3e5049511371/AD_4nXe9B73G54RwB-G88nnS6oWo96n7-ggZLSbxb03a3DTZFdOgK6pZCJ83ExAHSmm_rWeexZhloErMfRDwdAHXjspkQcOPNths4hog-Q8j-rYMNEZWwG3TL-14qN2aGsbiEDQ4MfL5LEhY59tAjd9KSwMZXKsu?expires=1729720800&signature=d41ebdcc51f9fa05c6b486bca83ed159f1a822d06b30eb37f8db6259bac98588&req=dSAuH8t6mIhfWPMW1HO4zdZejHhWdEsouZLWNlyGuZ1y1tEPtQosw3hz%2FaB8%0ANP1g%0A) +The number on the tile represents the count of objects (Products, Engagement or Tests) contained within the tile’s filter parameters. Clicking the footer will take you to a filtered list of those objects. + + + + +### Example: Monitoring Engagements In Progress + + +If you want to create a list of your In\-Progress Engagements in DefectDojo, you can set up an Engagement tile which filters for that condition. + + + +* Create an Engagement tile, and from the Tile Filters set **Engagement Status** to **In Progress**. +* To make sure your Tile is accurately labeled, set the Header of your tile to ‘**Engagements In Progress**’. + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245912/fbc3e96d9d0fcb6d5f36876a/AD_4nXcAxJNLB-hf2RqEhI0ApBz5EqzvIX-MB9MW_viUJbAPM0NXSIo4kk4ajQbYTctDUFnUpIaSPxbg1eaajU9Ao5hypkRwk9hyyKIlwR2j7htrHO8PnRMzzFqMa0NbnhwvwMi6Z75k-xwtept8fAWjH_q7mSs?expires=1729720800&signature=2ee53595f377fca87ebddf6c7bab00ea121a652ab5dc910d75e9a9764394d220&req=dSAuH8t6mIheW%2FMW1HO4zb%2BODrc%2FMT4hTmvrqb%2F4TR81TT64e2rou8sF0eVH%0AIROi%0A) + +You could also create Engagement tiles for one or more other states, such as **Blocked** or **Completed**. + + + + +## Finding Tiles + + +Finding tiles provide a count of Findings based on the filter parameters you set. As with other tiles, clicking the Footer will take you to a list of the Findings set by the tile. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245918/c31bd5f3c478f0794684ed8c/AD_4nXdQgDy4rs29A5pCHDk6WlmKCYsvYajy44FSDTk9aSNPGvozAtvwO7XB8TI0K3xOAk3C1IHNJ1CqaphczS9LofLi2z_omnckucKgoYruz1Sdu_WgAisjkeBfauB_lbxmM837lqYzu4bb17GNO9256vGWB8j2?expires=1729720800&signature=73a1f802703e4119f8ff8ef835fa97f67d6ffb75e8b3b15f65d56645fa578f5a&req=dSAuH8t6mIheUfMW1HO4zePORVTEqkdK7iVtN6jVbCivpEjFJfAY6ZTPQhS2%0ABCjN%0A) +Using filter parameters you can track Findings in a particular state or time period. + + + + +### Example: Monitoring Critical Findings + + +If you wanted to be able to quickly access all of your Critical Findings in DefectDojo, you could do this by creating a tile. + + +* Create a Finding tile, and from the Tile Filters set **Severity** to **Critical**. +* To make sure your Tile is accurately labeled, set the Header of the tile to ‘**Critical Findings**’. + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245930/9d5a6973c9366eae8dd6d4fd/AD_4nXcOjKshzyqeUHif7KrbeORDKe6FM4G7JvOBPWho1gZ0uR1hifDZXCklCQEUI4ulYkDPqjEUUBNgD5MX_hD7LMbrIP2YGgHEVIdw41o-z3j3C7VXegFZeCzpH5_RBr71aPDKnvRZnSwRqQW2ewml3_xDOp_Q?expires=1729720800&signature=93c118122b6efb5a518410e4a2cbf70556ffef24a1e494a29702c40a51079f03&req=dSAuH8t6mIhcWfMW1HO4zds8nsJ%2BgxUjuYiv%2BPz4Mwo2u3E6reaEF5MS7Xh8%0A902S%0A) + +You can add additional filter parameters to make this tile more functional for your use\-case. For example, if you wanted this tile to only track Open Findings (and ignore any Mitigated Findings) you could set the **Active** filter to **Yes.** + + + + +## Endpoint Tiles + + +If you need to keep track of particular Endpoints, you can set up a Tile to quickly navigate to a filtered list. This tile can be set up to filter by Host, Product, Tags or other parameters that are relevant to the Endpoints you want to track. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245937/ad144be9ff33a8b4444ff590/AD_4nXepUNZnVXHIVsbpfvfC2h13w6jXUANG9sQft3ZvHGvSIBqFrbm7AYjHTdAdUXO4IhJHm-oECJLF2YoadKyiS3w5FUPlXBhtimVZs0NCARKipuX-ej0GYxT-i3W2Y07qTmZRYvPUa0OLzQ4seyWPLURoINu2?expires=1729720800&signature=481c9153d83cdea99fab30278788d03f09773f2d7f91c72d37d63757d2ecccd0&req=dSAuH8t6mIhcXvMW1HO4zQSsYYNUM4kbREMXvQBnaYsMgeVUTYM8epzxTFjX%0AHCqU%0A) +Clicking the footer on this tile brings us to a filtered list of Endpoints which displays their status. DefectDojo will only create and track Endpoints with related vulnerabilities, so this will not include any Endpoints which have no vulnerabilities reported. + + + + +### Example: Monitor All Endpoints With Same Host + + +If you wanted to use Endpoints to look at vulnerabilities on a certain part of your architecture, regardless of the associated Product, you could use an Endpoint Tile to filter for a particular URL. From there, you could see all Findings associated with that part of your network. + + +* Create an Endpoint tile. For this example, we are setting the Host Contains field to **‘centralaction\-items’**, as that string is part of many Endpoint URLs in our infrastructure.​ +* Set your Header to a title which describes the intended function of your tile. In this example, we used **‘Host: centralaction\-items’**. + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245947/ac7f51e4310dde5b009dc512/AD_4nXec8wyXhKtfWyVct5icqvYQd1nWnE5iNqtad32P_fhIUOq7k_k7WCo2CiMoWYER9z61ZtohDHWe3OMThel5ZYr4BeV2uq64R4RiMmwh1mNY8OIHryj13mrFuuce3ubctxNoI1BUd3dc2YuOxPC5mD6is2VE?expires=1729720800&signature=72bfb702926099be4ca954ebfa9fca7e549329e16711abe9523273b76efcdc33&req=dSAuH8t6mIhbXvMW1HO4zbw1aZZSF3S5xTEJsUC0GtABK4hktPq3myVycpsp%0AHWm9%0A) + +## SLA Violation Tile + + +This Tile counts Findings which are at risk of violating SLA. It can be set to track all Products, or specific Products chosen from a list. + + + + +### Example: Findings Approaching SLA Violation + + +If you want to create a filter for Findings which are within 7 days of SLA expiration, you can set up your filter parameters to track this. When setting the Filter parameters for the SLA Violation tile, set **‘Days Before Expiration’** to **7**. Select either All Products, or a list of specific Products. + + + +Set the Header to describe the filter you’re applying, for example ‘SLA Violation \- 3 Days Or Less’. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245955/8576606b4010df4c361aa1fa/AD_4nXdGwX6vqdPr4ITjvsq5rJsgO8MwddFTN86EnUq9JKUtibQkXX5xZxVX1IDU3UeZ6WhMIj1dGz_GvxxdgyABTq4rFD0GlDRNvLsqioGJ4NLisrE5xIFjYyHwly9HywdgQc7vuu5WzGzzjv5_4x6vU0FiPutW?expires=1729720800&signature=ac8049bcc6095a8ae237a61e0cbb83eab4c3f1ff71d5b5d8e430f7358b071eb1&req=dSAuH8t6mIhaXPMW1HO4zfBDR3ICj1QmtNLC6aB8BxNW6Qwmak%2FkhLOGcbI4%0Alc78%0A) + +Clicking on the footer will bring you to a list of these Findings for you to address. This tile only tracks Active Findings, but will also track Findings with an expired SLA. + + +## + + +## Scan Time Violation Tile + + +This Tile is used to track specific Products to ensure that new scan data is being added on a regular basis. + + + +If there are particular Products which you’re scanning on a regular interval, you can use this tile to ensure your tools and imports are running as expected. + + + +This Tile will return a count and related list of Products which have **not** had new scan data added in the interval you’ve defined. + + + + +### Example: Automation Tracking + + + +If you have scanning tools set to run on a weekly basis, you can use this tile to make sure those automated processes are working correctly. + + +* From the Tile filters, select the target Products where the scan data will be imported via automation. Set the Days Since Last Scan field to ‘Past Week’. +* Set a descriptive name in the Header which communicates the interval you’re testing. + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245967/9745f21ae3614d9e6406f93a/AD_4nXcVb37xVMoICT7P7w1L8p0VjGYhfGFZZh7m4tO8wfatKebv8pvDhML9sZsuIJ-okh-Oyg9Cahd5M408PtzTbM0ym0qHKwNW99lB9uWiivL9PtD2vPS7NDLG0ZS09ldr7fX-iRB1q5noG0dVGcXIaJ6yvV1P?expires=1729720800&signature=1579ee824aab9d78f6d9125625c48f9162927bb4fb3fc6d861dd707392afa122&req=dSAuH8t6mIhZXvMW1HO4zXyP7F7Ov9ecGvye0gQcHXd8pHK41FspsCfWSlpI%0AUS2o%0A) + +If you have multiple scanning intervals that you want to monitor, you can set up multiple tiles to track each one. + + + + +## Product Grade Title + + +This Tile compares the Product Grade of all Products on your instance, so that you can track any Products which do not meet your grading standard. + + + +This tile uses a comparison operator (\<, \=, \<\=, \>\=) to track Products which equal, exceed or fail to meet the Product Grade which you want to monitor. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245976/c64f3cd3a4ba9c82a287d9e4/AD_4nXfzYr-U2z4sQS5f5jzQdW-tGdUKipO2kXoznkzRP8sbGQ9rz_OW0glHfS21OrlrFxkOOVZdkZckwMnbjwrVU4UIxdMzUUjw_PwTMQ9waw6O29lynkHKh1vl2aSkt7vGq4VlIdTutW3qCYyxESOREJI4eMU?expires=1729720800&signature=ed32f49d6a96f11c7871b35f2efdfa70024e72c4397cba6044c772daffd1ca3e&req=dSAuH8t6mIhYX%2FMW1HO4zUlOMyAwa%2FpBhtlqZBy0rpjWQWAVKiIeJ7OUh0%2Ft%0A%2BpJ%2B%0A) +For more information on how Product Grades are calculated, see our article on [Product Health Grading](https://support.defectdojo.com/en/articles/9222109-product-health-grading). + + + + +### Example: Track Failing Products + + +If you want to quickly access Products in your instance which do not meet your Grading standard, you can set up a Tile which handles that calculation. The Grading standard used in this example is ‘Less Than C’: we want our tile to flag any Products with a Grade of D or lower. + + +* Create a Product Grade Tile. From the Filters list, set the Grade which you consider ‘failing’. In this case we’ll select C. +* In the Filters list, set a **Comparison Operator** to determine the logic used in counting your failing Products. In this case, we’ll select **‘Less Than’**. + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099245981/9235ca4f8edd03d04806bd4c/AD_4nXemS4UCV0AVT6i_1iVxwaYBT6aowID4cBzTB5Nmea3Y5HR2YlfmG88L0I7YLoBcXg_0r7CRiK2ZKGCrUlh5uspt7BNu8HHbE30uFedUPqXwAh03n5fMOsiFy5AWe9D7Dm3g1b_8lGJllo_wNU7BAjpGLoR9?expires=1729720800&signature=c78666efc2b09a6f852441e9ded672fb57406790f12dfe7ae6221dc84bba2423&req=dSAuH8t6mIhXWPMW1HO4zUEUoC3vBLQ%2FkccLXG3isEf2Dqdz%2BHIVM%2BRSJM2u%0ANk%2Fh%0A) + +As with other Product related Tiles, you can set the Tile to look at All Products in your instance, or only a specific list of Products. + + + +# **Next Steps:** + + +* Learn how to **[Add, Edit or Delete your Dashboard Tiles](https://support.defectdojo.com/en/articles/9548086-add-edit-or-delete-dashboard-tiles)**. +* For more detailed descriptions of Tile Filters, see our **[Tile Filter Index](https://support.defectdojo.com/en/articles/9548086-add-edit-or-delete-dashboard-tiles#h_0339dd313b)**. + + diff --git a/docs/content/en/dashboard/How-To: Add, Edit or Delete Dashboard Tiles.md b/docs/content/en/dashboard/How-To: Add, Edit or Delete Dashboard Tiles.md new file mode 100644 index 0000000000..e479131a47 --- /dev/null +++ b/docs/content/en/dashboard/How-To: Add, Edit or Delete Dashboard Tiles.md @@ -0,0 +1,268 @@ +--- +title: "How-To: Add, Edit or Delete Dashboard Tiles" +description: "Set up custom filters to track your work" +--- + +Custom Dashboard Tiles can be added, edited or deleted by any user with **Superuser** Permissions. + + + + +# Adding a new Dashboard Tile + + +New Dashboard tiles can be added by opening the **\+** (plus icon)menu on the Dashboard. New Dashboard tiles will always be created at the bottom of the Dashboard Tiles section. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099242883/d09d09f605fa9c0c98d48da0/AD_4nXffF2tsgbJPbwaqtzDJsLNehJTI5sVTtweUKKcjlZSbYW6mGSGG3-p5lwnhzvjID3ILgUJY5zp5eIhdfcNkXE22WQSAUZZLL3IPN2NWvP9LPQkdjZjwj4PyttAzEVlv6NsL6SDr681vc1HjlQsJUwyWg5Y?expires=1729720800&signature=fda39a3ac402f593b4de9106165c30ecba372d0639a621d9183a68da5e89f865&req=dSAuH8t6n4lXWvMW1HO4zZXQQjy5PbqnpMBkHB25%2BKjWEA6rK2wKVSwRBNjm%0A4Yn%2B%0A) + +Select the kind of Tile you want to add, which will then bring you to the Add Dashboard Tile form. + + + + +### Editing a Dashboard Tile + + +If you wish to edit a Dashboard Tile, you can click the Header of the Tile, which will also open the Dashboard Tile form. + + + + +## Add / Edit Dashboard Tile form + + +From here you can set your Dashboard Tile’s options: + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099242892/0f6d28c17eb945dc9a664f12/AD_4nXfwA_eCPCfAA35-lMO4ffSlKcvHfRXwVCfFDwhhILI4jjUZMzwGrpuze1U96t0j4qyHvA1qas-A2uyPNjTezdaiyifnvU0ek_M0u6cQrEy_5l6q-VHfH3GOyqKu9xMCwgptjGZ2seU0MFI1Xkcu9dR1kI9h?expires=1729720800&signature=c1f05273e9a6b61f544c2e7f553d40964e42b4ee754cfda648f04da8f88e335f&req=dSAuH8t6n4lWW%2FMW1HO4zfHMOEzjomzC7%2FartNm051WDmNHk8wVBaG7sAp8N%0A5VWd%0A)* Select an **Icon** for your tile (**1\)** +* Set the **Header** textfor your tile **(3\)** +* Set the **Footer** textfor your tile +* Set the **Color** of your icon + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099242903/bb5ab796524526528cd1d7fd/AD_4nXeXuNIrQ5AXGATNXhoh6Z5hXpLdx7yp-_7A64YDXxXvnWfmYmK6BYTGsecP_z7ZPCVJoNELKotvd-zwwF1yCiQkgq8K4JY6eMUo6Nt8y0oGuHiZWs5x0EvkfgVRDHfwIEgt9VqCfshIYXtwOGjlOsn3kRjJ?expires=1729720800&signature=d3ee3511691e6818c6e3da833f64365971ca7a3167c290acf2775d4c73cbc1e4&req=dSAuH8t6n4hfWvMW1HO4zQZnKZov%2FceWz7096CXLjrLzFiy69E4isnopgvGw%0AHYNn%0A) + +## Dynamic Color Tile + + +If you want to set your tile to change color based on the associated count of Findings, Products or other objects returned by the filter, you can enable **Dynamic Color Tile** in this menu. The color of the tile Icon will change from Green \-\> Yellow \-\> Red as the object count changes. + + +* **Dynamic Color Minimum is the bottom of the range. If the Object count is equal to or less than this number, the tile Icon will be set to Green.** +* **Dynamic Color Maximum** is the top of the range. If the Object count is equal to or greater than this number, the tile Icon will be set to Red. +* Any number between the Minimum or the Maximum will set the filter to Yellow. + + + +### **Example 1: Critical Findings Count** + + +Say you wanted to set up a Dynamic Color Tile to track our Critical Findings. You can set your Dynamic Color parameters as follows: + + +* Set **Dynamic Color Minimum** to 0\. As long as you have 0 active Critical Findings, this tile will be **Green**. +* Set **Dynamic Color Maximum** to 5\. If you have 5 or more Critical Findings active in our environment, the tile will turn **Red** to indicate there’s timely action required to address these Findings. +* If you have 1\-4 Critical Findings in your instance, the filter will be **Yellow** to indicate that we’re not in an ‘emergency’ situation but we should be aware of these Findings. + + +Of course, your team’s standards and acceptable range for this kind of filter may differ from our example. + + + +## Inverted Maximum and Minimum + + +If your Maximum is lower than your Minimum, the range will still compute correctly. + + + +**Example 2: Passing Products Count** + + +Say you wanted to set up a Tile which tracks your Passing Products with a Dynamic Color. An acceptable count of Passing Products for you is 5 or more, and a ‘failing’ state is 2 or fewer Passing Products. + + + +You can set your **Dynamic Color Maximum** of 2, and a **Dynamic Color Minimum** of 5, the Tile will apply colors as follows: + + + +* If the filter returns 2 Objects or fewer , the tile will be **Red**, indicating that very few of your Products are passing. +* If the filter returns 5 Objects or greater, the tile will be **Green**, indicating that a healthy amount of your Products are passing. +* If the filter returns a value between those two numbers, the tile will be **Yellow**, indicating that a significant, but non\-critical amount of your Products are not passing. + + +# Tile Filter Index + + +To set a specific context for your tile, you can set various Tile Filters. Click the **Tile Filters \+** button at the bottom of the form to expand the Tile Filters menu. + + + +Filters are optional. Each Tile has a different set of relevant filters which can be selected. + + + +## Product Tile + + +* **Product Name Contains**: type in one or more partial matches of Product Names, separated by commas +* **Product Name Exact**: type in one or more exact matches of Product Names, separated by commas +* **Product Type:** Select one or more options from the list +* **Business Criticality**: Select one or more options from the list +* **Platform**: Select one or more options from the list +* **Lifecycle:** Select one or more options from the list +* **Origin:** Select one or more options from the list +* **External Audience:** Yes/No +* **Internet Accessible:** Yes/No +* **Has Tags**: Yes/No +* **Tags:** type in one or more exact matches of tags, separated by commas +* **Tag Contains:** type in one or more partial matches of tags, separated by commas +* **Outside of SLA**: Yes/No + + + +## Engagement Tile + + +* **Product Name Contains**: type in one or more partial matches of Product Names, separated by commas +* **Product Type**: Select one or more options from the list +* **Engagement Name Contains**: type in one or more partial matches of Engagements, separated by commas +* **Engagement Lead**: Select a single option from the list +* **Engagement Version**: type in an Engagement Version +* **Test Version**: type in a Test Version +* **Product Lifecycle**: Select one or more options from the list +* **Engagement Status**: Select one or more options from the list +* **Has Tags**: Yes/No +* **Tags:** type in one or more exact matches of tags, separated by commas +* **Tag Contains:** type in one or more partial matches of tags, separated by commas +* **Does Not Have Tags**: type in one or more exact matches tags to ignore, separated by commas +* **Tag Does Not Contain**: type in one or more partial matches of tags to ignore, separated by commas + + +## Test Tile + + +* **Test Name Contains**: type in one or more partial matches of Test Names, separated by commas +* **Test Type**: select a single Test Type from the list +* **Engagement**: select a single Engagement from the list +* **Test Version:** type in a Test Version +* **Branch/Tag**: type in a Branch/Tag +* **Build ID**: type in a Build ID +* **Commit Hash**: type in a Commit Hash +* **Engagement Tag Contains: type in one or more partial matches of tags, separated by commas** +* **Engagement Tag Does Not Contain**: type in one or more partial matches of tags to ignore, separated by commas +* **Product Tag Contains**: type in one or more partial matches of tags, separated by commas +* **Product Tag Does Not Contain**: type in one or more partial matches of tags to ignore, separated by commas +* **Has Tags**: Yes/No +* **Tags**: type in one or more exact matches of tags, separated by commas +* **Tag Contains**: type in one or more partial matches of tags, separated by commas +* **Does Not Have Tags**: type in one or more exact matches tags to ignore, separated by commas +* **Tag Does Not Contain**: type in one or more partial matches of tags to ignore, separated by commas + + + +## Finding Tile + + +* **Name Contains**: enter a partial match of a Finding Name from the menu +* **Component Name Contains**: enter a partial match of a Component Name from the menu +* **Date**: select an option from the menu +* **CWE**: type in an exact match of a CWE +* **Severity**: select one or more Severities from the menu +* **Last Reviewed**: select an option from the menu +* **Last Status Update**: select an option from the menu +* **Mitigated Date**: select an option from the menu +* **Reported By**: select one or more Users from the menu +* **Product Type**: select one or more Product Types from the menu +* **Product**: select one or more Products from the menu +* **Product Lifecycle**: select one or more Product Lifecycle states from the menu +* **Engagement**: select one or more Engagements from the menu +* **Engagement Version**: type in an exact match of an Engagement Version +* **Test Type**: select one or more Test from the menu +* **Test Version**: type in an exact match of a Test Version +* **Active**: Yes/No +* **Verified**: Yes/No +* **Duplicate**: Yes/No +* **Mitigated**: Yes/No +* **Out Of Scope**: Yes/No +* **False Positive**: Yes/No +* **Has Components**: Yes/No +* **Has Notes**: Yes/No +* **File Path Contains**: type in a partial match of a File Path +* **Unique ID From Tool**: type in an exact match of a Unique ID From Tool +* **Vulnerability ID From Tool**: type in an exact match of a Vulnerability From Tool +* **Vulnerability ID**: type in an exact match of a Vulnerability +* **Service Contains**: type in a partial match of a Service +* **Parameter Contains**: type in a partial match of an Parameter +* **Payload Contains**: type in a partial match of an Payload +* **Risk Accepted**: Yes/No +* **Has Group**: select an option from the list +* **Planned Remediation Date**: select an option from the list +* **Planned Remediation Version**: type in a Planned Remediation Version +* **Reviewers**: select one or more Users from the list +* **Endpoint Host Contains**: type in a partial match of an Endpoint Host +* **Outside of SLA**: Yes/No +* **Effort For Fixing**: select an option from the list +* **Has Tags**: Yes/No +* **Tags**: type in one or more partial matches of Finding tags, separated by commas +* **Tag Contains**: type in one or more partial matches of Finding tags, separated by commas +* **Does Not Have Tags: type in one or more exact matches of Finding tags to ignore, separated by commas** +* **Tag Does Not Contain**: type in one or more partial matches of Finding tags, separated by commas +* **Test Tags**: type in one or more exact matches of tags, separated by commas +* **Test Does Not Have Tags**: type in one or more exact matches of tags to ignore, separated by commas +* **Engagement Tags**: type in one or more exact matches of tags, separated by commas +* **Engagement Does Not Have Tags**: type in one or more exact matches of tags to ignore, separated by commas +* **Product Tags**: type in one or more exact matches of tags, separated by commas +* **Product Does Not Have Tags**: type in one or more exact matches of tags to ignore, separated by commas + + + + +## Endpoint Tile + + +* **Protocol Contains**: type in a partial match of a Protocol from the menu +* **User Info Contains**: type in a partial match of User Info from the menu +* **Host Contains**: type in a partial match of a Host from the menu +* **Port Contains**: type in a partial match of a Port from the menu +* **Path Contains**: type in a partial match of a Path from the menu +* **Query Contains**: type in a partial match of a Query from the menu +* **Fragment Contains**: type in a partial match of a Fragment from the menu +* **Product**: select one or more Products from the menu +* **Has Tags**: Yes/No +* **Tags**: type in one or more exact matches of tags, separated by commas +* **Tag Contains**: type in one or more partial matches of tags, separated by commas +* **Does Not Have Tags**: type in one or more exact matches tags to ignore, separated by commas +* **Tag Does Not Contain**: type in one or more partial matches of tags to ignore, separated by commas + + + + +## SLA Violation Tile + + +* **Days Before Expiration**: select an option from the menu +* **Include All Products**: Yes/No +* **Included Products**: select one or more Products from the menu + + + +## Scan Time Violation Tile + + +* **Days Since Last Scan**: select an option from the menu +* **Include All Products**: Yes/No +* **Included Products**: select one or more Products from the menu + + + +## Product Grade Tile + + +* **Product Grade**: select a single Product Grade from the menu +* **Comparison Operator**: select a Comparison Operator from the menu, related to Product Grade +* **Include All Products**: Yes/No +* **Included Products**: select one or more Products from the menu diff --git a/docs/content/en/dashboard/How-To: Edit Dashboard Configuration.md b/docs/content/en/dashboard/How-To: Edit Dashboard Configuration.md new file mode 100644 index 0000000000..9c8e2d1e13 --- /dev/null +++ b/docs/content/en/dashboard/How-To: Edit Dashboard Configuration.md @@ -0,0 +1,41 @@ +--- +title: "How-To: Edit Dashboard Configuration" +description: "Customize or reset your dashboard metrics" +--- + +Superusers can choose which Metrics Charts are displayed on the Dashboard. To do this, select the **Edit Dashboard Configuration** option from the top\-right hand gear menu. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099199280/bc9d8ae838857adef92e54ca/AD_4nXc3l7uyP-HlvtpuJ1V0oThgRAXeYWH8ZCqAL2zuiRHe25KzXOPyKYRB4z7tIHEEqRplgForVyHuWh4vX2Gv8k61sIhbmAa9IVtV9oMA8kkxNScTnCt54nKJp3omWs2_BB8bX7py_ZFQe7t5wZ7wQkEg8_o?expires=1729720800&signature=2af3a168547993f2aa8fef2121a0871ac49642fd78872e4d21a88493006edd76&req=dSAuH8h3lINXWfMW1HO4zTF5VEnWxvN3pLYOUUsrEr56s%2BU6cAiJk6OGXdnT%0AMhFT%0A) +This will open the **Dashboard Configuration Settings** window. + + + + +## Dashboard Configuration Options + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099199299/83aced4a30064409a0876f06/AD_4nXffuQ5nDf72sTyNr_x9pryABKjQ7us0xFvKMyGPalbRT5gelfueA_-wwjzPdFKrylyLoDUg0sakMcpd_9ti3j4j0sP76yKoWWnUbcm4U9AgkQhZeuYvsr941fISWUFiT8178OkQ3rPsW-e3WZxcXsZZCKKS?expires=1729720800&signature=63de51f18166abd09450ee5a90f98d366887f2d88f4001645e53b7d625ddf07d&req=dSAuH8h3lINWUPMW1HO4zVE8KDjr%2BWghghM%2BEiv2czQ1pbK%2FLaHKY2M8Y16i%0AGOZv%0A) +* **Display Graphs** determines whether or not the **Historical Finding Severity** and **Reported Finding Severity** charts are visible. +* **Display Surveys determines whether or not the Unassigned Answered Engagement Questionnaires table is visible.** +* **Display Data Tables determines whether or not the Top 10 / Bottom 10 Graded Products tables are visible.** + + + +# Reset Dashboard Configuration + + +If you would like to reset your Dashboard to a default state, you can do so by selecting **Reset Dashboard Configuration** from the top\-right hand gear menu. + + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099199316/e3bab1241fa652fa8bd51efe/AD_4nXfFJArc_GW-f8MIU7G32pk1CGo3MQp7cIfem1SjRP0v62R4BPfJtCEuJY1y6sOBzB4nvZ5np0C2yzqo0RVXG3HyR6aB6c-Rwk0LScMILABS8VLP0R1yNZXUD8h3xbxUBhZBl6h6RPqnHymbHoHPagBaqlnS?expires=1719856800&signature=0526cd5859a78ad75bcc5b70fc34bd2b46765555dde08904f63573db108ed0bc) + + + + +**Note that this will remove any Custom Dashboard Tiles which have been added to your instance.** + + diff --git a/docs/content/en/dashboard/Introduction to Dashboard Features.md b/docs/content/en/dashboard/Introduction to Dashboard Features.md new file mode 100644 index 0000000000..c6972d12ab --- /dev/null +++ b/docs/content/en/dashboard/Introduction to Dashboard Features.md @@ -0,0 +1,120 @@ +--- +title: "Introduction to Dashboard Features" +description: "Working with the front page of DefectDojo" +--- + +The Dashboard is likely the first page you'll see when you open DefectDojo. It summarizes your team’s performance, and provides tracking tools to monitor specific areas of your vulnerability tracking environment. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099248472/507630ebe46f1e8aa4503560/AD_4nXcg1v8DMwyfzjBMZqMwfrre_0aX5rw7_Z4Rq7ovChpHvGqB_bERY7NIn_BPgPk4ZpIwM8uYCH93XvhcOslUD1XMuD0z_4L-lLRAt0_0Vrdk2YfJ9JsLnIKl7LF9J5OR0yF6fvgUd0D3zxlTpPX_KJjKCBbe?expires=1729720800&signature=1dc969c7b9e11b3ada4107ba15574ee5eb1c3b40e58c887eac6885b86f5839d6&req=dSAuH8t6lYVYW%2FMW1HO4zQyzfdSpho9jzf%2F8gMxshllJM3C4gseuDDW%2BQOFz%0Azjj6%0A) +The dashboard has two components: + + +* **Customizable Dashboard Tiles**, which you can use to visualize the metrics which are relevant to you. +* **Pre\-built Dashboard Charts**, which visualize your team’s overall performance. + +Each team member shares a single dashboard, but the results of the dashboard are restricted by their role and Product Membership. Team members will only see calculated stats for the Products, Engagements, Findings or other objects that they have access to. For more information, see our guides on [User Permissions and Roles](https://support.defectdojo.com/en/collections/8390373-user-permissions-roles). + + + + +# Dashboard Tiles + + +Tiles are designed to provide relevant information and speed up navigation within DefectDojo. + + + +![](https://downloads.intercomcdn.com/i/o/1099198236/2a80ebc78dde48b6b2276c86/crop+ss.png?expires=1729720800&signature=0c2ea009bd4cf434beac07443747470548f5a8fd457fe5a05b90cfdad4c6fee7&req=dSAuH8h3lYNcX%2FMW1HO4zYPWwqce5gycIa4Y%2BA69PP9lKEHPdB5nWRXVCQVh%0A%2Bms1%0A) +Tiles can: + + +* Act as shortcuts for particular sets of Findings, Products, or other objects +* Visualize metrics related to your Product +* Provide alerts on particular activity, track SLA Violations, failing imports or new Critical Findings + + +Tiles are pinned to the top section of your **🏠 Home** page. + + + +For more information about creating and editing Dashboard Tiles, see our guides on this topic**:** + + +* **[Dashboard Tile Summary](https://support.defectdojo.com/en/articles/9548109-dashboard-tile-reference)** +* **[Add, Edit or Delete Dashboard Tiles](https://support.defectdojo.com/en/articles/9548086-add-edit-or-delete-dashboard-tiles)** + + + +# Dashboard Charts + + +Located beneath Dashboard Tiles, DefectDojo has five pre\-built charts: + + + +* **Historical Finding Severity** pie\-chart +* **Reported Finding Severity** histogram, by month +* **Unassigned Answered Engagement Questionnaires** table +* **Top 10 Graded Products** table +* **Bottom 10 Graded Products** table + + +These charts can be added or removed from the dashboard via **[Dashboard Configuration](https://support.defectdojo.com/en/articles/9547802-edit-dashboard-configuration)**. + + + + +## Historical Finding Severity + + + +This chart organizes all Findings created in DefectDojo by Severity, so that you can see the overall distribution of vulnerability levels in your environment. + + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099248482/420121f96a020863e0862f90/AD_4nXemOWvoO9eYna7zSoGOS_wden_SqCQu-5fm5d7oIojCZgDA7oED9XKc6nU1OwdfwJDSUAMg4mmmsWzOyp8pqQs6qgA-Zd5DFffC26XSVaNteSuwSPOVJeV3_Cia-IgZ3iE2nySVjoCIkf6W3z1etNAxXTQ?expires=1729720800&signature=6ecc5526be162686489dd05c5a059c8af334ccf3bdef1d4e09f05b5e501e5dcb&req=dSAuH8t6lYVXW%2FMW1HO4zYoeTWHpH1BMIBuK2kPbraKaCDwBpN%2F%2BOykGzGQT%0AjxW4%0A) + +## Reported Finding Severity + + +This chart allows you to monitor the volume and severity distribution of incoming Findings per month. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099248496/1948ce9decd80d7769336eb1/AD_4nXf5qvd3rc9oWm-U_EH4tStUaE9DIpj95GTjy2c14fPuJruU9RVXqyC-HcPBATRl_wvjJqOJIIKNPKE6Ucrcmz4goaed80ccsxRJ_-NtOqVfQ2bZEJJP8JiqUXdxSJKAg2dTO-bP-5HnHM9ch35IKa6nWlo?expires=1729720800&signature=cabc0ed0d22e97a0d91432b39a72b2db750b8398b0ae4df149cf6bde937bcc5d&req=dSAuH8t6lYVWX%2FMW1HO4zbc0daBz9ubRr57LSAefv4CemogsXMj5xFtLdII9%0A3OBH%0A) + +## Unassigned Answered Engagement Questionnaires + + +If you have completed Engagement Questionnaires for review, those will be listed in this table. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099248510/c6c8087c483bcaa001d8cedb/AD_4nXcdZ_8hVOsXfZwh9Mk5XrZ8VJZLzVjK8WdYczPtHExzAf7brfCq4cZ_F12_PCFRWsvU_5ICIzqctb6cD4AJZfM0oeeTIVH9Y_HRv66p0CWG95g7NAmqXKcomrP3Q66nnWmypGiA_pg5h7cVjck20JoCYgFk?expires=1729720800&signature=3645887938704e50f084e6e153703012ba481da6dcb6ee42d3a71b460b848ae8&req=dSAuH8t6lYReWfMW1HO4zZqw72Twjcx8DHx8cYYRoH7jyAeFYqxpwzZoJdT2%0ATURK%0A) + +## Top 10 / Bottom 10 Graded Products + + +This section summarizes the Graded performance of each Product in your instance, counting the Highest and Lowest scoring Products. + + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1099248519/bb35260a29b3521223111a39/AD_4nXdbQ0hhxFdtwBJuHkjTKYKDYwDBHprXWq9eFmUc0Lq_dLXU4Wf1ntQQp_RrLENp4w9fVf2MpLJvz0xIJbXZIXnXvf0wpryX3dWycOYGqQqGEOMR7HXE_z3sfHJ3oCxWaRAvcvgo-upcO0f0-aGxBv5SK29Y?expires=1729720800&signature=6df3b486f4a5ae601a07d327395fd9241a4760c77215ed805adeeed5fc612725&req=dSAuH8t6lYReUPMW1HO4zfJ4ezP3qlX0vv4X6YptNnM7fTBJMOvXDSq7Lcza%0Am7WX%0A) +Finding Counts of each severity are calculated by the tile, but note that Product Grade is only assigned based on Active Findings, so there may be Inactive Findings counted in this table which do not contribute to the Grade. + + + +To understand how grades are calculated, see our guide to **[Product Health Grading](https://support.defectdojo.com/en/articles/9222109-product-health-grading)**. + + + + +# Next Steps + + +* Change or reset your dashboard display by **[editing your dashboard configuration](https://app.intercom.com/a/apps/tj2vh1ie/articles/articles/9547802/show)**. +* Learn how to customize your DefectDojo instance with **[custom Dashboard Tiles](https://app.intercom.com/a/apps/tj2vh1ie/articles/articles/9548109/show)**. diff --git a/docs/content/en/dashboard/_index.md b/docs/content/en/dashboard/_index.md new file mode 100644 index 0000000000..bf596fc0d8 --- /dev/null +++ b/docs/content/en/dashboard/_index.md @@ -0,0 +1,17 @@ +--- +title: "Set Up Your Dashboard" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 7 +chapter: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +pro-feature: true +--- \ No newline at end of file diff --git a/docs/content/en/integrations/_index.md b/docs/content/en/integrations/_index.md deleted file mode 100644 index c34a054de8..0000000000 --- a/docs/content/en/integrations/_index.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: "Integrations" -description: "A lot of integrations help to fit DefectDojo in your environment" -weight: 3 -chapter: true ---- diff --git a/docs/content/en/jira_integration/Add a Connected Jira Project to a Product.md b/docs/content/en/jira_integration/Add a Connected Jira Project to a Product.md new file mode 100644 index 0000000000..01f378d4ad --- /dev/null +++ b/docs/content/en/jira_integration/Add a Connected Jira Project to a Product.md @@ -0,0 +1,234 @@ +--- +title: "Add a Connected Jira Project to a Product" +description: "Set up a DefectDojo Product to push Findings to a JIRA board" +--- + + +If you haven't already set up DefectDojo's Jira Configuration, you'll need to start by linking one or more Jira instances to DefectDojo. +​ +See this guide for more information: [https://support.defectdojo.com/en/articles/8766815\-connect\-defectdojo\-to\-jira](https://support.defectdojo.com/en/articles/8766815-connect-defectdojo-to-jira) + + + +Once a Jira configuration is connected to a Product, Jira and the Product will communicate to do the following: + + +* Use DefectDojo Findings to create Jira Issues, which automatically contain all relevant Finding information and links +* Bidirectional Sync, allowing for status updates and comments to be created on both the Jira and DefectDojo side. + + +# Adding a Jira Configuration to a Product + + +Each Product in DefectDojo has its own settings which govern how Findings are converted to JIRA Issues. From here, you can decide the associated JIRA Project and set the default behaviour for creating Issues, Epics, Labels and other JIRA metadata. + + + +* In the UI, you can find this page by clicking the " **📝 Edit**" button under **Settings** on the Product page (defectdojo.com/product/{id}) \- see below. +​ + + +![](https://downloads.intercomcdn.com/i/o/856486761/0295eab4cbcddfaa8580113e/Screenshot+2023-10-18+at+12.52.03+PM.png?expires=1729720800&signature=ced06369d81e12da314378ddff554bb9858e56531b1ddb422b1d5afef67c67cd&req=fCUhEsF4modeFb4f3HP0gDRlwxrKQ7C1qGDGvem7%2FE8Fb%2FJraeTPIbL7fcZA%0AaNw%3D%0A) +* You can link to a Product Settings page directly via **yourcompany.**defectdojo.com/product/{id}/settings.​ + + +# List of Jira Settings + + +Jira settings are located near the bottom of the Product Settings page. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/856508823/52f747935f1a459e3e86fc8e/hF1hafMVlC5WgEQwsw3pikonDUk2YOTvriOUQ5IwYZSdBziMEMIjH1UU5jax7WBhq0-QMDlJ9XMlLgCLLWZKqpkWnVXCbe94huW0j9f_dIjyqs56_U_HkIfMyz4kTBfd5lVY9ojiSa5vkL27PzECJQk?expires=1729720800&signature=1016af7fb9854a97d063e8efe0fd71fb586dc3347f3800adbf58c7bd63356872&req=fCUhE8l2lYNcFb4f3HP0gPWOml2mPNmyR7jtT%2B5VWWMM%2B4IShk0FMDvNFDHv%0AKsA%3D%0A) +#### **Jira Instance** + + +If you have multiple instances of Jira set up, for separate products or teams within your organization, you can indicate which Jira Project you want DefectDojo to create Issues in. Select a Project from the drop\-down menu. + + + +If this menu doesn't list any Jira instances, confirm that those Projects are connected in your global Jira Configuration for DefectDojo \- yourcompany.defectdojo.com/jira. + + + +#### **Project key** + + +This is the Jira Key that you want to use for DefectDojo\-related Issues. You can set this Key to whatever you prefer for identifying DefectDojo Issues (e.g. if you set this key to “DEF” then Jira issues will be keyed as DEF\-1, DEF\-2\.. etc). + + + +![](https://downloads.intercomcdn.com/i/o/856497270/70e6eaf428a1b87f255b750a/Screenshot+2023-10-18+at+1.04.42+PM.png?expires=1729720800&signature=6abc48a2008e34caa111a70203a44977286f8978911352bb4ae510c06736c62f&req=fCUhEsB5n4ZfFb4f3HP0gN9ny5WxtErhtTvx45WDDjl2vYFz0OHr62iGOzKK%0Asdw%3D%0A) +#### **Issue template** + + +Here you can determine how much DefectDojo metadata you want to send to Jira. Select one of two options: + + +* **jira\_full**: Issues will track all of the parameters from DefectDojo \- a full Description, CVE, Severity, etc. Useful if you need complete Finding context in Jira (for example, if someone is working on this Issue who doesn't have access to DefectDojo). +Here is an example of a **jira\_full** Issue: +​ + + +![](https://downloads.intercomcdn.com/i/o/1124824955/66b150adaeba64b051ec1077/Screenshot+2024-07-25+at+2_03_46+PM.png?expires=1729720800&signature=24a1684a6df4b18b60b9992fa2f30f50b90b9d0ffd4e3070ead8651c375c5ef6&req=dSElEsF8mYhaXPMW1HO4zeHByIiE4CpUnjTjHiKUwy58XRyEJWLONZyASfZl%0A9yVY%0A) +* **Jira\_limited:** Issues will only track the DefectDojo link, the Product/Engagement/Test links, the Reporter and Environment fields. All other fields are tracked in DefectDojo only. Useful if you don't require full Finding context in Jira (for example, if someone is working on this Issue who mainly works in DefectDojo, and doesn't need the full picture in JIRA as well.) +​ +​**Here is an example of a jira\_limited Issue:**​ + +![](https://downloads.intercomcdn.com/i/o/1124826652/d84213e22b916af53c7165ca/Screenshot+2024-07-25+at+2_05_20+PM.png?expires=1729720800&signature=b3f08859314e7065b3f6ec4bef26ae49e4863b3afb734b4c79643bb43008e7c0&req=dSElEsF8m4daW%2FMW1HO4zQ5XnsQRrja7Wwx%2FASOHGd4Z1JOMBHolBt2BU7Ym%0A%2Fg75%0A) +#### **Component** + + +If you manage your Jira project using Components, you can assign the appropriate Component for DefectDojo here. + + + +**Custom fields** + + +If you don’t need to use Custom Fields with DefectDojo issues, you can leave this field as ‘null’. + + + +However, if your Jira Project Settings **require you** to use Custom Fields on new Issues, you will need to hard\-code these mappings. + + + +**Jira Cloud now allows you to create a default Custom Field value directly in\-app. [See Atlassian's documentation on Custom Fields](https://support.atlassian.com/jira-cloud-administration/docs/configure-a-custom-field/) for more information on how to configure this.** + + + + +Note that DefectDojo cannot send any Issue\-specific metadata as Custom Fields, only a default value. This section should only be set up if your JIRA Project **requires that these Custom Fields exist** in every Issue in your project. + + +Follow **[this guide](https://support.defectdojo.com/en/articles/8490775-handling-custom-fields-with-jira-issues)** to get started working with Custom Fields. + + + +**Jira labels** + + +Select the relevant labels that you want the Issue to be created with in Jira, e.g. **DefectDojo**, **YourProductName..** + + + +![](https://downloads.intercomcdn.com/i/o/856515252/2cb04638b743857035dfdb9f/Screenshot+2023-10-18+at+1.23.40+PM.png?expires=1729720800&signature=7e5276009204e295a410631bdcee70917418272c49a4f4f63d19c6faaae913a3&req=fCUhE8h7n4RdFb4f3HP0gHbMvU3o1kdacSZ2Nc1ZRCBbJmbD2fOk72C%2BJjDp%0ASqM%3D%0A) +#### **Default assignee** + + +The name of the default assignee in Jira. If left blank, DefectDojo will follow the default behaviour in your Jira Project when creating Issues. + + + +#### Checkbox options + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/856508853/1a12cd990af07464277c71de/yHarpjkd7J_yXpCangrpDyYVtKpiYti-n2ttCdUU07nrxdiganAVBwlVtUO-IIMCCZhUJQ7cwf175TBbqx9o7hGMJqe_a6nseoH5NNy7tI9AIzFoIWpbcJYidspZ_-oE3BgVZr50bd_Pov-TWo67aF8?expires=1729720800&signature=cbcfcc460248cf5f066f4915cc6b7c83ccccf35a918f9618ab238a04385b53ad&req=fCUhE8l2lYRcFb4f3HP0gNME15wuQsqmPhYPiUQHyBoxIJPyVMVZdGuEiZ2s%0AMZs%3D%0A) +#### **Add vulnerability Id as a Jira label** + + +This allows you to add the Vulnerability ID data as a Jira Label automatically. Vulnerability IDs are added to Findings from individual security tools \- these may be Common Vulnerabilities and Exposures (CVE) IDs or a different format, specific to the tool reporting the Finding. + + + +#### **Enable engagement epic mapping** + + +In DefectDojo, Engagements represent a collection of work. Each Engagement contains one or more tests, which contain one or more Findings which need to be mitigated. Epics in Jira work in a similar way, and this checkbox allows you to push Engagements to Jira as Epics. + + + +* An Engagement in DefectDojo \- note the three findings listed at the bottom. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/856508863/092011ca4636698d8001739b/7KRYqjCnbJFewjwbcicU0_TH1VX9E2driWLX-xd3L-zu1EQxKT0JG_E1LuVpxNFO9G_h4xcpcEHPpFCpWckPBZugNuK3iTdasDWFCp5zoWAtmzOFtFfVd3MMsqOlNHUm6T8Rv0Gd7RdRV4FzuyBcpsA?expires=1729720800&signature=2326ebe98fe0170236c5daeeeb86e436b6409ab329f81978c4a826090b23dec2&req=fCUhE8l2lYdcFb4f3HP0gAHfpVH32nbFvLmNZ74UKjCXKVEWwZhqdey%2BfxEQ%0ANqo%3D%0A) +* How the same Engagement becomes an Epic when pushed to JIRA \- the Engagement's Findings are also pushed, and live inside the Engagement as Child Issues. + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/856508874/70aa304d531b9b75bd147ae3/3YGWST-hUhnmwJVvjB2dOw3zyHV11WIP4RdscZX2LBxtkK1FMiSoIxe2yZ1-eqfVYtezXXKNS3cWhn-KZxQ7g3PkVYktM38yMsU5DomxTXMbIIQgvQpHDu1A2oQcdD0iYm8toGZUgM941kEfxb3Jk6M?expires=1729720800&signature=5781b9ab9165d385fde4f613193964464fab4605794f32588d6d64260810386e&req=fCUhE8l2lYZbFb4f3HP0gGUUkcJqUBbI%2F%2BQ%2FqslyI6BfMNNrkIa20wNQYPJF%0AYNg%3D%0A) + + +#### **Push All Issues** + + +If checked, DefectDojo will automatically push any Active and Verified Findings to Jira as Issues. If left unchecked, all Findings will need to be pushed to Jira manually. + + + +#### **Push notes** + + +If enabled, Jira comments will populate on the associated Finding in DefectDojo, under Notes on the issue(screenshot), and vice versa; Notes on Findings will be added to the associated Jira Issue as Comments. + + + +#### **Send SLA notifications as comment?** + + +If enabled, any Issue which breaches DefectDojo’s Service Level Agreement rules will have comments added to the Jira issue indicating this. These comments will be posted daily until the Issue is resolved. + + + +Service Level Agreements can be configured under **Configuration \> SLA Configuration** in DefectDojo and assigned to each Product. + + + +#### **Send Risk Acceptance expiration notifications as comment?** + + +If enabled, any Issue where the associated DefectDojo Risk Acceptance expires will have a comment added to the Jira issue indicating this. These comments will be posted daily until the Issue is resolved. + + + + +# Testing \& Troubleshooting the Jira integration + + + +## Test 1: Do Findings successfully push to Jira? + + +In order to test that the Jira integration is working properly, you can add a new blank Finding to the Product associated with Jira in DefectDojo. **Product \> Findings \> Add New Finding.** + + + +Add whatever title severity and description you wish, and then click “Finished”. The Finding should appear as an Issue in Jira with all of the relevant metadata. + + + + +If Jira Issues are not being created correctly, check your Notifications for error codes. + + +* Confirm that the Jira User associated with DefectDojo's Jira Configuration has permission to create and update issues on that particular Jira Project. + + + + + +## Test 2: Jira Webhooks send and receive updates from DefectDojo + + +In order to test the Jira webhooks, add a Note to a Finding which also exists in JIRA as an Issue (for example, the test issue in the section above). + + + +If the webhooks are configured correctly, you should see the Note in Jira as a Comment on the issue. + + + +If this doesn’t work correctly, it could be due to a Firewall issue on your Jira instance blocking the Webhook. + + +* DefectDojo's Firewall Rules include a checkbox for **Jira Cloud,** which needs to be enabled before DefectDojo can receive Webhook messages from Jira. + + + + +# Next Steps + + +Learn how to create Jira Issues from your Product with **[this guide](https://support.defectdojo.com/en/articles/8712582-creating-issues-in-jira).** + diff --git a/docs/content/en/jira_integration/Configuring the Jira <> DefectDojo Webhook.md b/docs/content/en/jira_integration/Configuring the Jira <> DefectDojo Webhook.md new file mode 100644 index 0000000000..b1d09d6ebe --- /dev/null +++ b/docs/content/en/jira_integration/Configuring the Jira <> DefectDojo Webhook.md @@ -0,0 +1,51 @@ +--- +title: "Configuring the Jira <> DefectDojo Webhook" +description: "How to create a webhook within Jira to push updates to DefectDojo" +--- + +The Jira integration allows for bidirectional sync via webhook. DefectDojo receives Jira notifications at a unique address, which can allow for Jira comments to be received on Findings, or for Findings to be resolved via Jira depending on your configuration. + + + + +# Locating your Jira Webhook URL + + +Your Jira Webhook is located on the System Settings form under **Jira Integration Settings**: **Enterprise Settings \> System Settings** from the sidebar. + + + +![](https://downloads.intercomcdn.com/i/o/1124842050/a844a3ca5bb139961e1e5f55/Screenshot+2024-07-25+at+2_11_59+PM.png?expires=1729720800&signature=4e310776d71ec2d5692e730256dac89ccd3dbcec84bdc9b54d046445353df34f&req=dSElEsF6n4FaWfMW1HO4zUvviECqSfGZgBjFH42oXvwEqut4AG4Qfkmo4x%2Fd%0AmwA%2F%0A) + +# Configuring Jira to send updates to your Webhook + + +1. Visit **https:// \ /plugins/servlet/webhooks** +2. Click 'Create a Webhook'. +3. For the field labeled 'URL' enter: [https://](https:) \<**YOUR DOJO DOMAIN**\> /jira/webhook/ \<**YOUR GENERATED WEBHOOK SECRET**\>. The Web Hook Secret is listed under the Jira Integration Settings as listed above. +4. Under 'Comments' enable 'Created'. Under Issue enable 'Updated'. + +Note that you do not need to create a Secret within Jira to use this webhook. The Secret is built into DefectDojo's URL, so simply adding the complete URL to the Jira Webhook form is sufficient. + + + +DefectDojo's Jira Webhook only accepts requests from the Jira API. + + + + +# Testing the Webhook + + +Once you have one or more Issues created from DefectDojo Findings, you can test the Webhook by adding a Comment to one of those Findings. The Comment should be received by the Jira webhook as a note. + + + +If this doesn’t work correctly, it could be due to a Firewall issue on your Jira instance blocking the Webhook. + + +* DefectDojo's Firewall Rules include a checkbox for **Jira Cloud,** which needs to be enabled before DefectDojo can receive Webhook messages from Jira. + + +​ + diff --git a/docs/content/en/jira_integration/Connect DefectDojo to Jira.md b/docs/content/en/jira_integration/Connect DefectDojo to Jira.md new file mode 100644 index 0000000000..f76351c4c2 --- /dev/null +++ b/docs/content/en/jira_integration/Connect DefectDojo to Jira.md @@ -0,0 +1,118 @@ +--- +title: "Connect DefectDojo to Jira" +description: "Set up a Jira Configuration in DefectDojo - step 1 of working with Jira" +--- + +Jira Configurations are the starting point for DefectDojo’s Jira integration. You can add multiple configurations to a DefectDojo instance, to allow for many different linked Jira Projects and boards. + + + + +Adding a configuration does not cause any Findings to push right away \- this is simply the first step. Once the Jira Configuration is created, it must be added to a Product before any information will push to Jira. See **[this guide](https://support.defectdojo.com/en/articles/8490492-add-jira-integration-to-a-product)** for help with adding this integration to a Product. + + + + +# The Jira Configuration Page + + +The first step of setting up a Jira configuration is to add a Project to DefectDojo. + + + +1. If you have not already done so, navigate to the System Settings page and check the box on **Enable Jira Integration**. You will need to do this before the ⚙️ **Configuration \> JIRA** option shows up on the sidebar. +​ +2. Navigate to the ⚙️**Configuration \> JIRA** page from the DefectDojo sidebar. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/923276103/2e774b44ee315e9f1fe41b82/CS6sI6mueuFgwwSbGtaqfxEbPRnlIzgfznaIsJIJWgbxgqvD2FPOy6PXxiuoYKrXCvw4iRCvOJyjEudrQHuseFZoBmFAAYp0Dg-NB-nVYdXA39tPOj2fEauP4SucvbaIYR7HQlb0s6-3Hew-pVpA5vY?expires=1729720800&signature=365f08fd7d42e19ebe17ab88fb023b7300567cbaea867f08b4153367e90597ac&req=fSIkFM54nIFcFb4f3HP0gCxFHutEmNqH7jYG931BvciUfy74oWsSnQSSvalx%0A5%2Fo%3D%0A) + +​ +3. You will see a list of all currently configured JIRA Projects which are linked to DefectDojo. To add a new Project Configuration, click the wrench icon and choose either the **Add JIRA Configuration (Express)** or **Add JIRA Configuration** options. + + +# Add JIRA Configuration (Express) + + +The Express method allows for a quicker method of linking a Project. Use the Express method if you simply want to connect a Jira Project quickly, and you aren’t dealing with a complex Jira workflow. + + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/923276110/e56e505a6376018b2122b7fe/Ctw3ngxgjcN7GtRhu3UQvuXL6kRB7KXN8hrXgvmKIDsU48fDs2_YykUh_TsnbLzPwS0tmYWE92ESBPZyJUIThf4JcE0iMI3djceRKMoRAK54cuO9ywYZQTuS08D1KOzzb_SPO7t1_G6yigZ6X-EIMpM?expires=1729720800&signature=2e0fa3eb0ed45007c00921a283becb9861dda2d02d8ec30dc8ee3d70e704c9ee&req=fSIkFM54nIBfFb4f3HP0gKND0q%2BqhfaNsoM%2F9w6HI86zepJ7GdfOwgfRYqPB%0A34s%3D%0A) + +1. Select a name for this Jira Configuration to use on DefectDojo. +​ +2. Select the URL for your company’s Jira instance \- likely similar to https://**yourcompany**.atlassian.net if you’re using a Jira Cloud installation. +​ +3. Enter your Username and Password for Jira. Alternatively, if your Jira instance uses a Personal Access Token (**PAT**) for authentication, you should instead enter the **PAT** in the Password field. The Username will not be used for authentication with **PAT**, but you can use this field as a label to indicate the name of the **PAT** you're using. +​ +4. Select the Default issue type which you want to create Issues as in Jira. The options for this are **Bug, Task, Story** and **Epic** (which are standard Jira issue types) as well as **Spike** and **Security**, which are custom issue types. If you have a different Issue Type which you want to use, please contact [support@defectdojo.com](mailto:support@defectdojo.com) for assistance. +​ +5. Select your Issue Template \- the two types are: +\- **Jira\_full**, which will include all Finding information in Jira Issues +\- **Jira\_limited**, which will include a smaller amount of Finding information and metadata. +​ +If you leave this field blank, it will default to **Jira\_full.** +​ +6. Select one or more Jira Resolution types which will change the status of a Finding to Accepted (when the Resolution is triggered on the Issue). If you don’t wish to use this automation, you can leave the field blank. +​ +7. Select one or more Jira Resolution types which will change the status of a Finding to False Positive (when the Resolution is triggered on the Issue). If you don’t wish to use this automation, you can leave the field blank. +​ +8. Decide whether you wish to send SLA Notifications as a comment on a Jira issue. +​ +9. Decide whether you wish to automatically sync Findings with Jira. If this is enabled, Jira Issues will automatically be kept in sync with the related Findings. If this is not enabled, you will need to manually push any changes made to a Finding after the Issue has been created in Jira. +​ +10. Select your Issue key. In Jira, this is the string associated with an Issue (e.g. the word **‘EXAMPLE’** in an issue called **EXAMPLE\-123**). If you don’t know your issue key, create a new Issue in the Jira Project. In the screenshot below, we can see that the issue key on our Jira Project is **DEF**. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/923276116/18a309f58113bed538edef5c/qtggrY2_20z4Jp6uz7dxaohMrHzmJn9DXelFKtR2wGnD8ByE8ROC1SiWcEtuR1qKqkDPhXGbzHHKd6NnQ-uHpQKUTfEQ253GTmbxAEWYiKRue7SVKdzJTj3BB2EBKrRg1ersE6Yi_Xzxbh9W98LFC4w?expires=1729720800&signature=f918416686d1ccbe7ba658303ad0567c5bd97d202e5583e0fd49549664c2e73e&req=fSIkFM54nIBZFb4f3HP0gIg8xes%2B%2Baq6uUPJoKLs5nKEcgU4E2h07lSJKI99%0Apd0%3D%0A) +​ +11. Click **Submit.** DefectDojo will automatically look for appropriate mappings in Jira and add them to the configuration. You are now ready to link this configuration to one or more Products in DefectDojo. + + +# Add Jira Configuration (Standard) + + +The Standard Jira Configuration adds a few additional steps to allow for more precise control over Jira mappings and interactions. This can be changed after a Jira configuration has been added, even if it was created using the Express method. +​ + + +## Additional Configuration Options + + +* **Epic Name ID:** If you have multiple Epic types in Jira, you can specify the one you want to use by finding its ID in the Jira Field Spec. +​ +To obtain the 'Epic name id' visit https://\/rest/api/2/field and search for Epic Name. Copy the number out of cf\[number] and paste it here. +​ +​ +* **Reopen Transition ID:** If you want a specific Jira Transition to Reopen an issue, you can specify the Transition ID here. If using the Express Jira Configuration, DefectDojo will automatically find an appropriate Transition and create the mapping. +​ +Visit https://\/rest/api/latest/issue/\/transitions? expand\-transitions.fields to find the ID for your Jira instance. Paste it in the Reopen Transition ID field. +​ +​ +* **Close Transition ID:** If you want a specific Jira Transition to Close an issue, you can specify the Transition ID here. If using the **Express Jira Configuration**, DefectDojo will automatically find an appropriate Transition and create the mapping. +​ +Visit https://\/rest/api/latest/issue/\/transitions? expand\-transitions.fields to find the ID for your Jira instance. Paste it in the Close Transition ID field. +​ +​ +* **Mapping Severity Fields:** Each Jira Issue has an associated Priority, which DefectDojo will automatically assign based on the Severity of a Finding. Enter the names of each Priority which you want to map to, for Info, Low, Medium, High and Critical Severities. +​ +​ +* **Finding Text** \- if you want to add additional standardized text to each Issue created, you can enter that text here. This is not text that maps to any field in Jira, but additional text that is added to the Issue Description. "**Created by DefectDojo**" for example. + + +Comments (in Jira) and Notes (in DefectDojo) can be kept in sync. This setting can be enabled once the Jira configuration has been added to a Product, via the **Edit Product** form. + + + + + + +# Next steps + + +Now that you've set up your Jira Configuration, **[link it to one or more of your Products](https://support.defectdojo.com/en/articles/8490492-add-jira-integration-to-a-product)** to have your Findings populate into Jira. + diff --git a/docs/content/en/jira_integration/Creating Issues in Jira.md b/docs/content/en/jira_integration/Creating Issues in Jira.md new file mode 100644 index 0000000000..1249658975 --- /dev/null +++ b/docs/content/en/jira_integration/Creating Issues in Jira.md @@ -0,0 +1,123 @@ +--- +title: "Creating Issues in Jira" +description: "Pushing DefectDojo Findings to a linked Jira Project" +--- + + +Before you can create an Issue in Jira, you'll need to have + + +* **[a Jira integration configured](https://support.defectdojo.com/en/articles/8766815-set-up-a-jira-integration)** +* **[that same Jira integration linked to a Product](https://support.defectdojo.com/en/articles/8490492-add-jira-integration-to-a-product)** + + +Please see the guides above for help with this process. + + + +# How Findings are pushed to Jira + + + +A Product with a JIRA mapping can push Findings to Jira as Issues. This can be managed in two different ways: + + +* Findings can be created as Issues manually, per\-Finding. +* Findings can be pushed automatically if the '**Push All Issues**' setting is enabled on a Product. (This applies only to Findings that are **Active** and **Verified**). + +Additionally, you have the option to push Finding Groups to Jira instead of individual Findings. This will create a single Issue which contains many related DefectDojo Findings. + + + + +# Pushing a Finding to Jira Manually + + +1. From a Finding page in DefectDojo, navigate to the **JIRA** heading. If the Finding does not already exist in JIRA as an Issue, the JIRA header will have a value of '**None**'. +​ +2. Clicking on the arrow next to the **None** value will create a new Jira issue. The State the issue is created in will depend on your team's workflow and Jira configuration with DefectDojo. If the Finding does not appear, refresh the page. +​ +​ + + +![](https://downloads.intercomcdn.com/i/o/910784359/572d851c9d8292d34dd7acc7/Screenshot+2023-12-15+at+10.11.32+AM.png?expires=1729720800&signature=1b913080cd7ccd29c6193cf33923c10c80925daa92143022a3f8d0cacff4245b&req=fSEnEcF6noRWFb4f3HP0gC6hrwobes4KCfUutw28q8xS3rYZCA9CZZvLlsRZ%0Avro%3D%0A) + +​ +3. Once the Issue is created, DefectDojo will create a link to the issue made up of the Jira key and the Issue ID. This link will also have a red trash can next to it, to allow you to delete the Issue from Jira. +​ + + +![](https://downloads.intercomcdn.com/i/o/910793636/2a9cd7316f118ef3e108a26a/Screenshot+2023-12-15+at+10.22.25+AM.png?expires=1729720800&signature=ff6f8c8c5ab7f7b50aa64795924805e04779cbfd9eb1991458b52c187fbe460f&req=fSEnEcB9m4JZFb4f3HP0gGKdXeVgqwRYF%2FvyituVBDqN28dqVMi%2FhmEppluu%0AUys%3D%0A) +4. Clicking the Arrow again will push all changes made to an issue to Jira, and update the Jira Issue accordingly. If '**Push All Issues**' setting is enabled on the Finding's associated Product, this process will happen automatically. + + + +# How Jira Issues and Findings interact + + +Jira issues will impact their associated Finding in certain ways. + + + +## Jira Comments + + +* If a comment is added to a Jira Issue, the same comment will be added to the Finding, under the **Notes** section. +* Likewise, if a Note is added to a Finding, the Note will be added to the Jira issue as a comment. + +## Jira Status Changes + + +The Jira Configuration on DefectDojo has entries for two Jira Transitions which will trigger a status change on a Finding. + + +* When the **'Close' Transition** is performed on Jira, the associated Finding will also Close, and become marked as **Inactive** and **Mitigated** on DefectDojo. DefectDojo will record this change on the Finding page under the **Mitigated By** heading. +​ + + +![](https://downloads.intercomcdn.com/i/o/910797138/74e1c5ce3e09507d5c78b499/Screenshot+2023-12-15+at+10.26.37+AM.png?expires=1729720800&signature=01166d7f9f4ee3ed293e8ffc02afad7d4f519b7f72ba382a53b34e9754aeabaf&req=fSEnEcB5nIJXFb4f3HP0gKGxM4Pk6KLvrG1xOEGdbJCk%2FhkZvQmPj2YpZd%2F3%0AOXE%3D%0A) +* When the **'Reopen' Transition** is performed on the Jira Issue, the associated Finding will be set as **Active** on DefectDojo, and will lose its **Mitigated** status. + +# Push Finding Groups as Jira Issues + + +If you have Finding Groups enabled, you can push a Group of Findings to Jira as a single Issue rather than separate Issues for each Finding. + + + +The Jira Issue associated with a Finding Group cannot be interacted with or deleted by DefectDojo, however. It must be deleted directly from the Jira instance. + + + +## **Automatically Create and Push Finding Groups** + + +With Auto\-Push To Jira Enabled, and a Group By option selected on import: + + + +As long as the Finding Groups are being created successfully, the Finding Group is what will automatically push to Jira as an Issue, not the individual Findings. + + + +![](https://downloads.intercomcdn.com/i/o/910810290/ac1144f3e392c0f116ce31d2/Screenshot+2023-12-15+at+10.42.58+AM.png?expires=1729720800&signature=a7806351286be98a7502fbeb96a63169eb12800589253109a69141fa72457dc0&req=fSEnHsh%2Bn4hfFb4f3HP0gIyL3dh8pgNDPRYkuGHdr6COFAOSTngChYgp1zWa%0A%2FLU%3D%0A) + +# Change Jira settings for a specific Engagement + + +Different Engagements within a Product can have different underlying Jira settings as a result. By default, Engagements will '**inherit Jira settings from product'**, meaning that they will share the same Jira settings as the Product they are nested under. + + + +However, you can change an Engagement's **Product Key**, **Issue Template, Custom Fields, Jira Labels, Default Assignee** to be different from the default Product settings + + +You can access this page from the **Edit Engagement** page: **your\-instance.defectdojo.com/engagement/\[id]/edit**. + + + +The Edit Engagement page can be found from the Engagement page, by clicking the ☰ menu next to the engagement's Description. + + + +![](https://downloads.intercomcdn.com/i/o/937440895/19a20d2976703a88fd1ec03d/Screenshot+2024-01-18+at+2.36.46+PM.png?expires=1729720800&signature=bec87928877d2ac08278b3bf55c4adad51fe790eb6f8afce0375281e539b14e6&req=fSMgEs1%2BlYhaFb4f3HP0gN%2FyTRYP9aPTp26R2XB063sOp%2BXtCV4UWdbUjbpa%0AawI%3D%0A) \ No newline at end of file diff --git a/docs/content/en/jira_integration/Using Custom Fields.md b/docs/content/en/jira_integration/Using Custom Fields.md new file mode 100644 index 0000000000..b29c2dca88 --- /dev/null +++ b/docs/content/en/jira_integration/Using Custom Fields.md @@ -0,0 +1,308 @@ +--- +title: "Using Custom Fields in Jira" +description: "Making sure DefectDojo can successfully create Issues with custom fields" +--- + + +**DefectDojo does not currently support passing any Issue\-specific information into these Custom Fields \- these fields will need to be updated manually in Jira after the issue is created. Each Custom Field will only be created from DefectDojo with a default value.** + + + +**Jira Cloud now allows you to create a default Custom Field value directly in\-app. [See Atlassian's documentation on Custom Fields](https://support.atlassian.com/jira-cloud-administration/docs/configure-a-custom-field/) for more information on how to configure this.** + + + +DefectDojo's built\-in Jira Issue Types (**Bug, Task, Story** and **Epic)** are set up to work 'out of the box'. Data fields in DefectDojo will automatically map to the corresponding fields in Jira. By default, DefectDojo will assign Priority, Labels and a Reporter to any new Issue it creates. + + + +Some Jira configurations require additional custom fields to be accounted for before an issue can be created. This process will allow you to account for these custom fields in your DefectDojo \-\> Jira integration, ensuring that issues are created successfully. These custom fields will be added to any API calls sent from DefectDojo to a linked Jira instance. + + + +If you don’t already use Custom Fields in Jira, there is no need to follow this process. + + + + +# Process Summary + + +1. Recording the names of your Custom Fields in Jira (**Jira UI**) +2. Determine the Key values for the new Custom Fields (Jira Field Spec Endpoint) +3. Locate the acceptable data for each Custom Field, using the Key values as a reference (Jira Issue Endpoint) +4. Create a Field Reference JSON block to track all of the Custom Field Keys and acceptable data (Jira Issue Endpoint) +5. Store the JSON block in the associated DefectDojo Product, to allow Custom Fields to be created from Jira (DefectDojo UI) +6. Test your work and ensure that all required data is flowing from Jira properly + + + +## Step 1: Record the names of your Custom Fields in Jira + + +Jira supports a variety of different Context Fields, including Date Pickers, Custom Labels, Radio Buttons. Each of these Context Fields will have a different Key value that can be found in the Jira API. + + + +Write down the names of each required Custom Field, as you will need to search through the Jira API to find them in the next step. + + + +**Example of a Custom Field list (your Custom Field names will be different):** + + +* DefectDojo Custom URL Field +* Another example of a Custom Field +* ... + + + + +## Step 2: Finding your Jira Custom Field Key Values + + +Start this process by navigating to the Field Spec URL for your entire Jira instance. + + + +Here is an example of a Field Spec URL: + + +[https://yourcompany\-example.atlassian.net/rest/api/2/field](https://yourcompany-example.atlassian.net/rest/api/2/field) + + + +The API will return a long string of JSON, which should be formatted into readable text (using a code editor, browser extension or ). + + + +The JSON returned from this URL will contain all of your Jira custom fields, most of which are irrelevant to DefectDojo and have values of `“Null”`. Each object in this API response corresponds to a different field in Jira. You will need to search for the objects that have `“name”` attributes which match the names of each Custom Field you created in the Jira UI, and then note the value of their “key” attribute. + + + +![](https://downloads.intercomcdn.com/i/o/882536565/71741c46128f8c200eb369d5/Screenshot+2023-11-13+at+11.34.09+AM.png?expires=1729720800&signature=612c1c48aacf9036950b2a32be5de4b8e556bdb9f32d3c306af32959d8ffebdf&req=fCglE8p4mIdaFb4f3HP0gIHfoSgHpBIypMppgUBUzbLDThlL4NbgBKy13LHV%0As7g%3D%0A)⬆ Here is an example of a Custom URL Field on an issue, how the Custom URL Field appears in the JSON output. + + + +Once you’ve found the matching object in the JSON output, you can determine the “key” value \- in this case, it's `customfield_10050`. + + + +Jira generates different key values for each Custom Field, but these key values do not change once created. If you create another Custom Field in the future, it will have a new key value. + + + + +**Expanding our Custom Field list:** + + +* “DefectDojo Custom URL Field” \= customfield\_10050 +* “Another example of a Custom Field” \= customfield\_12345 +* ... + + + + +## Step 3 \- Finding the Custom Fields on a Jira Issue + + +Locate an Issue in Jira that contains the Custom Fields which you recorded in Step 2\. Copy the Issue Key for the title (should look similar to “`EXAMPLE-123`”) and navigate to the following URL: + + + +[https://yourcompany\-example.atlassian.net/rest/api/2/issue/EXAMPLE\-123](https://yourcompany-example.atlassian.net/rest/api/2/issue/EXAMPLE-123) + + + +This will return another string of JSON. + + + +As before, API output will contain lots of `customfield_##` object parameters with `null` values \- these are custom fields that Jira adds by default, which aren’t relevant to this issue. It will also contain `customfield_##` values that match the Custom Field Key values that you found in the previous step. Unlike with the Field Spec output, you won’t see names identifying any of these custom fields, which is why you needed to record the key values in Step 2\. + + + +![](https://downloads.intercomcdn.com/i/o/856601116/bd33f642bb614d0baddfb47e/Screenshot+2023-10-18+at+3.14.28+PM.png?expires=1729720800&signature=b7ec0c6e661235aedbc07cf80dd4338d46ace4929aa5737efd43af8a950ecd6b&req=fCUhEMl%2FnIBZFb4f3HP0gNDIh6YnvjmzgZRTCVsNiixkS%2BgiAgilIPc87YcO%0AJVg%3D%0A) +**Example:** +We know that `customfield_10050` represents the DefectDojo Custom URL Field because we recorded it in Step 2\. We can now see that `customfield_10050` contains a value of `“https://google.com”` in the `EXAMPLE-123` issue. + + + + +## Step 4 \- Creating a JSON Field Reference from each Jira Custom Field Key + + +You’ll now need to take the value of each of the Custom Fields from your list and store them in a JSON object (to use as a reference). You can ignore any Custom Fields that don’t correspond to your list. + + + +This JSON object will contain all of the default values for new Jira Issues. We recommend using names that are easy for your team to recognize as ‘default’ values that need to be changed: ‘`change-me.com`’, ‘`Change this paragraph.`’ etc. + + + + +**Example:** + + +From step 3, we now know that Jira expects a URL string for "`customfield_10050`”. We can use this to build our example JSON object. + + + +Say we had also located a DefectDojo\-related short text field, which we identified as "`customfield_67890`”. We would look at this field in our second API output, look at the associated value, and reference the stored value in our example JSON object as well. +​ +Your JSON object will start to look like this as you add more Custom Fields to it. + + + + +``` +{ + "customfield_10050": "https://change-me.com", + "customfield_67890": "This is the short text custom field." +} +``` + +Repeat this process until all of the DefectDojo\-relevant custom fields from Jira have been added to your JSON Field Reference. + + + +#### Data types \& Jira Syntax + + +Some fields, such as Date fields, may relate to multiple custom fields in Jira. If that is the case, you’ll need to add both fields to your JSON Field Reference. + + + + +``` + "customfield_10040": "1970-01-01", + "customfield_10041": "1970-01-01T03:30:00.000+0200", +``` + + +Other fields, such as the Label field, may be tracked as a list of strings \- please make sure your JSON Field Reference uses a format that matches API output from Jira. + + + + +``` +// a list of custom labels on a Jira object + "customfield_10042": [ + "custom-label-one", + "this-is-default", + "change-me-please" + ], +``` + + +Other custom fields may contain additional, contextual information that should be removed from the Field Reference. For example, the Custom Multichoice Field contains an extra block in the API output, which you’ll need to remove, as this block stores the current value of the field. + + +* you should remove the extra object from this field: + + + +``` +"customfield_10047": [ + { + "value": "A" + }, + { + "self": "example.url...", + "value": "C", + "id": "example ID" + } +] +``` +* instead, you can shorten this to the following and disregard the second part: + + + +``` +"customfield_10047": [ + { + "value": "A" + } +] +``` + + +### Example Completed Field Reference + + +Here is a complete JSON Field Reference, with in\-line comments explaining what each custom field pertains to. This is meant as an all\-encompassing example. Your JSON will contain different key values and data points depending on the Custom Values you want to use during issue creation. + + + + +``` +{ + "customfield_10050": "https://change-me.com", + + "customfield_10049": "This is a short text custom field", + +// two different fields, but both correspond to the same custom date attribute + "customfield_10040": "1970-01-01", + "customfield_10041": "1970-01-01T03:30:00.000+0200", + +// a list of custom labels on a Jira object + "customfield_10042": [ + "custom-label-one", + "this-is-default", + "change-me-please" + ], + +// custom number field + "customfield_10043": 0, + +// custom paragraph field + "customfield_10044": "This is a very long winded way to say CHANGE ME PLEASE", + +// custom radio button field + "customfield_10045": { + "value": "radio button option" + }, + +// custom multichoice field + "customfield_10047": [ + { + "value": "A" + } + ], + +// custom checkbox field + "customfield_10039": [ + { + "value": "A" + } + ], + +// custom select list (singlechoice) field + "customfield_10048": { + "value": "1" + } +} +``` + + +## Step 5 \- Adding the Custom Fields to a DefectDojo Product + + +You can now add these custom fields to the associated DefectDojo Product, in the Custom Fields section. Once again, + + +* Navigate to Edit Product \- defectdojo.com/product/ID/edit . +* Navigate to Custom fields and paste the JSON Field Reference as plain text in the Custom Fields box. +* Click ‘Submit’. + + +## Step 6 \- Testing your Jira Custom Fields from a new Finding: + + +Now, when you create a new Finding in the Jira\-associated Product, Jira will automatically create all of these Custom Fields in Jira according to the JSON block contained within. These Custom Fields will be created with the default (“change\-me\-please”, etc.) values. + + + +Within the Product on DefectDojo, navigate to the Findings \> Add New Finding page. Make sure the Finding is both Active and Verified to ensure that it pushes to Jira, and then confirm on the Jira side that the Custom Fields are successfully created without any inconsistencies. + + diff --git a/docs/content/en/jira_integration/_index.md b/docs/content/en/jira_integration/_index.md new file mode 100644 index 0000000000..dfa6177e42 --- /dev/null +++ b/docs/content/en/jira_integration/_index.md @@ -0,0 +1,17 @@ +--- +title: "Connect To Jira" +description: "Send DefectDojo Findings to one or more Jira Projects" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 4 +chapter: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +--- \ No newline at end of file diff --git a/docs/content/en/link_knowledge-base.md b/docs/content/en/link_knowledge-base.md deleted file mode 100644 index b7e7841e41..0000000000 --- a/docs/content/en/link_knowledge-base.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -title: "Knowledge Base" -manualLink: "https://support.defectdojo.com" -manualLinkTitle: "Open the DefectDojo Knowledge Base" -icon: fas fa-atlas -date: 2021-02-02T20:46:29+01:00 -weight: 1 -chapter: true ---- diff --git a/docs/content/en/notifications/About In-App Alerts.md b/docs/content/en/notifications/About In-App Alerts.md new file mode 100644 index 0000000000..ab7aeff607 --- /dev/null +++ b/docs/content/en/notifications/About In-App Alerts.md @@ -0,0 +1,54 @@ +--- +title: "About In-App Alerts" +description: "Manage your personal 🔔 Alerts in DefectDojo" +--- + +DefectDojo’s Alerts system keeps you up to date with all Product or system activity. + + + +## The Alerts List + + +The Alerts List is always visible in the top\-right hand corner of DefectDojo, and contains a compact list of notifications. Clicking on each Alert will take you directly to the relevant page in DefectDojo. + + + +You can open your Alerts List by clicking on the **🔔▼ icon** on the top right hand corner: + + +# + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962184118/22deeae73e389cbdd474abc6/Y_0qjtDeqEFCUJETy5UEB1kHEHntla7U21Any2QxOuwxjDmesuJjU1_iBo6GKYkNQjDwqZXjGvL_e8I88ObYoIWVkK7LooXpPMM0hTFFN-Tal_PRghpRuP4ilUWSZ4lN7dcPXItzUOGi8B4D9I3ijdA?expires=1729720800&signature=fcade9f5e7166ab4063d0898a5b6951cc070de5e5774fc866fce55b71fc6f53c&req=fSYlF8F6nIBXFb4f3HP0gAGoBPbnXU8sHMlGXmUcr%2BRTENXVZNLvnsUFJsy6%0A9os%3D%0A)# + + + +To see all of your notifications, along with additional detail, you can click the **See All Alerts \>** button, which will open the **Alerts Page**. + + + +You can also **Clear All Alerts \>** from the Alerts List. + + + + +## The Alerts Page + + +The Alerts Page stores all of your Alerts in DefectDojo with additional detail. On this page, you can read descriptions of each Alert in DefectDojo, and remove them from the Alerts queue once you no longer need them. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962184130/6835c7c1086d4145b0545b15/-2ZNGBc8OdCgW6jL7J2NEPP0AajeSKSBSn6k2OUWESpFOWD5GiePp907MWUSCIRyKEDGEHUE2FyDLxkyvxsYbHtiO1eV3R6XMV7WzXae3V1ZURA646O-0T33pDp-7XiMEmoAWg35wPidaKjIbjuT2GA?expires=1729720800&signature=773ae84506e9f08f3ca1bd7c0e1e1cb05cf43d048b3b92c89b8a5c4f7548ffac&req=fSYlF8F6nIJfFb4f3HP0gF%2BL0c%2FfyijSnUdI0Ho5vAzSilHO8lb8QLQHsSdu%0A6mU%3D%0A) +To remove one or more Alerts from the Alerts Page, check the empty box next to it, and then click the **Remove selected** button in the bottom\-right corner of the Page. + + + +## Notes On Alerts + + +* Reading an Alert, or opening the Alerts Page will not remove any Alerts from the count next to the bell icon. This is so that you can easily access past alerts to use them as reminders or a personal activity log. +* Using the **Clear All Alerts \>** function in the Alerts Menu will also completely clear the **Alerts Page**, so use this feature with care. +* Removing an Alertonly affects your own Alerts List \- it will not affect any other user’s Alerts. +* Removing an Alert does not remove any import history or activity logs from DefectDojo. diff --git a/docs/content/en/notifications/About Notifications.md b/docs/content/en/notifications/About Notifications.md new file mode 100644 index 0000000000..114c2ec511 --- /dev/null +++ b/docs/content/en/notifications/About Notifications.md @@ -0,0 +1,64 @@ +--- +title: "About Notifications" +description: "" +--- + +DefectDojo keeps you up to date in a variety of ways. Notifications can be sent for upcoming Engagements, user Mentions, SLA expiry, and other events in the software. + + + +This article contains an overview of notifications at both System\-wide and Personal levels. + + + + +# Notification Types + + +DefectDojo handles notifications in two different ways:: + + +* **System\-Wide Notifications** are sent to all users. +* **Personal Notifications are set by individual users, and will be received in addition to any System\-Wide Notifications.** + +In both cases, [Role\-Based Access Control](https://support.defectdojo.com/en/collections/6542284-user-management) rules apply, so users will not receive activity notifications for Products or Product Types (or their related objects) which they don’t have access to. + + + + +# Notification Delivery Methods + + +There are four delivery methods for DefectDojo notifications: + + +* DefectDojo can share **🔔 Alerts,** stored as a list in the DefectDojo interface +* DefectDojo can send notifications to an **Email** address +* DefectDojo can send notifications to **Slack,** in either a shared or individual channel +* DefectDojo can also send notifications to **Microsoft Teams** in a shared channel + +Notifications can be sent to multiple destinations simultaneously. + + + + +Receiving Slack and Teams notifications will require you to have a working integration. For more info, see our articles: + + +* [Slack Integration](https://support.defectdojo.com/en/articles/8944899-slack-integration) +* [Teams Integration](https://app.intercom.com/a/apps/tj2vh1ie/articles/articles/8944917/show) + + + + + + +--- + + +**Next Steps:** + + +* **[Learn more about DefectDojo's internal](https://support.defectdojo.com/en/articles/8944921-defectdojo-alerts) 🔔 [Alerts](https://support.defectdojo.com/en/articles/8944921-defectdojo-alerts)** +* **[Set up a Slack integration for DefectDojo](https://support.defectdojo.com/en/articles/8944899-slack-integration)** +* **[Set up a Teams integration for DefectDojo](https://app.intercom.com/a/apps/tj2vh1ie/articles/articles/8944917/show)** diff --git a/docs/content/en/notifications/Configure System & Personal Notifications.md b/docs/content/en/notifications/Configure System & Personal Notifications.md new file mode 100644 index 0000000000..0673ace01f --- /dev/null +++ b/docs/content/en/notifications/Configure System & Personal Notifications.md @@ -0,0 +1,65 @@ +--- +title: "Configure System & Personal Notifications" +description: "How to configure Personal & System notifications" +--- + +DefectDojo has two different kinds of notifications: **Personal** (sent to a single account) and **System** (which are sent to all users). + + + +Both your account’s Personal Notifications and the global System Notifications can be configured from the same page: **⚙️Configuration \> Notifications** in the sidebar. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962171746/9af3408bde158d43b69606ef/8bOsrZDbI3Jv84cIYM__Mq4Ni4kAD9h1OHis_l69njgePVCIqOo4TOuTbnBW0QDl3rTjJnrFHJ-A_egFUnvkNArVgX4hklFv001nCGhkvSZv-jmIP30KtnOT0UWNmc9hzo8YCqB2oHkwfyKsYDGA83c?expires=1729720800&signature=5cd73122c8a3653130671a90861d323b90ef974ce9bf98061bac5c93356990d5&req=fSYlF85%2FmoVZFb4f3HP0gIsH4DGb8qq8lEaQ9JV7Jg73SGLBgCUn%2BAJK3Ef7%0AfLM%3D%0A) + +# Configure System notifications + + +**You will need Superuser access to change System\-wide notifications.** + + + +1. Start from the Notifications page (⚙️ **Configuration \> Notifications** in the sidebar). +2. From the Scope drop down menu, you can select which set of notifications you wish to edit. +3. Select System Notifications. +4. Check the notification delivery method which you wish to use for each type of notification. You can select more than one. + + +![Notification settings](https://defectdojo-inc.intercom-attachments-7.com/i/o/962171756/781c4e9d72e150ca150c066c/ZN3QFH1kLyi6ZXc_feqlHTLCYtuRK02DrsKY-JkZtNPWJxmFdu-Xhb-pn4XDs2Bxv5PfNSo77Mtqz58wAV1I99qicz3N0j0VVw3kAHa57uuiU245OnLvu3HG2jQMKrdW0Iq9j6xCKigG5iJpLzDNLHo?expires=1729720800&signature=ad0e4b39f6c3a1186f0b5f2b147bb12dc709a56b134482d05751b6a636523e85&req=fSYlF85%2FmoRZFb4f3HP0gLdWfg0nBIZI5mYeAe%2Bou5OYadwX2Iohcq%2F7%2Fgw4%0AW4s%3D%0A) + +# Configure Personal notifications + + +Personal Notifications are sent in addition to System\-Wide Notifications, and will apply to any Product, Product Type or other data type that you have access to. Personal Notification preferences only apply to a single user, and can only be set on the account which is configuring them. + + + +1. Start from the Notifications page (⚙️**Configuration \> Notifications** in the sidebar). +2. From the **Scope** drop down menu, you can select which set of notifications you wish to edit. +3. Select Personal Notifications. +4. Check the notification method which you wish to use for each type of notification. You can select more than one. + +Personal Notifications cannot be sent via Microsoft Teams, as Teams only allows for posting Global notifications in a single channel. + + + + +## Receive Personal notifications for a specific Product + + +In addition to standard personal notifications, DefectDojo Users can also receive notifications for activity on a specific Product. This is helpful when there are certain Products which a user needs to monitor more closely. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962171765/a70a5c32dfb0eece12ea1962/71DyfI6Gc9rdYlVWaTsa12sUFML215k-VEm2_QVZBXS_1s7l2uKykDTEVAqqzZ7EELeP9ERRfpajZnBrXl95b3QX423EbDvg-DnbdKW0QwSvgBB3fmXZOti1KtDqQBLNa8eHmnBCGVb940ZF38saTZQ?expires=1729720800&signature=cf613e2a0b6168a2ad3ae909d978a357588f198499a8d92724dbb13a573adfb4&req=fSYlF85%2FmodaFb4f3HP0gDl17An72KnPVmRLq%2FLdfPhoV3aySF8a%2BS9q9W3b%0Ajag%3D%0A) +This configuration can be changed from the **Notifications** section on the **Product** page: e.g. **your\-instance.defectdojo.com/product/{id}**. + + + +From here, you can set whether you want to receive **🔔 Alert**, **Mail** or **Slack** notifications for actions taken on this particular Product. These notifications apply in addition to any system\-wide notifications you are already receiving. + + + +Microsoft Teams cannot send personal notifications of any kind, so Teams notifications cannot be chosen from this menu. + diff --git a/docs/content/en/notifications/Configure a Microsoft Teams Integration.md b/docs/content/en/notifications/Configure a Microsoft Teams Integration.md new file mode 100644 index 0000000000..e0aa271d76 --- /dev/null +++ b/docs/content/en/notifications/Configure a Microsoft Teams Integration.md @@ -0,0 +1,32 @@ +--- +title: "Configure a Microsoft Teams Integration" +description: "Set up Microsoft Teams to receive notifications" +--- + +**You will need Superuser access to use the System Settings page, which is required to complete this process.** + + + +Like with Slack, Microsoft Teams can receive notifications to a specific channel. To do this, you will need to **set up an incoming webhook** on the channel where you wish to receive messages. + + + +1. Complete the process listed in the **[Microsoft Teams Documentation](https://learn.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook?tabs=dotnet)** for creating a new Incoming Webhook. Keep your unique webhook.office.com link handy as you will need it in subsequent steps. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962180558/8d817d194ca71a420ec7f194/6Iw6VyzxVrgYJmEKYZ5gvkZgNbz5H5A5VzC41oeyNeLTkY3h24xjx-IlfhjQBJbbKtF9SdMp4VlL968WZ4BAs2FNCKABVvqKN6H7ysiFkIrAWll4CTZrYCzSvs0gJg4jFrWtWVDMQozMB5BTv-uE-5Y?expires=1729720800&signature=e8830debf4a2ce0cfe37bbd0db34f2546a384cc2d1cdb7da74a626a6d179d19b&req=fSYlF8F%2BmIRXFb4f3HP0gPLFIDf%2BmJ2lTnC0cGqSE%2BrN2f0NGLhZCqcGa4go%0AkPo%3D%0A) +2. In DefectDojo, navigate to **Configuration \> System Settings** from the sidebar. +3. Check the **Enable Microsoft Teams notifications** box. This will open a hidden section of the form, labeled **‘Msteams ur**l’. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962180570/66d613918362dd0e07f3cf34/K0Fx__nnRpEPf01jo0QQjOOeIo8wBFOew5ZbA4S3SE7loW1qfS9YxvUlS2f2OF1E52SgPiefP3eozh7Rmpee_f5AjS8sBrIHHYSpAYl7h0dUNPn6i89k48ulQk8eSl28q3S_kK7KafjZMJ2VRu7A_PM?expires=1729720800&signature=45dfcd45785169b13d866c71902efbadf0d6752e4992e5fc0af58e3f4ee7682b&req=fSYlF8F%2BmIZfFb4f3HP0gBC6zfYgJ9CJ7kYYs0o3vgn66vKuoG2LaE7wC0J2%0AdS4%3D%0A) +4. Paste the webhook.office.com URL (created in Step 1\) in the **Msteams url** box. Your Teams app will now listen to incoming Notifications from DefectDojo and post them to the channel you selected. + + +## Notes on the Teams integration + + +* Slack cannot apply any RBAC rules to the Teams channel that you are creating, and will therefore be sharing notifications for the entire DefectDojo system. There is no method in DefectDojo to filter system\-wide Teams notifications by a Product Type, Product or Engagement. +* DefectDojo cannot send personal notifications to users on Microsoft Teams. diff --git a/docs/content/en/notifications/Configure a Slack Integration.md b/docs/content/en/notifications/Configure a Slack Integration.md new file mode 100644 index 0000000000..21ef46075f --- /dev/null +++ b/docs/content/en/notifications/Configure a Slack Integration.md @@ -0,0 +1,135 @@ +--- +title: "Configure a Slack Integration" +description: "Set up Slack to receive notifications from DefectDojo" +--- + +DefectDojo can post Slack notifications in two different ways: + + +* System\-wide notifications, which will be sent to a single Slack channel +* Personal notifications, which will only be sent to specific users. + +Here is an example of a Slack Notification sent from DefectDojo: +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962178718/43edf527dd90ff3cdb9091d2/R4qt835O2gUnuDNS77H-7sIbmyOMPUy4V5H74MtLMGA9bQsINUdNYvzQTSkf1HQqvUfGHpCU3Qv0xIqkjqD3rlAMvoPleJv6RzZMzVSQRbQT5byXCezD_Sa-NzHQvpGu6ul7KAi_79io_HMfTPLLcL4?expires=1729720800&signature=cb78397a3593ea0ea17310b2aa4fc2a975cffcd207e869bfdf53b64fd55c793d&req=fSYlF852moBXFb4f3HP0gN2UAA5Sb1IfVjD8vnOmZttQHSPf7f6HcXfGzZbM%0AeFM%3D%0A) + +DefectDojo does not have a dedicated Slack app, but one can be easily created for your workspace by following this guide. A Slack app is required for both System and Personal notifications to be sent correctly. + + + + +## Create a Slack application + + +To set up a Slack connection to DefectDojo, you’ll need to create a custom Slack app. + + +1. Begin this process from the Slack Apps page: . +2. Click ‘**Create New App**’. +3. Select ‘**From App Manifest**’. +4. Select your Slack workspace from the menu. +5. Enter your App Manifest \- you can copy and paste this JSON file, which includes all the permission settings required to allow the Slack integration to run. +​ + + +``` +{ + "_metadata": { + "major_version": 1, + "minor_version": 1 + }, + "display_information": { + "name": "DefectDojo", + "description": "Notifications from DefectDojo. See https://support.defectdojo.com/en/articles/8863522-configure-slack for configuration steps.", + "background_color": "#0000AA" + }, + "features": { + "bot_user": { + "display_name": "DefectDojo Notifications" + } + }, + "oauth_config": { + "scopes": { + "bot": [ + "chat:write", + "chat:write.customize", + "chat:write.public", + "incoming-webhook", + "users:read", + "users:read.email" + ] + }, + "redirect_urls": [ + "https://slack.com/oauth/v2/authorize" + ] + } + } +``` + + +Review the App Summary, and click Create App when you’re done. Complete the installation by clicking the **Install To Workplace** button. + + + + +## Configure your Slack integration in DefectDojo + + +You’ll now need to configure the Slack integration on DefectDojo to complete the integration. + + + +**You will need Superuser access to access DefectDojo's System Settings page.** + + + +1. Navigate to the App Information page for your Slack App, from . This will be the app that was created in the first section \- **Create a Slack application**. +​ +2. Find your OAuth Access Token. This can be found in the Slack sidebar \- **Features / OAuth \& Permissions**. Copy the **Bot User OAuth Token. +​** + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962178744/a59023b7d47dedbcbb7cd3d4/na4CvmsQk_CMrPS2ZvVvVebWIjUkx9GE7NntAIC7Wb1u5vuHByReMjwuYNIekAZIL-tFkYZ9g7c2OS2sP-p9DAUSHlFsE_kkojG5QvjZ1iLO4GYWUa_ZUox2v7yCFNHu46cZyJLAeuC00CogZxsszq4?expires=1729720800&signature=97966950516e644f0268e0286c505926b19b66fa2f719ef53a279a73bd34e7f5&req=fSYlF852moVbFb4f3HP0gOK4lfqm2vEPAzPt%2FdIJ5HOzq9vFYtr%2BpYja6TZI%0A6R8%3D%0A) +3. Open DefectDojo in a new tab, and navigate to **Configuration \> System Settings** from the sidebar. +4. Check the **Enable Slack notifications** box. +5. Paste the **Bot User OAuth Token** from Step 1 in the **Slack token** field. +6. The **Slack Channel** field should correspond to the channel in your workspace where you want your notifications to be written by a DefectDojo bot. +7. If you want to change the name of the DefectDojo bot, you can enter a custom name here. If not, it will use **DefectDojo Notifications** as determined in the Slack App Manifest. + +Once this process is complete, DefectDojo can send System\-wide notifications to this channel. Select the Notifications which you want to send from the [System Notifications page](https://support.defectdojo.com/en/articles/8944889-defectdojo-notifications#h_225047bdae). + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962178761/a5f24f6490b1a043a188441c/R4qt835O2gUnuDNS77H-7sIbmyOMPUy4V5H74MtLMGA9bQsINUdNYvzQTSkf1HQqvUfGHpCU3Qv0xIqkjqD3rlAMvoPleJv6RzZMzVSQRbQT5byXCezD_Sa-NzHQvpGu6ul7KAi_79io_HMfTPLLcL4?expires=1729720800&signature=d43c41e2c6db5c91e49f9c56cbfd21b97e7d84003c3523e65ea07d6d8c154d93&req=fSYlF852modeFb4f3HP0gCrJC5g33foXGAruLI5W3hglBldbY7jvtb8I8wvC%0AwQ0%3D%0A) + +## Notes on System\-Wide Notifications in Slack**:** + + +Slack cannot apply any RBAC rules to the Slack channel that you are creating, and will therefore be sharing notifications for the entire DefectDojo system. There is no method in DefectDojo to filter system\-wide Slack notifications to a Product Type, Product or Engagement. + + + +If you want to apply RBAC\-based filtering to your Slack messages, enabling personal notifications from Slack is a better option. + + + + +## Send Personal notifications to Slack + + +If your team has a Slack integration enabled (through the above process), individual users can also configure notifications to send directly to your personal Slackbot channel. + + +1. Start by navigating to your personal Profile page on DefectDojo. Find this by clicking the 👤 **icon** in the top\-right corner. Select your DefectDojo Username from the list. (👤 **paul** in our example) +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962178777/e91b86cd53793fdfd1b9e9e5/P8dPmKcDtxlXDUHl0gndW0vV_7yYSYczHwF2YkB7Q_xBIvww8ezjJfvu9FIY-4AJn7LWHHZRNY285MmC-5jHQmbwd2O251o_0iOVIbJ_BTnErP4gH_9kfV1Jz1CGtBVqDe9lnIGxbqErHGvnElDvekM?expires=1729720800&signature=69aaeabbb05167d590c91797a44a3e204bd8053091482f9d3b969bf2e1db68ec&req=fSYlF852moZYFb4f3HP0gLhK3cg%2BSrGOEvpkHTnb%2BmHfKk8Tj4wCUH9CmhTy%0AfqI%3D%0A) +2. Set your **Slack Email Address** in the menu. This field is nested underneath **Additional Contact Information** in DefectDojo. + + +You can now [set specific notifications](https://support.defectdojo.com/en/articles/8944889-defectdojo-notifications) to be sent to your personal Slackbot channel. Other users on your Slack channel will not receive these messages. + + diff --git a/docs/content/en/notifications/_index.md b/docs/content/en/notifications/_index.md new file mode 100644 index 0000000000..1507dc4798 --- /dev/null +++ b/docs/content/en/notifications/_index.md @@ -0,0 +1,17 @@ +--- +title: "Set Up Notifications" +description: "Configure your DefectDojo in-app, email and other notifications" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 8 +chapter: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +--- \ No newline at end of file diff --git a/docs/content/en/open_source/_index.md b/docs/content/en/open_source/_index.md new file mode 100644 index 0000000000..2cc62b8933 --- /dev/null +++ b/docs/content/en/open_source/_index.md @@ -0,0 +1,17 @@ +--- +title: "Open Source DefectDojo" +description: "" +summary: "" +date: 2023-09-07T16:12:03+02:00 +lastmod: 2023-09-07T16:12:03+02:00 +draft: false +weight: 999 +toc: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +--- \ No newline at end of file diff --git a/docs/content/en/open_source/archived_docs/_index.md b/docs/content/en/open_source/archived_docs/_index.md new file mode 100644 index 0000000000..3bb9cf55b7 --- /dev/null +++ b/docs/content/en/open_source/archived_docs/_index.md @@ -0,0 +1,17 @@ +--- +title: "Archived Documentation" +description: "" +summary: "" +date: 2023-09-07T16:12:03+02:00 +lastmod: 2023-09-07T16:12:03+02:00 +draft: false +weight: 999 +toc: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +--- \ No newline at end of file diff --git a/docs/content/en/integrations/burp-plugin.md b/docs/content/en/open_source/archived_docs/burp-plugin.md similarity index 95% rename from docs/content/en/integrations/burp-plugin.md rename to docs/content/en/open_source/archived_docs/burp-plugin.md index ab3285ceda..c01fd3a917 100644 --- a/docs/content/en/integrations/burp-plugin.md +++ b/docs/content/en/open_source/archived_docs/burp-plugin.md @@ -26,4 +26,4 @@ you will need to do the following : Usage ----- -![image](../../images/burp_plugin_usage.gif) +![image](images/burp_plugin_usage.gif) diff --git a/docs/content/en/integrations/google-sheets-sync.md b/docs/content/en/open_source/archived_docs/google-sheets-sync.md similarity index 93% rename from docs/content/en/integrations/google-sheets-sync.md rename to docs/content/en/open_source/archived_docs/google-sheets-sync.md index 456a694fc6..f8797ec27f 100644 --- a/docs/content/en/integrations/google-sheets-sync.md +++ b/docs/content/en/open_source/archived_docs/google-sheets-sync.md @@ -56,7 +56,7 @@ Configurations in DefectDojo 2. Click \'Google Sheets Sync\'. 3. Fill the form. - ![Google Sheets Sync Configuration Page](../../images/google_sheets_sync_1.png) + ![Google Sheets Sync Configuration Page](images/google_sheets_sync_1.png) * Upload the downloaded json file into the **Upload Credentials file** field. @@ -71,7 +71,7 @@ Configurations in DefectDojo * Extract the folder id from the URL and insert it as the **Drive Folder Id**: - ![Extracting Drive Folder ID](../../images/google_sheets_sync_2.png) + ![Extracting Drive Folder ID](images/google_sheets_sync_2.png) * Tick the **Enable Service** check box. (**Optional** as this has no impact on the configuration, but you must set it to @@ -104,11 +104,11 @@ interface displayed will be different. If a Google Spreadsheet does not exist for the Test: -![Create Google Sheet Button](../../images/google_sheets_sync_3.png) +![Create Google Sheet Button](images/google_sheets_sync_3.png) If a Google Spreadsheet is already created for the Test: -![Sync Google Sheet Button](../../images/google_sheets_sync_4.png) +![Sync Google Sheet Button](images/google_sheets_sync_4.png) After creating a Google Spreadsheet, users can review and edit Finding details using the Google Sheet. If any change is done in the Google diff --git a/docs/content/en/integrations/importing.md b/docs/content/en/open_source/archived_docs/importing.md similarity index 96% rename from docs/content/en/integrations/importing.md rename to docs/content/en/open_source/archived_docs/importing.md index 127f642932..07ab978390 100644 --- a/docs/content/en/integrations/importing.md +++ b/docs/content/en/open_source/archived_docs/importing.md @@ -11,7 +11,7 @@ The importers analyze each report and create new Findings for each item reported. DefectDojo collapses duplicate Findings by capturing the individual hosts vulnerable. -![Import Form](../../images/imp_1.png) +![Import Form](images/imp_1.png) This approach will create a new Test for each upload. This can result in a lot of findings. If deduplication is enabled, new Findings that are identical to existing Findings get marked as a duplicate. @@ -20,21 +20,21 @@ This approach will create a new Test for each upload. This can result in a lot o Additionally, DefectDojo allows for re-imports of previously uploaded reports. This greatly reduces the amount of findings as no duplicates are created for findings that already exist. -![Reimport menu](../../images/reupload_menu1.png) +![Reimport menu](images/reupload_menu1.png) DefectDojo will attempt to capture the deltas between the original and new import and automatically add or mitigate findings as appropriate. -![Re-Import Form](../../images/imp_2.png) +![Re-Import Form](images/imp_2.png) This behaviour can be controled via the `closed_old_findings` parameter on the reupload form. The history of a test will be shown with the delta's for each reimported scan report. -![Import History](../../images/import_history1.png) +![Import History](images/import_history1.png) Clicking on a reimport changset will show the affected findings, as well as a status history per finding. -![Import History details](../../images/import_history_details1.png) +![Import History details](images/import_history_details1.png) ### Triage-less scanners Some scanners might not include triage information in their reports (e.g. tfsec). They simply scan code or dependencies, flag issues, and return everything. Removing some findings requires you to add comments in your code perhaps, but there is no simple way to filter out findings from the reports. diff --git a/docs/content/en/open_source/archived_docs/integrations/_index.md b/docs/content/en/open_source/archived_docs/integrations/_index.md new file mode 100644 index 0000000000..38a96445b0 --- /dev/null +++ b/docs/content/en/open_source/archived_docs/integrations/_index.md @@ -0,0 +1,13 @@ +--- +title: "Integrations" +description: "A lot of integrations help to fit DefectDojo in your environment" +weight: 3 +toc: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +--- diff --git a/docs/content/en/integrations/social-authentication.md b/docs/content/en/open_source/archived_docs/integrations/social-authentication.md similarity index 94% rename from docs/content/en/integrations/social-authentication.md rename to docs/content/en/open_source/archived_docs/integrations/social-authentication.md index ebf2a6b0c8..97d052d4fa 100644 --- a/docs/content/en/integrations/social-authentication.md +++ b/docs/content/en/open_source/archived_docs/integrations/social-authentication.md @@ -20,7 +20,7 @@ leverage Auth0 to authenticate users on DefectDojo. - Domain - Client ID - Client Secret -4. Now, edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following +4. Now, edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following information: {{< highlight python >}} @@ -52,12 +52,12 @@ to be created. Closely follow the steps below to guarantee success. on the left side of the screen. Click **Create Credentials**, and choose **OAuth Client ID**: - ![image](../../images/google_1.png) + ![image](images/google_1.png) 3. Select **Web Applications**, and provide a descriptive name for the client. - ![image](../../images/google_2.png) + ![image](images/google_2.png) 4. Add the pictured URLs in the **Authorized Redirect URLs** section. This part is very important. If there are any mistakes here, the @@ -69,9 +69,9 @@ to be created. Closely follow the steps below to guarantee success. **Client Secret Key** need to be copied over to the settings. Click the newly created client and copy the values: - ![image](../../images/google_3.png) + ![image](images/google_3.png) -7. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following +7. Edit the settings (see [Configuration](../../os_getting_started/configuration) with the following information: {{< highlight python >}} @@ -103,33 +103,33 @@ carries the same attributes and a similar procedure. Follow along below. 2. Once logged in, enter the **Applications** and click **Add Application**: - ![image](../../images/okta_1.png) + ![image](images/okta_1.png) 3. Select **Web Applications**. - ![image](../../images/okta_2.png) + ![image](images/okta_2.png) 4. Add the pictured URLs in the **Login Redirect URLs** section. This part is very important. If there are any mistakes here, the authentication client will not authorize the request, and deny access. Check the **Implicit** box as well. - ![image](../../images/okta_3.png) + ![image](images/okta_3.png) 5. Once all URLs are added, finish by clicking **Done**. 6. Return to the **Dashboard** to find the **Org-URL**. Note this value as it will be important in the settings file. - ![image](../../images/okta_4.png) + ![image](images/okta_4.png) 7. Now, with the authentication client created, the **Client ID** and **Client Secret** Key need to be copied over to the settings. Click the newly created client and copy the values: - ![image](../../images/okta_5.png) + ![image](images/okta_5.png) -8. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following +8. Edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following information: {{< highlight python >}} @@ -177,7 +177,7 @@ user, such as 'superuser'. - **OR** - **https://the_hostname_you_have_dojo_deployed:your_server_port/complete/azuread-tenant-oauth2/** -4. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following +4. Edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following information: {{< highlight python >}} @@ -244,7 +244,7 @@ Follow along below. - **https://the_hostname_you_have_dojo_deployed:your_server_port/complete/gitlab/** -4. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following +4. Edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following information: {{< highlight python >}} @@ -295,7 +295,7 @@ Here are suggestion on how to configure Keycloak and DefectDojo: and look up your authorization and token endpoint (use them below) ### Configure Defect Dojo -Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following +Edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following information: {{< highlight python >}} @@ -332,7 +332,7 @@ Optionally, you *can* set `DD_SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT` in order t 3. For the Redirect URI, enter the DefectDojo URL with the following format - **https://the_hostname_you_have_dojo_deployed:your_server_port/complete/github-enterprise/** -4. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following +4. Edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following information: {{< highlight python >}} DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY=(str, 'GitHub Enterprise OAuth App Client ID'), @@ -350,7 +350,7 @@ perogative to SSO. For definitions of terms used and more information, see the plugin [plugin homepage](https://github.com/IdentityPython/djangosaml2). 1. Navigate to your SAML IdP and find your metadata -2. Edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) with the following +2. Edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following information: {{< highlight python >}} diff --git a/docs/content/en/integrations/source-code-repositories.md b/docs/content/en/open_source/archived_docs/integrations/source-code-repositories.md similarity index 80% rename from docs/content/en/integrations/source-code-repositories.md rename to docs/content/en/open_source/archived_docs/integrations/source-code-repositories.md index 743ec6b427..1622779bf6 100644 --- a/docs/content/en/integrations/source-code-repositories.md +++ b/docs/content/en/open_source/archived_docs/integrations/source-code-repositories.md @@ -13,13 +13,13 @@ Findings can have a filepath and a line number as the location of the vulnerabil While editing the Engagement, users can set the URL of the specific SCM repo. For Interactive Engagement it needs to be the URL including the branch: - for GitHub - like https://github.com/DefectDojo/django-DefectDojo/tree/dev -![Edit Engagement (GitHub)](../../images/source-code-repositories_1.png) +![Edit Engagement (GitHub)](images/source-code-repositories_1.png) - for GitLab - like https://gitlab.com/gitlab-org/gitlab/-/tree/master -![Edit Engagement (Gitlab)](../../images/source-code-repositories-gitlab_1.png) +![Edit Engagement (Gitlab)](images/source-code-repositories-gitlab_1.png) - for public BitBucket - like (like git clone url) -![Edit Engagement (Bitbucket public)](../../images/source-code-repositories-bitbucket_1.png) +![Edit Engagement (Bitbucket public)](images/source-code-repositories-bitbucket_1.png) - for standalone/onpremise BitBucket https://bb.example.com/scm/some-project/some-repo.git or https://bb.example.com/scm/some-user-name/some-repo.git for user public repo (like git clone url) -![Edit Engagement (Bitbucket standalone)](../../images/source-code-repositories-bitbucket-onpremise_1.png) +![Edit Engagement (Bitbucket standalone)](images/source-code-repositories-bitbucket-onpremise_1.png) For CI/CD Engagement, where user could set commit hash, branch/tag and code line it should look like examples below: - for GitHub - like https://github.com/DefectDojo/django-DefectDojo @@ -33,11 +33,11 @@ SCM navigation URL is composed from Repo URL using SCM Type. Github/Gitlab SCM t Product custom fields: -![Product custom fields](../../images/product-custom-fields_1.png) +![Product custom fields](images/product-custom-fields_1.png) Product SCM type add: -![Product scm type](../../images/product-scm-type_1.png) +![Product scm type](images/product-scm-type_1.png) Possible SCM types could be 'github', 'gitlab', 'bitbucket', 'bitbucket-standalone', 'gitea', 'codeberg' or nothing (for default github). @@ -46,8 +46,8 @@ Possible SCM types could be 'github', 'gitlab', 'bitbucket', 'bitbucket-standalo When viewing a finding, the location will be presented as a link, if the repository of the source code has been set in the Engagement: -![Link to location](../../images/source-code-repositories_2.png) +![Link to location](images/source-code-repositories_2.png) Clicking on this link will open a new tab in the browser, with the source file of the vulnerability at the corresponding line number: -![View in repository](../../images/source-code-repositories_3.png) +![View in repository](images/source-code-repositories_3.png) diff --git a/docs/content/en/integrations/jira.md b/docs/content/en/open_source/archived_docs/jira.md similarity index 99% rename from docs/content/en/integrations/jira.md rename to docs/content/en/open_source/archived_docs/jira.md index b6bc83fe20..b2dacc4365 100644 --- a/docs/content/en/integrations/jira.md +++ b/docs/content/en/open_source/archived_docs/jira.md @@ -103,7 +103,7 @@ By default Defect Dojo uses the `dojo/templates/issue-trackers/jira_full/jira-de This file can be modified to your needs, rebuild all containers afterwards. There's also a more limited template available, which can be chosen when configuring a JIRA Instance or JIRA Project for a Product or Engagement: -![image](../../images/jira_issue_templates.png) +![image](images/jira_issue_templates.png) Any folder added to `dojo/templates/issue-trackers/` will be added to the dropdown (after rebuilding/restarting the containers). diff --git a/docs/content/en/integrations/notifications.md b/docs/content/en/open_source/archived_docs/notifications.md similarity index 94% rename from docs/content/en/integrations/notifications.md rename to docs/content/en/open_source/archived_docs/notifications.md index 803388797c..de1d617539 100644 --- a/docs/content/en/integrations/notifications.md +++ b/docs/content/en/open_source/archived_docs/notifications.md @@ -7,7 +7,7 @@ weight: 6 ## Notifications -![Notification settings](../../images/notifications_1.png) +![Notification settings](images/notifications_1.png) DefectDojo can inform you of different events in a variety of ways. You can be notified about things like an upcoming engagement, when someone @@ -91,19 +91,19 @@ Choose the channel where you want to post Global notifications during the 'Creat The following scopes have to be granted to your Slack App. If the App was created from the JSON Manifest above, these permission scopes will already be set correctly. -![Slack OAuth scopes](../../images/slack_scopes.png) +![Slack OAuth scopes](images/slack_scopes.png) #### Token The Slack Bot Token needs to be pasted in the DefectDojo System Settings, nested underneath the 'Enable slack notifications' checkbox. This token can be found in the Features / OAuth & Permissions section on the Slack App settings. -![Slack token](../../images/slack_tokens.png) +![Slack token](images/slack_tokens.png) #### Examples of Slack notifications -![Add Product](../../images/slack_add_product.png) +![Add Product](images/slack_add_product.png) -![Import Scan](../../images/slack_import_scan.png) +![Import Scan](images/slack_import_scan.png) ### Microsoft Teams diff --git a/docs/content/en/usage/_index.md b/docs/content/en/open_source/archived_docs/usage/_index.md similarity index 79% rename from docs/content/en/usage/_index.md rename to docs/content/en/open_source/archived_docs/usage/_index.md index f52244bf4f..a07aee8157 100644 --- a/docs/content/en/usage/_index.md +++ b/docs/content/en/open_source/archived_docs/usage/_index.md @@ -3,4 +3,6 @@ title: "Usage" description: "How to use DefectDojo to manage vulnerabilities" weight: 2 chapter: true +sidebar: + collapsed: true --- diff --git a/docs/content/en/usage/features.md b/docs/content/en/open_source/archived_docs/usage/features.md similarity index 92% rename from docs/content/en/usage/features.md rename to docs/content/en/open_source/archived_docs/usage/features.md index 7fad563b13..c026a2f3a1 100644 --- a/docs/content/en/usage/features.md +++ b/docs/content/en/open_source/archived_docs/usage/features.md @@ -14,7 +14,7 @@ digestible chunks. Here is an example with a product with two tags and four findings each with a single tag -![High level example of usage with tags](../../images/tags-high-level-example.png) +![High level example of usage with tags](images/tags-high-level-example.png) #### Format of tag @@ -38,7 +38,7 @@ Tags can be managed in the following ways auto completion to make searching and adding existing tags a breeze. Here is what the field looks like on the product from the screenshot in the previous section: - ![Tag management on an object](../../images/tags-management-on-object.png) + ![Tag management on an object](images/tags-management-on-object.png) 2. Import and Reimport @@ -57,25 +57,25 @@ Tags can be managed in the following ways In the following example, lets say I want to update the tags of the two findings with the tag "tag-group-alpha" to be a new tag list like this ["tag-group-charlie", "tag-group-delta"]. First I would select the tags to be updated: - ![Select findings for bulk edit tag update](../../images/tags-select-findings-for-bulk-edit.png) + ![Select findings for bulk edit tag update](images/tags-select-findings-for-bulk-edit.png) Once a finding is selected, a new button appears with the name "Bulk Edit". Clicking this button produces a dropdown menu with many options, but the focus is just on tags for now. Update the field to have the desired tag list as follows, and click submit - ![Apply changes for bulk edit tag update](../../images/tags-bulk-edit-submit.png) + ![Apply changes for bulk edit tag update](images/tags-bulk-edit-submit.png) The tags on the selected Findings will be updated to whatever was specified in the tags field within the bulk edit menu - ![Completed bulk edit tag update](../../images/tags-bulk-edit-complete.png) + ![Completed bulk edit tag update](images/tags-bulk-edit-complete.png) ### Filtering Tags can be filtered in many ways through both the UI and the API. For example, here is a snippet of the Finding filters: -![Snippet of the finding filters](../../images/tags-finding-filter-snippet.png) +![Snippet of the finding filters](images/tags-finding-filter-snippet.png) There are ten fields related to tags: @@ -144,7 +144,7 @@ is disabled. The only exception to that rule being inherited tags as they cannot be removed from an object. See the following example of adding a tag "test_only_tag" to the Test object and a tag "engagement_only_tag" to the Engagement. -![Example of inherited tags](../../images/tags-inherit-exmaple.png) +![Example of inherited tags](images/tags-inherit-exmaple.png) When updates are made to the tag list on a product, the same changes are made to all objects within the product asynchronously. The duration of this task directly correlates @@ -159,21 +159,21 @@ finding \'status\' can be change to \'accepted\' by doing the following: Finding are accepted in the engagement view. To locate the engagement from the finding click the link to engagement as shown below. -![Select an engagement](../../images/select_engagement.png) +![Select an engagement](images/select_engagement.png) Then, in the engagement view click the plus icon in the \'Risk Acceptance\' box and fill in the details to support the risk acceptance. -![Creating a risk acceptance](../../images/risk_exception.png) +![Creating a risk acceptance](images/risk_exception.png) The engagement view is now updated with the risk. -![Risk Acceptance engagement view](../../images/engagement_risk_acceptance.png) +![Risk Acceptance engagement view](images/engagement_risk_acceptance.png) The finding status changes to \'Accepted\' with a link to the risk acceptance. -![Risk acceptance on finding](../../images/finding_accepted.png) +![Risk acceptance on finding](images/finding_accepted.png) ## Deduplication Deduplication is a feature that when enabled will compare @@ -182,7 +182,7 @@ deduplication is enabled, a list of deduplicated findings is added to the engagement view. The following image illustrates the option deduplication on engagement and deduplication on product level: -![Deduplication on product and engagement level](../../images/deduplication.png) +![Deduplication on product and engagement level](images/deduplication.png) Upon saving a finding, DefectDojo will look at the other findings in the product or the engagement (depending on the configuration) to find @@ -402,9 +402,9 @@ details about the deduplication process : switch Similar Findings Visualization: -![Similar findings list](../../images/similar_finding_1.png) +![Similar findings list](images/similar_finding_1.png) -![Similar findings list with a duplicate](../../images/similar_finding_2.png) +![Similar findings list with a duplicate](images/similar_finding_2.png) Similar Findings : While viewing a finding, similar findings within the same product @@ -427,7 +427,7 @@ To apply SLAs to Findings, open the `System Settings` page and check 'Enable Fin You will then need to create one or more SLA Configurations, from the SLA Configuration menu (your-defectdojo.com/sla_config). -![SLA configuration screen](../../images/sla_settings.png) +![SLA configuration screen](images/sla_settings.png) ### SLA notification configuration @@ -454,11 +454,9 @@ The `SLA_NOTIFY_POST_BREACH` lets you define in days how long you want to be kept notified about findings that have breached the SLA. Passed that number, notifications will cease. -{{% alert title="Warning" color="warning" %}} Be mindful of performance if you choose to have SLA notifications on non-verified findings, especially if you import a lot of findings through CI in \'active\' state. -{{% /alert %}} ### What notification channels for SLA notifications? @@ -466,7 +464,7 @@ through CI in \'active\' state. You will notice that an extra `SLA breach` option is now present on the `Notification` page and also in the `Product` view. -![SLA notification checkbox](../../images/sla_notification_product_checkboxes.png) +![SLA notification checkbox](images/sla_notification_product_checkboxes.png) ### SLA notification with JIRA @@ -490,11 +488,9 @@ modify this schedule to your context. } {{< / highlight >}} -{{% alert title="Information" color="info" %}} The celery containers are the ones concerned with this configuration. If you suspect things are not working as expected, make sure they have the latest version of your settings.py file. -{{% /alert %}} You can of course change this default by modifying that stanza. @@ -512,7 +508,7 @@ $ docker compose exec uwsgi /bin/bash -c 'python manage.py sla_notifications' ### Instant reports -![Report Listing](../../images/report_1.png) +![Report Listing](images/report_1.png) Instant reports can be generated for: @@ -527,7 +523,7 @@ Filtering is available on all report generation views to aid in focusing the rep ### Custom reports -![Report Generation](../../images/report_2.png) +![Report Generation](images/report_2.png) Custom reports, generated with the Report Builder, allow you to select specific components to be added to the report. These include: @@ -556,7 +552,7 @@ Product Type Metrics Findings, Accepted Findings, Closed Findings, Trending Open Bug Count, Trending Accepted Bug Count, and Age of Issues. - ![Product Type Metrics](../../images/met_1.png) + ![Product Type Metrics](images/met_1.png) Product Type Counts : This view provides tabular data of Total Current Security Bug Count, @@ -565,7 +561,7 @@ Product Type Counts and Open Findings. This view works great for communication with stakeholders as it is a snapshot in time of the product. - ![Product Type Counts](../../images/met_2.png) + ![Product Type Counts](images/met_2.png) Product Tag Counts : Same as above, but for a group of products sharing a tag. @@ -575,18 +571,18 @@ Simple Metrics this view is the total number of S0, S1, S2, S3, S4, Opened This Month, and Closed This Month. - ![Simple Metrics](../../images/met_3.png) + ![Simple Metrics](images/met_3.png) Engineer Metrics : Provides graphs displaying information about a tester\'s activity. - ![Simple Metrics](../../images/met_4.png) + ![Simple Metrics](images/met_4.png) Metrics Dashboard : Provides a full screen, auto scroll view with many metrics in graph format. This view is great for large displays or \"Dashboards.\" - ![Metrics Dashboard](../../images/met_5.png) + ![Metrics Dashboard](images/met_5.png) ## Users @@ -622,7 +618,7 @@ respective engagement or test view page. ## Benchmarks -![OWASP ASVS Benchmarks](../../images/owasp_asvs.png) +![OWASP ASVS Benchmarks](images/owasp_asvs.png) DefectDojo utilizes the OWASP ASVS Benchmarks to benchmark a product to ensure the product meets your application technical security controls. @@ -634,7 +630,7 @@ benchmarks select the dropdown menu from the right hand drop down menu. You will find the selection near the bottom of the menu entitled: \'OWASP ASVS v.3.1\'. -![OWASP ASVS Benchmarks Menu](../../images/owasp_asvs_menu.png) +![OWASP ASVS Benchmarks Menu](images/owasp_asvs_menu.png) In the Benchmarks view for each product, the default level is ASVS Level 1. On the top right hand side the drop down can be changed to the @@ -642,7 +638,7 @@ desired ASVS level (Level 1, Level 2 or Level 3). The publish checkbox will display the ASVS score on the product page and in the future this will be applied to reporting. -![OWASP ASVS Score](../../images/owasp_asvs_score.png) +![OWASP ASVS Score](images/owasp_asvs_score.png) On the left hand side the ASVS score is displayed with the desired score, the % of benchmarks passed to achieve the score and the total @@ -688,8 +684,8 @@ Endpoint Meta Importer can be found in the Endpoint tab when viewing a Product ## Findings Image Upload You can add images (.png, .jpeg, .gif) to your findings. In order to achieve this, you have to click on "Manage Files" within the finding: -![Manage Files](../../images/findings_manage_files.png) +![Manage Files](images/findings_manage_files.png) There, you can upload a png file to attach it to a finding: -![Upload PNG File](../../images/file_upload.png) +![Upload PNG File](images/file_upload.png) The following picture shows the result: -![Result PNG File in finding](../../images/uploaded_png_to_finding.png) +![Result PNG File in finding](images/uploaded_png_to_finding.png) diff --git a/docs/content/en/usage/models.md b/docs/content/en/open_source/archived_docs/usage/models.md similarity index 97% rename from docs/content/en/usage/models.md rename to docs/content/en/open_source/archived_docs/usage/models.md index 540e256cee..9a9e68fce3 100644 --- a/docs/content/en/usage/models.md +++ b/docs/content/en/open_source/archived_docs/usage/models.md @@ -5,7 +5,7 @@ draft: false weight: 1 --- -![Data Model](../../images/DD-Hierarchy.svg) +{{ readFile "/docs/assets/svgs/DD-Hierarchy.svg" | safeHTML }} ## Product Type diff --git a/docs/content/en/usage/permissions.md b/docs/content/en/open_source/archived_docs/usage/permissions.md similarity index 98% rename from docs/content/en/usage/permissions.md rename to docs/content/en/open_source/archived_docs/usage/permissions.md index 512484d51b..4430ad01b2 100644 --- a/docs/content/en/usage/permissions.md +++ b/docs/content/en/open_source/archived_docs/usage/permissions.md @@ -115,13 +115,11 @@ Groups can have a global role too. This global role gives all members of the gro Many configuration dialogues and API endpoints can be enabled for users or groups of users, regardless of their **superuser** status: -![Configuration permissions](../../images/configuration_permissions.png) +![Configuration permissions](images/configuration_permissions.png) 3 configurations can still only be changed by superusers: * System settings * Notifications on system level * Configuration permissions for users and groups -{{% alert title="Warning" color="warning" %}} These configuration settings are a powerful tool and should be used with great care. -{{% /alert %}} diff --git a/docs/content/en/usage/productgrading.md b/docs/content/en/open_source/archived_docs/usage/productgrading.md similarity index 100% rename from docs/content/en/usage/productgrading.md rename to docs/content/en/open_source/archived_docs/usage/productgrading.md diff --git a/docs/content/en/usage/questionnaires.md b/docs/content/en/open_source/archived_docs/usage/questionnaires.md similarity index 83% rename from docs/content/en/usage/questionnaires.md rename to docs/content/en/open_source/archived_docs/usage/questionnaires.md index 9d862e64b7..36cc7c2850 100644 --- a/docs/content/en/usage/questionnaires.md +++ b/docs/content/en/open_source/archived_docs/usage/questionnaires.md @@ -13,7 +13,7 @@ Questionnaires provide a means for collecting information from developers and re To access, create, or modify new/existing questionnaires, navigate to the _All Questionnaires_ dashboard from the sidebar. -![Questionnaires Location](../../images/questionnaires-sidebar.png) +![Questionnaires Location](images/questionnaires-sidebar.png) On the questionnaire dashboard, all existing questionnaires are displayed. To quickly find a questionnaire, the filters may be used to search for snippets within the questionnaire name and/or description, as well as by active/inactive status. @@ -21,23 +21,23 @@ When questionnaires are open for responses, they will be displayed in the _Gener To begin the process of creating a new questionnaire, select the _Create Questionnaire_ button located in the top right of the questionnaire dashboard. -![Questionnaires Home View](../../images/questionnaires-main-view.png) +![Questionnaires Home View](images/questionnaires-main-view.png) Questionnaires have a name and description, as well as an activity status, which are initially set on questionnaire creation, but can be modified in the future if necessary. Once these fields are filled in appropriately, the user can create the questionnaire without any questions (by selecting _Create Questionnaire_), or with questions (by selecting _Create Questionnaire and Add Questions_). -![Create New Questionnaire](../../images/questionnaires-create-new.png) +![Create New Questionnaire](images/questionnaires-create-new.png) To add questions to a questionnaire, select the dropdown titled _Select as many Questions as applicable_, which will open all of the existing questions within DefectDojo. Once the desired questions are selected from the list, the dropdown can be closed, and the _Update Questionnaire Questions_ can be selected to save the newly created questionnaire. _Note_: New questions may also be added at the time of questionnaire creation by selecting the plus located next to the questions dropdown. -![Select Questions](../../images/questionnaires-select-questions.png) +![Select Questions](images/questionnaires-select-questions.png) ## Creating New Questions The questions dashboard displays all of the questions that may exist as part of questionnaires within DefectDojo. Similar to questionnaires, to quickly find a question, the filters may be used to search for optional status, or snippets within the question name and/or description. Two types of questions exist within DefectDojo questionnaires: _Text Questions_ and _Multiple Choice Questions_. To add a new question, select the _Create Question_ button located in the top right of the questions dashboard. -![Questionnaire Questions](../../images/questionnaires-questions.png) +![Questionnaire Questions](images/questionnaires-questions.png) #### Adding Text Questions @@ -47,7 +47,7 @@ To add a text question (open-ended), fill out the add question form, where: - **Optional** - When the optional box is checked, a question will not be required in a questionnaire. - **Question Text** - The text that is displayed to prompt a user for their answer (e.g. What is your favorite color?). -![Add Text Answer Question](../../images/questionnaires-open-ended.png) +![Add Text Answer Question](images/questionnaires-open-ended.png) #### Adding Multiple Choice Questions @@ -58,23 +58,23 @@ Similar to the process of adding a text question, choice questions (non-open-end - **Multichoice** - When the multichoice box is checked, multiple choices from the list of choices may be selected by the user. - **Answer Choices** - The possible answer choices that may be selected by a user. -![Add Multiple Choice Question](../../images/questionnaires-multiple-choice.png) +![Add Multiple Choice Question](images/questionnaires-multiple-choice.png) ## Publishing a Questionnaire Once a questionnaire has been successfully created, it can be published to accept responses. To publish a questionnaire, select the plus located to the right of _General Questionnaires_. -![Add General Questionnaire](../../images/questionnaires-main-view.png) +![Add General Questionnaire](images/questionnaires-main-view.png) This will prompt for a specific questionnaire to be selected, as well as a date the questionnaire response window should close. The response window sets a due date for recipients. Once these two options have been selected, publish the questionnaire by selecting _Add Questionnaire_. -![Publicize Questionnaire](../../images/questionnaires-publicize.png) +![Publicize Questionnaire](images/questionnaires-publicize.png) Once a questionnaire is published, a link to share it can be retrieved by selecting the _Share Questionnaire_ action. To ensure the newly created questionnaire has been constructed as expected, open the share link and view the newly created questionnaire. -![Share Questionnaire Link](../../images/questionnaires-share.png) +![Share Questionnaire Link](images/questionnaires-share.png) -![Responding to Questionnaires](../../images/questionnaires-respond.png) +![Responding to Questionnaires](images/questionnaires-respond.png) ## Unassigned Questionnaires @@ -82,44 +82,44 @@ When a questionnaire's response window has closed, all of the responses will be There are three actions that may be taken when a questionnaire's response window has closed: _View Responses_, _Create Engagement_, and _Assign User_. -![Unnasigned Questionnaires](../../images/questionnaires-unassigned.png) +![Unnasigned Questionnaires](images/questionnaires-unassigned.png) #### View Questionnaire Responses To view the questionnaire responses, select the _View Responses_ action. All of the responses from the questionnaire will be displayed. -![View Questionnaire Responses](../../images/questionnaires-view-responses.png) +![View Questionnaire Responses](images/questionnaires-view-responses.png) #### Create an Engagement From a Questionnaire To link the questionnaire to a product via an engagement, select the _Create Engagement_ action. Once a product is selected from the dropdown, select _Create Engagement_. This will link the questionnaire results with a new engagement under the selected product, which can then be given specific details similar to other engagements in DefectDojo, such as _Description_, _Version_, _Status_, _Tags_, etc. -![Link Questionnaire to Engagement](../../images/questionnaires-new-engagement.png) +![Link Questionnaire to Engagement](images/questionnaires-new-engagement.png) -![New Engagement for Questionnaire](../../images/questionnaires-create-engagement.png) +![New Engagement for Questionnaire](images/questionnaires-create-engagement.png) To view a questionnaire at the engagement level, navigate to the engagement linked with the desired questionnaire. Expand the _Additional Features_ menu to reveal a _Questionnaires_ dropdown, which will contain all of the linked questionnaires. -![View Questionnaire from Engagement](../../images/questionnaires-view-questionnaire.png) +![View Questionnaire from Engagement](images/questionnaires-view-questionnaire.png) #### Assign a Questionnaire to a User To assign a questionnaire to a user, select the _Assign User_ action. This will prompt for a user to be selected from the dropdown of available users. Once a user is selected, assign the questionnaire to the specified user by selecting _Assign Questionnaire_. -![Assign Questionnaire to User](../../images/questionnaires-assign-user.png) +![Assign Questionnaire to User](images/questionnaires-assign-user.png) ## Creating Questionnaires From Engagements While questionnaires are commonly created from the questionnaire dashboard, they can also be created at the engagement level. To create a new questionnaire from within an engagement, expand the _Additional Features_ dropdown to reveal the _Questionnaires_ dropdown. In the right side header of the _Questionnaires_ dropdown, select the plus to link a new questionnaire. -![New Questionnaire from Engagement](../../images/questionnaires-add-from-engagement.png) +![New Questionnaire from Engagement](images/questionnaires-add-from-engagement.png) Once prompted, select a questionnaire from the available surveys list to link it with the engagement. If the user wishes to leave a response at the time of linking the questionnaire with the engagement, the _Add Questionnaire and Repond_ option may be selected. To simply link the questionnaire with the engagement, select _Add Questionnaire_. -![Select Questionnaire from Engagement](../../images/questionnaires-select-survey.png) +![Select Questionnaire from Engagement](images/questionnaires-select-survey.png) ## Anonymous Questionnaires Questionnaires, by default, are only accessible by DefectDojo users. To allow outside responses to DefectDojo questionnaires, ensure the _Allow Anonymous Survey Reponses_ option within the _System Settings_ is selected. To share a questionnaire with anonymous users, use the questionnaire's _Share Link_. -![Anonymous Survey Reponses](../../images/questionnaires-system-settings.png) +![Anonymous Survey Reponses](images/questionnaires-system-settings.png) diff --git a/docs/content/en/usage/workflows.md b/docs/content/en/open_source/archived_docs/usage/workflows.md similarity index 100% rename from docs/content/en/usage/workflows.md rename to docs/content/en/open_source/archived_docs/usage/workflows.md diff --git a/docs/content/en/contributing/_index.md b/docs/content/en/open_source/contributing/_index.md similarity index 100% rename from docs/content/en/contributing/_index.md rename to docs/content/en/open_source/contributing/_index.md diff --git a/docs/content/en/contributing/branching-model.md b/docs/content/en/open_source/contributing/branching-model.md similarity index 98% rename from docs/content/en/contributing/branching-model.md rename to docs/content/en/open_source/contributing/branching-model.md index 9599ed9033..95fbd91f53 100644 --- a/docs/content/en/contributing/branching-model.md +++ b/docs/content/en/open_source/contributing/branching-model.md @@ -24,7 +24,7 @@ GitHub Actions are the source of truth. The releases are semi-automated. The ste PRs that relate to security issues are done through [security advisories](https://github.com/DefectDojo/django-DefectDojo/security/advisories) which provide a way to work privately on code without prematurely disclosing vulnerabilities. ## Release and hotfix model -![Schemas](../../images/branching_model_v2.png) +![Schemas](images/branching_model_v2.png) Diagrams created with [plantUML](https://plantuml.com). Find a web-based editor for PlantUML at https://www.planttext.com. diff --git a/docs/content/en/contributing/documentation.md b/docs/content/en/open_source/contributing/documentation.md similarity index 100% rename from docs/content/en/contributing/documentation.md rename to docs/content/en/open_source/contributing/documentation.md diff --git a/docs/content/en/contributing/how-to-write-a-parser.md b/docs/content/en/open_source/contributing/how-to-write-a-parser.md similarity index 98% rename from docs/content/en/contributing/how-to-write-a-parser.md rename to docs/content/en/open_source/contributing/how-to-write-a-parser.md index 5652f0dbc5..3ee5622506 100644 --- a/docs/content/en/contributing/how-to-write-a-parser.md +++ b/docs/content/en/open_source/contributing/how-to-write-a-parser.md @@ -5,9 +5,7 @@ draft: false weight: 1 --- -{{% alert title="Information" color="info" %}} All commands assume that you're located at the root of the django-DefectDojo cloned repo. -{{% /alert %}} ## Pre-requisites @@ -312,9 +310,7 @@ or like this: $ ./dc-unittest.sh --test-case unittests.tools.test_blackduck_csv_parser.TestBlackduckHubParser {{< /highlight >}} -{{% alert title="Information" color="info" %}} -If you want to run all unit tests, simply run `$ docker compose exec uwsgi bash -c 'python manage.py test unittests -v2'` -{{% /alert %}} +If you want to run all unit tests, simply run `$ docker-compose exec uwsgi bash -c 'python manage.py test unittests -v2'` ### Endpoint validation diff --git a/docs/content/en/contributing/parser-documentation-template.md b/docs/content/en/open_source/contributing/parser-documentation-template.md similarity index 100% rename from docs/content/en/contributing/parser-documentation-template.md rename to docs/content/en/open_source/contributing/parser-documentation-template.md diff --git a/docs/content/en/integrations/exporting.md b/docs/content/en/open_source/exporting.md similarity index 77% rename from docs/content/en/integrations/exporting.md rename to docs/content/en/open_source/exporting.md index 7a42d27b17..c77011eb07 100644 --- a/docs/content/en/integrations/exporting.md +++ b/docs/content/en/open_source/exporting.md @@ -10,8 +10,8 @@ weight: 12 Pages that show a list of findings or a list of engagements have a CSV and Excel Export functionality in the top right dropdown menu. -![Export findings](../../images/export_1.png) +![Export findings](images/export_1.png) The list of engagements can be exported as CSV/Excel. -![Export engagements](../../images/export_2.png) \ No newline at end of file +![Export engagements](images/export_2.png) \ No newline at end of file diff --git a/docs/content/en/getting_started/_index.md b/docs/content/en/open_source/installation/_index.md similarity index 69% rename from docs/content/en/getting_started/_index.md rename to docs/content/en/open_source/installation/_index.md index b1f4cd88aa..c9b752e3f6 100644 --- a/docs/content/en/getting_started/_index.md +++ b/docs/content/en/open_source/installation/_index.md @@ -1,5 +1,5 @@ --- -title: "Getting started" +title: "Installation & Configuration" description: "How to install and configure DefectDojo" weight: 1 chapter: true diff --git a/docs/content/en/getting_started/architecture.md b/docs/content/en/open_source/installation/architecture.md similarity index 95% rename from docs/content/en/getting_started/architecture.md rename to docs/content/en/open_source/installation/architecture.md index fe53d0ef3f..9a31595965 100644 --- a/docs/content/en/getting_started/architecture.md +++ b/docs/content/en/open_source/installation/architecture.md @@ -5,7 +5,7 @@ draft: false weight: 1 --- -![Architecture](../../images/DD-Architecture.svg) +{{ readFile "/docs/assets/svgs/DD-Architecture.svg" | safeHTML }} ## NGINX diff --git a/docs/content/en/getting_started/configuration.md b/docs/content/en/open_source/installation/configuration.md similarity index 100% rename from docs/content/en/getting_started/configuration.md rename to docs/content/en/open_source/installation/configuration.md diff --git a/docs/content/en/getting_started/demo.md b/docs/content/en/open_source/installation/demo.md similarity index 100% rename from docs/content/en/getting_started/demo.md rename to docs/content/en/open_source/installation/demo.md diff --git a/docs/content/en/getting_started/installation.md b/docs/content/en/open_source/installation/installation.md similarity index 100% rename from docs/content/en/getting_started/installation.md rename to docs/content/en/open_source/installation/installation.md diff --git a/docs/content/en/getting_started/running-in-production.md b/docs/content/en/open_source/installation/running-in-production.md similarity index 98% rename from docs/content/en/getting_started/running-in-production.md rename to docs/content/en/open_source/installation/running-in-production.md index 4074acb8df..73355556ff 100644 --- a/docs/content/en/getting_started/running-in-production.md +++ b/docs/content/en/open_source/installation/running-in-production.md @@ -25,9 +25,7 @@ Media files for uploaded files, including threat models and risk acceptance, are ### Instance size -{{% alert title="Information" color="info" %}} Please read the paragraphs below about key processes tweaks. -{{% /alert %}} With a separate database, the minimum recommendations diff --git a/docs/content/en/integrations/ldap-authentication.md b/docs/content/en/open_source/integrations similarity index 100% rename from docs/content/en/integrations/ldap-authentication.md rename to docs/content/en/open_source/integrations diff --git a/docs/content/en/integrations/languages.md b/docs/content/en/open_source/languages.md similarity index 90% rename from docs/content/en/integrations/languages.md rename to docs/content/en/open_source/languages.md index a78ed137e6..32d3dd9610 100644 --- a/docs/content/en/integrations/languages.md +++ b/docs/content/en/open_source/languages.md @@ -9,7 +9,7 @@ weight: 10 You can import JSON reports generated by the [cloc tool](https://github.com/AlDanial/cloc) via the API: -![Import of cloc JSON file](../../images/languages_api.png) +![Import of cloc JSON file](images/languages_api.png) When importing a file, all language information for the respective project will be deleted first and then populated with the content of the file. Please make sure to use the `--json` parameter when invoking the `cloc` command, to get the correct file format. @@ -18,7 +18,7 @@ Please make sure to use the `--json` parameter when invoking the `cloc` command, The results of the import are shown on the left side of the product details page. -![Display of languages](../../images/languages_ui.png) +![Display of languages](images/languages_ui.png) The colors are defined by entries in the table `Language_Type`, which has been prepopulated with data from GitHub. diff --git a/docs/content/en/integrations/notification_webhooks/_index.md b/docs/content/en/open_source/notification_webhooks/_index.md similarity index 99% rename from docs/content/en/integrations/notification_webhooks/_index.md rename to docs/content/en/open_source/notification_webhooks/_index.md index cbe9294041..96b6ff6c73 100644 --- a/docs/content/en/integrations/notification_webhooks/_index.md +++ b/docs/content/en/open_source/notification_webhooks/_index.md @@ -3,6 +3,8 @@ title: "Notification Webhooks (experimental)" description: "How to setup and use webhooks" weight: 7 chapter: true +sidebar: + collapsed: true --- Webhooks are HTTP requests coming from the DefectDojo instance towards a user-defined webserver which expects this kind of incoming traffic. diff --git a/docs/content/en/integrations/notification_webhooks/engagement_added.md b/docs/content/en/open_source/notification_webhooks/engagement_added.md similarity index 100% rename from docs/content/en/integrations/notification_webhooks/engagement_added.md rename to docs/content/en/open_source/notification_webhooks/engagement_added.md diff --git a/docs/content/en/integrations/notification_webhooks/product_added.md b/docs/content/en/open_source/notification_webhooks/product_added.md similarity index 100% rename from docs/content/en/integrations/notification_webhooks/product_added.md rename to docs/content/en/open_source/notification_webhooks/product_added.md diff --git a/docs/content/en/integrations/notification_webhooks/product_type_added.md b/docs/content/en/open_source/notification_webhooks/product_type_added.md similarity index 100% rename from docs/content/en/integrations/notification_webhooks/product_type_added.md rename to docs/content/en/open_source/notification_webhooks/product_type_added.md diff --git a/docs/content/en/integrations/notification_webhooks/scan_added.md b/docs/content/en/open_source/notification_webhooks/scan_added.md similarity index 100% rename from docs/content/en/integrations/notification_webhooks/scan_added.md rename to docs/content/en/open_source/notification_webhooks/scan_added.md diff --git a/docs/content/en/integrations/notification_webhooks/test_added.md b/docs/content/en/open_source/notification_webhooks/test_added.md similarity index 100% rename from docs/content/en/integrations/notification_webhooks/test_added.md rename to docs/content/en/open_source/notification_webhooks/test_added.md diff --git a/docs/content/en/usage/performance.md b/docs/content/en/open_source/performance.md similarity index 100% rename from docs/content/en/usage/performance.md rename to docs/content/en/open_source/performance.md diff --git a/docs/content/en/integrations/rate_limiting.md b/docs/content/en/open_source/rate_limiting.md similarity index 94% rename from docs/content/en/integrations/rate_limiting.md rename to docs/content/en/open_source/rate_limiting.md index 1ea76ace5b..16c56cc053 100644 --- a/docs/content/en/integrations/rate_limiting.md +++ b/docs/content/en/open_source/rate_limiting.md @@ -14,7 +14,7 @@ For further information, please visit the package documentation [Django Ratelimi #### Enable Rate Limiting -To enable and configure rate limiting, edit the settings (see [Configuration]({{< ref "/getting_started/configuration" >}})) and edit/replace the following information: +To enable and configure rate limiting, edit the settings (see [Configuration](../../os_getting_started/configuration) and edit/replace the following information: {{< highlight python >}} DD_RATE_LIMITER_ENABLED=(bool, True), diff --git a/docs/content/en/getting_started/upgrading/1.10.md b/docs/content/en/open_source/upgrading/1.10.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.10.md rename to docs/content/en/open_source/upgrading/1.10.md diff --git a/docs/content/en/getting_started/upgrading/1.11.md b/docs/content/en/open_source/upgrading/1.11.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.11.md rename to docs/content/en/open_source/upgrading/1.11.md diff --git a/docs/content/en/getting_started/upgrading/1.12.md b/docs/content/en/open_source/upgrading/1.12.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.12.md rename to docs/content/en/open_source/upgrading/1.12.md diff --git a/docs/content/en/getting_started/upgrading/1.13.md b/docs/content/en/open_source/upgrading/1.13.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.13.md rename to docs/content/en/open_source/upgrading/1.13.md diff --git a/docs/content/en/getting_started/upgrading/1.14.md b/docs/content/en/open_source/upgrading/1.14.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.14.md rename to docs/content/en/open_source/upgrading/1.14.md diff --git a/docs/content/en/getting_started/upgrading/1.15.md b/docs/content/en/open_source/upgrading/1.15.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.15.md rename to docs/content/en/open_source/upgrading/1.15.md diff --git a/docs/content/en/getting_started/upgrading/1.2.2.md b/docs/content/en/open_source/upgrading/1.2.2.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.2.2.md rename to docs/content/en/open_source/upgrading/1.2.2.md diff --git a/docs/content/en/getting_started/upgrading/1.2.3.md b/docs/content/en/open_source/upgrading/1.2.3.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.2.3.md rename to docs/content/en/open_source/upgrading/1.2.3.md diff --git a/docs/content/en/getting_started/upgrading/1.2.4.md b/docs/content/en/open_source/upgrading/1.2.4.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.2.4.md rename to docs/content/en/open_source/upgrading/1.2.4.md diff --git a/docs/content/en/getting_started/upgrading/1.2.8.md b/docs/content/en/open_source/upgrading/1.2.8.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.2.8.md rename to docs/content/en/open_source/upgrading/1.2.8.md diff --git a/docs/content/en/getting_started/upgrading/1.2.9.md b/docs/content/en/open_source/upgrading/1.2.9.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.2.9.md rename to docs/content/en/open_source/upgrading/1.2.9.md diff --git a/docs/content/en/getting_started/upgrading/1.3.1.md b/docs/content/en/open_source/upgrading/1.3.1.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.3.1.md rename to docs/content/en/open_source/upgrading/1.3.1.md diff --git a/docs/content/en/getting_started/upgrading/1.7.0.md b/docs/content/en/open_source/upgrading/1.7.0.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.7.0.md rename to docs/content/en/open_source/upgrading/1.7.0.md diff --git a/docs/content/en/getting_started/upgrading/1.8.0.md b/docs/content/en/open_source/upgrading/1.8.0.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.8.0.md rename to docs/content/en/open_source/upgrading/1.8.0.md diff --git a/docs/content/en/getting_started/upgrading/1.9.3.md b/docs/content/en/open_source/upgrading/1.9.3.md similarity index 100% rename from docs/content/en/getting_started/upgrading/1.9.3.md rename to docs/content/en/open_source/upgrading/1.9.3.md diff --git a/docs/content/en/getting_started/upgrading/2.0.md b/docs/content/en/open_source/upgrading/2.0.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.0.md rename to docs/content/en/open_source/upgrading/2.0.md diff --git a/docs/content/en/getting_started/upgrading/2.10.md b/docs/content/en/open_source/upgrading/2.10.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.10.md rename to docs/content/en/open_source/upgrading/2.10.md diff --git a/docs/content/en/getting_started/upgrading/2.12.md b/docs/content/en/open_source/upgrading/2.12.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.12.md rename to docs/content/en/open_source/upgrading/2.12.md diff --git a/docs/content/en/getting_started/upgrading/2.13.md b/docs/content/en/open_source/upgrading/2.13.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.13.md rename to docs/content/en/open_source/upgrading/2.13.md diff --git a/docs/content/en/getting_started/upgrading/2.15.md b/docs/content/en/open_source/upgrading/2.15.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.15.md rename to docs/content/en/open_source/upgrading/2.15.md diff --git a/docs/content/en/getting_started/upgrading/2.16.md b/docs/content/en/open_source/upgrading/2.16.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.16.md rename to docs/content/en/open_source/upgrading/2.16.md diff --git a/docs/content/en/getting_started/upgrading/2.17.md b/docs/content/en/open_source/upgrading/2.17.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.17.md rename to docs/content/en/open_source/upgrading/2.17.md diff --git a/docs/content/en/getting_started/upgrading/2.18.md b/docs/content/en/open_source/upgrading/2.18.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.18.md rename to docs/content/en/open_source/upgrading/2.18.md diff --git a/docs/content/en/getting_started/upgrading/2.19.md b/docs/content/en/open_source/upgrading/2.19.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.19.md rename to docs/content/en/open_source/upgrading/2.19.md diff --git a/docs/content/en/getting_started/upgrading/2.2.md b/docs/content/en/open_source/upgrading/2.2.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.2.md rename to docs/content/en/open_source/upgrading/2.2.md diff --git a/docs/content/en/getting_started/upgrading/2.20.md b/docs/content/en/open_source/upgrading/2.20.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.20.md rename to docs/content/en/open_source/upgrading/2.20.md diff --git a/docs/content/en/getting_started/upgrading/2.21.md b/docs/content/en/open_source/upgrading/2.21.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.21.md rename to docs/content/en/open_source/upgrading/2.21.md diff --git a/docs/content/en/getting_started/upgrading/2.22.md b/docs/content/en/open_source/upgrading/2.22.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.22.md rename to docs/content/en/open_source/upgrading/2.22.md diff --git a/docs/content/en/getting_started/upgrading/2.23.md b/docs/content/en/open_source/upgrading/2.23.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.23.md rename to docs/content/en/open_source/upgrading/2.23.md diff --git a/docs/content/en/getting_started/upgrading/2.24.md b/docs/content/en/open_source/upgrading/2.24.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.24.md rename to docs/content/en/open_source/upgrading/2.24.md diff --git a/docs/content/en/getting_started/upgrading/2.25.md b/docs/content/en/open_source/upgrading/2.25.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.25.md rename to docs/content/en/open_source/upgrading/2.25.md diff --git a/docs/content/en/getting_started/upgrading/2.26.md b/docs/content/en/open_source/upgrading/2.26.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.26.md rename to docs/content/en/open_source/upgrading/2.26.md diff --git a/docs/content/en/getting_started/upgrading/2.27.md b/docs/content/en/open_source/upgrading/2.27.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.27.md rename to docs/content/en/open_source/upgrading/2.27.md diff --git a/docs/content/en/getting_started/upgrading/2.28.md b/docs/content/en/open_source/upgrading/2.28.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.28.md rename to docs/content/en/open_source/upgrading/2.28.md diff --git a/docs/content/en/getting_started/upgrading/2.29.md b/docs/content/en/open_source/upgrading/2.29.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.29.md rename to docs/content/en/open_source/upgrading/2.29.md diff --git a/docs/content/en/getting_started/upgrading/2.3.md b/docs/content/en/open_source/upgrading/2.3.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.3.md rename to docs/content/en/open_source/upgrading/2.3.md diff --git a/docs/content/en/getting_started/upgrading/2.30.md b/docs/content/en/open_source/upgrading/2.30.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.30.md rename to docs/content/en/open_source/upgrading/2.30.md diff --git a/docs/content/en/getting_started/upgrading/2.31.md b/docs/content/en/open_source/upgrading/2.31.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.31.md rename to docs/content/en/open_source/upgrading/2.31.md diff --git a/docs/content/en/getting_started/upgrading/2.32.md b/docs/content/en/open_source/upgrading/2.32.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.32.md rename to docs/content/en/open_source/upgrading/2.32.md diff --git a/docs/content/en/getting_started/upgrading/2.33.md b/docs/content/en/open_source/upgrading/2.33.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.33.md rename to docs/content/en/open_source/upgrading/2.33.md diff --git a/docs/content/en/getting_started/upgrading/2.34.md b/docs/content/en/open_source/upgrading/2.34.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.34.md rename to docs/content/en/open_source/upgrading/2.34.md diff --git a/docs/content/en/getting_started/upgrading/2.35.md b/docs/content/en/open_source/upgrading/2.35.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.35.md rename to docs/content/en/open_source/upgrading/2.35.md diff --git a/docs/content/en/getting_started/upgrading/2.36.md b/docs/content/en/open_source/upgrading/2.36.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.36.md rename to docs/content/en/open_source/upgrading/2.36.md diff --git a/docs/content/en/getting_started/upgrading/2.37.md b/docs/content/en/open_source/upgrading/2.37.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.37.md rename to docs/content/en/open_source/upgrading/2.37.md diff --git a/docs/content/en/getting_started/upgrading/2.38.md b/docs/content/en/open_source/upgrading/2.38.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.38.md rename to docs/content/en/open_source/upgrading/2.38.md diff --git a/docs/content/en/getting_started/upgrading/2.39.md b/docs/content/en/open_source/upgrading/2.39.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.39.md rename to docs/content/en/open_source/upgrading/2.39.md diff --git a/docs/content/en/getting_started/upgrading/2.4.md b/docs/content/en/open_source/upgrading/2.4.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.4.md rename to docs/content/en/open_source/upgrading/2.4.md diff --git a/docs/content/en/getting_started/upgrading/2.40.md b/docs/content/en/open_source/upgrading/2.40.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.40.md rename to docs/content/en/open_source/upgrading/2.40.md diff --git a/docs/content/en/getting_started/upgrading/2.41.md b/docs/content/en/open_source/upgrading/2.41.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.41.md rename to docs/content/en/open_source/upgrading/2.41.md diff --git a/docs/content/en/getting_started/upgrading/2.5.md b/docs/content/en/open_source/upgrading/2.5.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.5.md rename to docs/content/en/open_source/upgrading/2.5.md diff --git a/docs/content/en/getting_started/upgrading/2.6.md b/docs/content/en/open_source/upgrading/2.6.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.6.md rename to docs/content/en/open_source/upgrading/2.6.md diff --git a/docs/content/en/getting_started/upgrading/2.7.md b/docs/content/en/open_source/upgrading/2.7.md similarity index 92% rename from docs/content/en/getting_started/upgrading/2.7.md rename to docs/content/en/open_source/upgrading/2.7.md index 672c3a77a0..0382323fd6 100644 --- a/docs/content/en/getting_started/upgrading/2.7.md +++ b/docs/content/en/open_source/upgrading/2.7.md @@ -8,7 +8,7 @@ This release is a breaking change regarding the Choctaw Hog parser. As the maint There is another breaking change regarding the import of SSLyze scans. The parser has been renamed from `SSLyze 3 Scan (JSON)` to `SSLyze Scan (JSON)`. The data in the database is fixed by the initializer, but it may break scripted API calls. -Release 2.7.0 contains a beta functionality to make permissions for the configuration of DefectDojo more flexible. When the settings parameter `FEATURE_CONFIGURATION_AUTHORIZATION` is set to `True`, many configuration dialogues and API endpoints can be enabled for users or groups of users, regardless of their **Superuser** or **Staff** status, see [Configuration Permissions]({{< ref "../../usage/permissions/#configuration-permissions" >}}). +Release 2.7.0 contains a beta functionality to make permissions for the configuration of DefectDojo more flexible. When the settings parameter `FEATURE_CONFIGURATION_AUTHORIZATION` is set to `True`, many configuration dialogues and API endpoints can be enabled for users or groups of users, regardless of their **Superuser** or **Staff** status, see [Configuration Permissions](../../../usage/permissions.md). The functionality using the flag `AUTHORIZATION_STAFF_OVERRIDE` has been removed. The same result can be achieved with giving the staff users a global Owner role. diff --git a/docs/content/en/getting_started/upgrading/2.8.md b/docs/content/en/open_source/upgrading/2.8.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.8.md rename to docs/content/en/open_source/upgrading/2.8.md diff --git a/docs/content/en/getting_started/upgrading/2.9.md b/docs/content/en/open_source/upgrading/2.9.md similarity index 100% rename from docs/content/en/getting_started/upgrading/2.9.md rename to docs/content/en/open_source/upgrading/2.9.md diff --git a/docs/content/en/getting_started/upgrading/_index.md b/docs/content/en/open_source/upgrading/_index.md similarity index 97% rename from docs/content/en/getting_started/upgrading/_index.md rename to docs/content/en/open_source/upgrading/_index.md index a7f5aa3090..d453def634 100644 --- a/docs/content/en/getting_started/upgrading/_index.md +++ b/docs/content/en/open_source/upgrading/_index.md @@ -2,7 +2,9 @@ title: "Upgrading" description: "Release specific upgrading instructions" draft: false -weight: 5 +sidebar: + collapsed: true +weight: 2 --- ## Docker compose @@ -13,11 +15,8 @@ should not lose any data. ### Using docker images provided in DockerHub -{{% alert title="Information" color="info" %}} If you\'re using `latest`, then you need to pre pull the `latest` from DockerHub to update. -{{% /alert %}} - The generic upgrade method for docker compose are as follows: - Pull the latest version diff --git a/docs/content/en/pro_reports/Using the Report Builder.md b/docs/content/en/pro_reports/Using the Report Builder.md new file mode 100644 index 0000000000..b67117095f --- /dev/null +++ b/docs/content/en/pro_reports/Using the Report Builder.md @@ -0,0 +1,223 @@ +--- +title: "Using the Report Builder" +description: "Build and publish custom reports for external audiences, or your own records" +--- + +DefectDojo allows you to create Custom Reports for external audiences, which summarize the Findings or Endpoints that you wish to report on. Custom Reports can include branding and boilerplate text, and can also be used as **[Templates](https://support.defectdojo.com/en/articles/9367528-working-with-generated-reports)** for future reports. + + + +# Opening the Report Builder + + +The Report Builder can be opened from the **📄Reports** page on the sidebar. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668657/d149242028cea25e8114b666/qiA-SC4CLojnPIBQFJ7HkqQ5P7QQT-Hbo_4ZL1U5SLtvOjauQfK5nr276tyG28BWkHWpxbXyBlRyKEMoBJhIU05923KW7do0TdloBdZ339JIVvjTSRKC_FFW1FpUnG2xnM3LgKKXuOsgMvn5vQ-7yYo?expires=1729720800&signature=86da67f31863d06a6d6066e37461ebc3ab4fa7d1ed1e31d78dccdb6ae091293a&req=dSAiH894lYdaXvMW1HO4zYTHA4kYzFbXGD3pjms%2FaPWm4NRJKHCIfFYxrKIu%0APBVL%0A) + +The report builder page is organized in two columns. The left **Report Format** column is where you can design your report, using widgets from the right **Available Widgets** column. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668681/fc43eee902f2d9892c2858ad/di7AqHpuoVBD527GMbmUU4g3xViyrzF4nDIZRmKKLXKmgpu5FJU837mn-Txa0egjF7gqs10vl1ls8b6zZHFmmu4Ceu33gPd7R9LPzHXLU79-_QDiVjXNkJHOmjl6uGPmzvkrtrJmMT3bacpoRo7-a4k?expires=1729720800&signature=474de3f5c935cad8cb4564e89868ee57da2368fc8492dbe7c4f56eb5332fe0f2&req=dSAiH894lYdXWPMW1HO4zUkXPkPuwVumZ1gLKNFFUSpoSVwSph0rDjPojnwd%0Af6RA%0A) + +# Step 1: Set Report Options + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668702/757104b09b49cbcf83d3b6fc/Zl2lKAU3KWuVtlCunSK2bVyrw398CQeh8CCAOY72GVW5WMxlME59qTrQawLiuq5e8E0Da6elvpBs0Fo9HIMfMaV1O7Uvkvj_lK4uciDFgA1puiyWwss5MCWEyrLaiy6ijUoK9iJ7ygzb5afbJ4dBkKo?expires=1729720800&signature=9d421bb96e18b0407be5a6ab4b113f63a7059e469a31251d1c1d58a779632bf6&req=dSAiH894lYZfW%2FMW1HO4zd38o20biDfaLBNaWL2wZpj9WooJDzcHaIKkCAIv%0AJ%2BmV%0A) +From the Report Options section, you can take the following actions: + + +* Set a **Report Name** for the Report or Template +* Include user\-created **Finding Notes** in the report +* Include **Finding Images** in the report +* Upload a header **Image** to the report + + +## Select a header image for your report + + +To add an image to the top of your report, click the **Choose File** button and upload an image to DefectDojo. + + + +The image will automatically resize to fit the document, and will render directly above your **Report Name**. + + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668715/d62e5d01e6322c4de5753c46/75kSgNSTofd59iGYCZvmGKYKc68QCGuKvihvQ1Ghd3jwJRdbLp6YAlqa7EIUQWVk8X6scpk-ctAPx4ON67i64AeaKXtMulH4B_J41A-4PiFxPssV3yPital5bahMDRnq8BYJvA78cpzZynq07Fo5dTM?expires=1729720800&signature=dd455f58ada29c952a3bd0ff8054837692bacd7f52500f8c7c3c9d50df514dd2&req=dSAiH894lYZeXPMW1HO4zaIJOBeuo49c5ejU69mXwasRIZ6a6Gft8W1Oux2i%0AoHQt%0A) + +# Step 2: Add content to your report with Widgets + + +Once you have set your Report Options, you can begin to design your report using DefectDojo’s widgets. + + + +Widgets are content elements of a report which can be added by dragging and dropping them into the Report Format column. The final Report will be generated based on the position of each Widget, with the **Report Name** and **Header Image** rendered at the top. + + +* The elements of your report can be reordered by dragging and dropping your widgets into a new order. +* To remove a widget from a report, click and drag it back to the right column. +* Widgets can also be collapsed by clicking on the grey header, for ease in navigation through a report builder. +* The Findings Widget, WYSIWYG Widget and the Endpoints widget can be used more than once. + + +## Cover Page Widget + + +The Cover Page Widget allows you to set a Heading, Sub heading and additional metadata for your report. You can only have a single Cover Page for a given Report. + + +## + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668733/2522de823fd048e072c972f8/Z06otmw5EcLKbfx6JzBDqqrvkO8T6AHAgMrYYsS3RCd3PqoKZ2lL-tSoTrA-MMvnSuhPTO7kwIWbBFg6yGCKR-HpyCFCWiCztoOUVYQ7oQTJGZPTkFLpKiK_dolIHCjHRlmaZVlXpI4I0IbmGoNVGgQ?expires=1729720800&signature=1a0e94643a63175a9203668f2de2eb1ba324e9d0f4ba4402be7c8f31826a8267&req=dSAiH894lYZcWvMW1HO4zTwHGAjzTDMbJMT9RA4HP84r3prZFbAKtBemB7fA%0AD0%2B8%0A) +## Executive Summary Widget + + +The Executive Summary widget is intended to summarize your report at a glance. It contains a Heading (defaults to Executive Summary), as well as a text box which can contain whatever information you feel is required to summarize the report. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668750/9ef673c9e58e4648397a72d7/Q9_fk5LqZlgHS2N4tL2HyVB1lg5RW7ek0mipaOEWUFgi0sHmQCmJYBKngawpR7Oo7NrEuebFbWIIMHpaTEHIgB0tyCuWMgSUTqtYDi9CSZCATrobCSFvNI5fxq4xKyGJFvN9RQOpBw-ISDZfkXZoX2w?expires=1729720800&signature=d2af7dc8ca8926eddd8c3c0e6fc4b3e3800bdc6c6a75261ab4c3e797a17e4e1e&req=dSAiH894lYZaWfMW1HO4zSgZrnEu4v9f8iDvHdpabgdb31RLyLi%2B5lw286sJ%0AQXqH%0A) +You can also **Include SLAs** in your executive summary. To add images, markup formatting or anything beyond pure text, consider adding a **WYSIWYG Content Widget** immediately after the executive summary. + + +* You can only have a single Executive Summary for a given Report. +* If your Report contains multiple SLA configurations (I.E. you have Findings from separate Products which each have their own standards for SLA) each SLA configuration will be listed on the Executive Summary as a separate row. + + +## Severities Widget + + +As each organization will have different definitions for each severity level, the Severities Widget allows you to define the Severity Levels used in your report for ease of understanding. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668769/4ed67d61b24d76230e199027/vBzduetm_xuyj-Id_ea3XrWj39N90ZRakQsQTJAeghNhZjIlVJlbNiwI8DnjPkEcc0h_c7QA_Bt90bv0j4tlLbZH5Tov5Dtzp8twGcHMmWRgzuOrVbiESxHTZhA5ZHhUL-tJ32L4FzlfB4qVLtL69HM?expires=1729720800&signature=3708e508a8a083efd2b06dcf93e1c747ba81f281a92d65c0562394dc5c317465&req=dSAiH894lYZZUPMW1HO4zWi%2FMsH6d%2BF7zDGqlenGyd1o7J6UGLbpIIAdseIH%0Ax%2Buj%0A) +## Table Of Contents Widget + + +The Table Of Contents Widget creates a list of each Finding in your report, for quicker access to specific Findings. The table of contents will create a separate heading for each Severity contained within the report. Each Finding listed in the table of contents will have an anchor link attached to quickly jump to the Finding in the report. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668783/ac40a1a4cf6754b045f2a95d/z6MDXX6XbQULSPzJ7pS334JRAsqj_ozIuEiKD4t6yYSEywEA66N-u0rLZtx4wYvUtVv0LcIgLgB7cnmvPLKJURndFWwvcmr5u_LBPdOlILkwjig1_VNqRrCTcUruAYkiaT8qzloYx9Qk8vFbzVA-g_A?expires=1729720800&signature=f3cfefa777f03101e6c2317a84ab4b68830b21d60b0467d876658109db3711ff&req=dSAiH894lYZXWvMW1HO4zTVqo38kvEyYe4VstbFGMYhKkv9412DDgaRnG631%0Ak%2BgB%0A)* Set an optional **Heading** for your Table Of Contents if you wish. +* You can add a section of **Custom Content**, which will add text underneath the Heading. +* You can upload an image to the Table Of Contents by clicking the **Choose File** button next to the **Image** line. The uploaded image will render directly above the **Heading** selected. Images will be resized to fit the document. + + +## WYSIWYG Content Widget + + +The WYSIWYG (What You See Is What You Get) widget can be used to add a section containing text and images in your report. Multiple copies of this Widget can be added to add context to other sections of your report. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668799/7e2d199dfb523e6e9b8575e0/Zl0xqUXPzqIAHnxPqoti3dIi9Ok8BsUpVBiYj3WEy3R24b3y9t2dP4tL3CFsfRW88Py0FQL64i4X-uDL9hRUUI1CAzUOriTOmqYEYEjR7WD2PtbeDo0iN8a6SiFn2gBRGw9y36zTqol6zAE-KlNI56I?expires=1729720800&signature=669d522b6f16047bbe7e71394143d3f55fbe39fdbb35964f6ab10d2d39a1b7ee&req=dSAiH894lYZWUPMW1HO4zTHuMUGRWo1X3HdWDZf%2FwZLsh3h5gPVX4gN0Sqv7%0AO6Mu%0A) +* WYSIWYG Content can include an optional Heading. +* Images can be added to a WYSIWYG widget by dragging and dropping them directly into the **Content** box. Images inserted into the Content box will render at their full resolution. +* You can add multiple WYSIWYG widgets to a report. + + +## Findings Widget + + +The Findings Widget provides a list and summary of each Finding you want to include in your report. You can set the scope of the Findings you wish to include with Filters. + + + +The Findings Widget is divided into two sections. The upper section contains a list of filters which can be used to determine which Findings you want to include, and the lower section contains the resulting list of Findings after filters are applied. + + + +To apply filters to your Findings widget, set the filter parameters and click the **Apply Filter** button at the bottom. You can preview the results of your filter by checking the Findings list located underneath the Filters section. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668827/54fbccc5dc6c37e974544f67/9tAorgi2LtsrutVn2oAi---8TxULQRm3WdUBXXYnG4Un8Hxvn-lLMF9YeyZprenDpMpn_pXlfqV0HPCxMleeKrAAfISpqCakc9DWGtChyWpy1fSTDKDJKhUqbZhXK853ILnOodbMRPMUOW3JMWyRmmA?expires=1729720800&signature=07e89018412575f5452488734e335ca52ec7c5c386a3c5b4820ed72ea44264b6&req=dSAiH894lYldXvMW1HO4zeRXczzna2ND%2FjJ5fjQdd42%2BX0Al7y0N38CoHXcQ%0ArAOZ%0A)* The resulting list of Findings will be split up into sections by **Severity Level**. Note that DefectDojo data model components (Test, Engagement or Product) will not be represented in the report, only a list of Findings. +* As with Widgets, the Filters section can be expanded and collapsed by clicking the gret Filters header. +* You can add multiple separate Findings Widgets to your report with different filter parameters if you want the report to contain more than one list of Findings. +* Only the Findings you are authorized to view are included in these listings, with respect to Role\-Based Access Control + +## + + +### Example Rendered Finding List + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668863/33ab8747223d12cc74452025/JGKDzkDo79C7U2L2T0cC9_UKd0aCrI2R3NWZA3bAo1lcAtH3TsSNirvToX15TpDLIzdZ6qVOTWAa9tpE0bXpeZ6OLgTCA3_nMUerraHYsrhu7ZbAINVWNkd-sWs_MMg3ZwhE5Q4RYWj1_xWrcD2A1Zk?expires=1729720800&signature=9bd3481d52352937f34305772f9eb7ea6a79c191a9f2268785ce15c8dc4b32cf&req=dSAiH894lYlZWvMW1HO4zV%2Bgt3R5%2FTAnT7RYCBj%2Frv4IjWgmaLlIyRPCTtWH%0Am%2F%2Ff%0A) + +## Vulnerable Endpoints Widget + + +The Vulnerable Endpoints widget is similar to the Findings widget. You can use this widget to list all Findings for specific Endpoints, and sort the Finding list by Endpoint instead of by Severity level. + + + +The **Vulnerable Endpoints** widget will list each active Finding for the Endpoints selected. Rather than creating a single list of unsorted Findings this feature will separate them into their Endpoint context. + + + +As with the Findings Widget, the Vulnerable Endpoints Widget is divided into a Filter section and a list of resulting Endpoints from the filter parameters. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668880/0e1efc285e326249be4179e0/Szk-7f4eMk_NKNKPAUpkzRsO5VNFwwYAGFco85IbJg4lCEHYObQFHTm0vooxwV4750IKjLkcelCD6UqYP3j2Mw2io9KGGWWxGZfLmNrL4gCIeSz91yMPVCXf4K6GKQM1sLRbwG-avNp3_OlrsFTNJeA?expires=1729720800&signature=27d50b0bb16547abf2882c11ce905c850748330b931813277d046e46b29de2fb&req=dSAiH894lYlXWfMW1HO4zVU6RSjhv0UByCQSNwvLkLTsBMiDy%2FB3c%2F2aDaSl%0AI2gy%0A) +Select the parameters for the Endpoints you wish to include here and click the **Apply Findings** button at the bottom. You can preview the results of your filter by checking the Endpoints list located underneath the Filters section. + + +* You can add multiple separate Vulnerable Widgets to your report with different filter parameters if you want the report to contain more than one list. +* Only the Findings you are authorized to view are included in these listings, with respect to Role\-Based Access Control. + + +## \-\-\-\-\-\-\-\-\-\-\-\-\-\- (separator) Widget + + + +This Widget will render a light grey horizontal line to divide between sections. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668908/6329423a4a2af18a5c1d4a7b/LUGV4_gdfMrrqWEYcVUipme5N2vHUyhHTq1K6I04-sYnApm2F7GmmgJ-WXOZBVG2hh9HqJ3szm_OipCW2jh6KLY5I3w2viOUZYhWLdduoBFeeNq5qG99Ct0erE1KJVK-NCJx03hw05roWuxsQtQGhnU?expires=1729720800&signature=f311c841a18fa3c43ace8dff97da3ecfc0d592f245e49e9588eec50c1cbcc61b&req=dSAiH894lYhfUfMW1HO4zSn2LKgUlf6SVJsVNa7AJPTnjquPDCFg66OloIGc%0ACs%2F0%0A) + +# Step 3: Publishing and viewing your Report + + +Once you have finished building your report, you can generate it by clicking the green ‘**Run’** button at the bottom of the **Report Format** section. + + + +This will automatically take you to the Generated Reports page, and your report will begin to generate in the background. You can check on the Status of your report by reading the Status column next to it, and refreshing the page periodically. + + + +Once your report has generated, you can view it by either clicking on the **Status** (which will be set to ‘Complete: View Report’), or by opening the **⋮** menu next to your report and selecting **View Report**. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668933/94b598eda87056948041d01a/3p-IVZqmk3TFbZth5i8j8E6nAn4U4PRCGIZ1kUiPLqCmFXXB0VQr4r5Fod0I4Z5cgxaFtaFq1JuQJvWaxpiOEIPCUyYBsOLWEaSEsDs6gFhtSrZ3ryiVolap1Cr7Z0w0jmzufsLe_3Lfgv78U1CAALE?expires=1729720800&signature=efd7cced529fbcdf08ea0fb6c91c2dd96fa15104bc2e69abb811542f3bf4f42b&req=dSAiH894lYhcWvMW1HO4zU7eIAlzp8yFaVkMjW00jNSD7WxnDKf7klUA3Vaw%0Avkcv%0A) + +# Step 4: Exporting a Report + + +Only DefectDojo users will have access to Reports stored in the software, but Reports are set up in a way where they can be exported or printed easily. + + + +The easiest method to use is to Print To PDF \- with an HTML Report open, open a **Print** dialog in your browser and set **Save To PDF** as the **Print Destination**. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059668954/b704c7ddaac96d4eb64cf5e4/JKKw_F3C8W6glSYytDhXMkewmRpKoxjwLzkU32E_YJEanOvfHEpcwnEILqet46Sep5cRqS2F4KkrwjXqF2Wu6en0d1RtfctRP-_-Sva2pbcqvHwZb3L51y6iKX1uORlK1MAjsyPxIgL1B3C2bCNxiXk?expires=1729720800&signature=a111990b482823eafc2bff32c1d23233ec1520d3ab1794c3a5c72dc526287782&req=dSAiH894lYhaXfMW1HO4zf8CfRrJhPkgv7slZsXFhSnKeIbnMRCyo37GDmYC%0ADPz1%0A) + +# Report formatting suggestions + + +* WYSIWYG sections can be used to contextualize or summarize Finding lists. We recommend using this widget throughout your report in between Findings or Vulnerable Endpoints widgets. + diff --git a/docs/content/en/pro_reports/Working with Generated Reports.md b/docs/content/en/pro_reports/Working with Generated Reports.md new file mode 100644 index 0000000000..6b4af34e6d --- /dev/null +++ b/docs/content/en/pro_reports/Working with Generated Reports.md @@ -0,0 +1,68 @@ +--- +title: "Working with Generated Reports" +description: "Use a report as a template, or re-run an existing report with updated data" +--- + +Once you have created one or more **Reports** in DefectDojo you can take further actions, including: + + +* Using a report as a template for subsequent reports +* Re\-running a report with updated data +* Deleting an old or unused reportsa + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059671281/7eebaaae55e5e8fb36a381af/3p-IVZqmk3TFbZth5i8j8E6nAn4U4PRCGIZ1kUiPLqCmFXXB0VQr4r5Fod0I4Z5cgxaFtaFq1JuQJvWaxpiOEIPCUyYBsOLWEaSEsDs6gFhtSrZ3ryiVolap1Cr7Z0w0jmzufsLe_3Lfgv78U1CAALE?expires=1729720800&signature=6877ef645bcd73141676996d52389b6b683b7c3874debd5cf651de9121942c39&req=dSAiH895nINXWPMW1HO4zWepnUDyncjCPKq3%2FkKW0dqikTePlld1Oi%2BUMCy5%0AbeAB%0A) + +# Use a report as a Template + + +DefectDojo allows you to easily create Report templates with your team logo, boilerplate text and a standardized content order. + + + +If you want to change the way a report is set up, or create a new one with a similar layout, you can re\-open the Report Builder by selecting **View Template** from the **⋮** menu next to the report you wish to use as a template. + + + +There are two places where you can find a Report Template to use: + + +1. From the **Generated Reports** page, where you can see a list of completed reports +2. From the **Report Templates** page, where you can see a list of previously run reports, including reports which were deleted from the **Generated Reports** page. + +Both of these pages can be found in the 📄 **Reports** tab on the sidebar. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059671304/ccd08efd53df3d0970c451ba/SXnDhXKLNvsz3gPfQwW9ek2RLJ_TydFt3FNWemB1kSNTkyl0tXPmq493HmbFKMwKiMLyHSMF2d9gq6kYDwH0xRxm-heHzUmAalQv7LHkj2jnfHSPeQru-kgrt1qXqHbz-UElAFbwpQZu6p0gpmJlVZM?expires=1729720800&signature=a4ab9f2e4a32458a21e2e9894fa6056310cd22086d2844411782060e861ff6f1&req=dSAiH895nIJfXfMW1HO4zUL7Ism3uP7AGXfgyZwij4MGHxy3uKUdnG4sCf7w%0AZarK%0A) +To access the **Report Templates** page, open 📄**Reports \> Report Templates** from the sidebar. From that table, you can open the report builder by clicking the **⋮** menu next to the report you wish to use as a template. + + + +Every time you make changes to a template or previous report, the result will be saved as a **new** report under Generated Reports so that you don't lose the older version. If you like, the older version can be deleted. + + + + +# Re\-Running a Report + + +DefectDojo Reports are ‘frozen in time’ \- to keep your records consistent, they do not update automatically when DefectDojo experiences data changes. + + + +However, if you want to create an updated version of a previously created report, you can do so by selecting **Re\-run Report** from the **⋮** menu next to the report you wish to generate. + + + +Selecting this option will create a new report in the **Generated Reports** list, with a different **Created** timestamp to indicate that the report was run at a separate time. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1059671323/e1d821fba1ace5d7896bf482/jxJ7QWWvw1CKOUnS7zc5FI7UjCRKJ3qobQNSTC8lTHi663VJoqe_XbVboGcAEFR5Lulk9c0HPhfmmqaPUAxqQ54mggQG8WtpdtPSXQKOuiSXMRmREcItfJLmmqkX2l_aIcXQUbJLMGflmWIkbPTgc78?expires=1729720800&signature=acd68b15972699601dda8c6954e0fd8b812411a76f4bea58b1a37cb83dc56086&req=dSAiH895nIJdWvMW1HO4zffauUxOD2Xn6VQCrLltw35ImuPGf8piwAMDmWJL%0AHA6J%0A) + +# Deleting a Report + + +If you no longer need a report, you can delete it by selecting **Delete Report** from the **⋮** menu next to the report you wish to delete. Note that this will only remove the report from the **Generated Reports** list \- a record of the report will still exist under **Report Templates** if you want to re\-run it. + + diff --git a/docs/content/en/pro_reports/_index.md b/docs/content/en/pro_reports/_index.md new file mode 100755 index 0000000000..b47cec1a57 --- /dev/null +++ b/docs/content/en/pro_reports/_index.md @@ -0,0 +1,18 @@ +--- +title: "Create A Report" +description: "Create Custom Reports and Export Data" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 9 +chapter: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) +pro-feature: true +--- \ No newline at end of file diff --git a/docs/content/en/user_management/About Permissions & Roles.md b/docs/content/en/user_management/About Permissions & Roles.md new file mode 100644 index 0000000000..2b965f1d85 --- /dev/null +++ b/docs/content/en/user_management/About Permissions & Roles.md @@ -0,0 +1,138 @@ +--- +title: "About Permissions & Roles" +description: "Summary of all DefectDojo permission options, in detail" +--- + +If you have a team of users working in DefectDojo, it's important to set up Role\-Based Access Control (RBAC) appropriately so that users can only access specific data. Security data is highly sensitive, and DefectDojo's options for access control allow you to be specific about each team member’s access to information. + + + + +# Types of Permissions + + +DefectDojo manages four different kinds of permissions: + + +* Users can be assigned as **Members** to **Products or Product Types**. A Product Membership comes with a **Role** which allows your users to view and interact with Data Types (Product Types, Products, Engagements, Tests and Findings) in DefectDojo. Users can have multiple Product or Product Type memberships, with different levels of access. +​ +* Users can also have **Configuration Permissions** assigned, which allow them to access configuration pages in DefectDojo. Configuration Permissions are not related to Products or Product Types, and are not associated with Roles. +​ +* Users can be assigned **Global Roles**, which give them a standardized level of access to all Products and Product Types. +​ +* Users can be set up as **Superusers**: administrator level roles which give them control and access to all DefectDojo data and configuration. + + +Each of these Permission types can also be assigned to **User** **Group**. If you have a large number of users in DefectDojo, such as a dedicated testing team for a particular Product, Groups allow you to set up and maintain permissions quickly. + + + + +# Product/Product Type Membership \& Roles + + +When users are assigned as members to a Product or Product Type, they also receive a role which controls how they interact with the associated Finding data. + + + +## Role Summaries + + +Users can be assigned a role of Reader, Writer, Maintainer, Owner or API Importer, either globally or within a Product / Product Type. + + + +‘Underlying data’ refers to all Products, Engagements, Tests, Findings or Endpoints nested under a Product, or Product Type. + + +* **Reader Users** can view underlying data on any Product or Product Type they are assigned to, and add comments. They cannot edit, add or otherwise modify any of the underlying data, but they can export Reports and add Notes to data. +​ +* **Writer Users** have all Reader abilities, plus the ability to Add or Edit Engagements, Tests and Findings. They cannot add new Products, and they cannot Delete any underlying data. +​ +* **Maintainer Users** have all Writer abilities, plus the ability to edit Product or Product Types. They can add new Members with Roles to the Product or Product Type, and they can also Delete Engagements, Tests, and Findings. +​ +* **Owner Users** have the greatest amount of control over a Product or Product Type. They can designate other Owners, and can also Delete the Products or Product Types they’re assigned to. +​ +* **API Importer** **Users** have limited abilities. This Role allows limited API access without exposing the majority of the API endpoints, so is useful for automation or users who are meant to be ‘external’ to DefectDojo. They can view underlying data, Add / Edit Engagements, and Import Scan Data. + +For detailed information on Roles, please see our **[Role](https://support.defectdojo.com/en/articles/8955600-user-permission-charts#h_ee05c5f5df)** [**Permission Chart**](https://support.defectdojo.com/en/articles/8955600-user-permission-charts#h_ee05c5f5df)**.** + + + +## Global Roles + + +Users with **Global Roles** can view and interact with any Data Type (Product Types, Products, Engagements, Tests and Findings) in DefectDojo depending on their assigned Role. + + + +## Group Memberships + + +User Groups can be added as Members of a Product or Product Type. Users who are part of the Group will inherit access to all associated Products or Product Types, and will inherit the Role assigned to the Group. + + + + +### Users with multiple roles + + +* If a User is assigned as a member of a Product, they are not granted any associated Product Type permissions by default. + + +* A User's Product Role always supersedes their 'default' Product Type Role. +​ +* A User's Product / Product Type Role always supersedes their Global Role within the underlying Product or Product Type. For example, if a User has a Product Type Role of Reader, but is also assigned as an Owner on a Product nested under that Product Type, they will have additional Owner permissions added for that Product only. +​ +* Roles cannot take away permissions, they can only add additional ones. For example, If a User has a Product Type Role or Global Role of Owner, assigning them a Reader role on a particular Product will not take away their Owner permissions on that Product. +​ +* Superuser status always supersedes any Roles assigned. + + + +# Superusers + + +Superusers (Admins) have no limitations in the system. They can change all settings, manage users and have read / write access to all data. They can also change access rules for all users in DefectDojo. Superusers will also receive notifications for all system issues and alerts. + + + +By default, the first account created on a new DefectDojo instance will have Superuser permissions. That user will be able to edit permissions for all subsequent DefectDojo users. Only an existing Superuser can add another superuser, or add a Global Role to a user. + + + + +# Configuration Permissions + + +Configuration Permissions, although similar, are not related to Products or Roles. They must be assigned separately from Roles. **Regular** **users do not have any Configuration Permissions by default, and assigning these configuration permissions should be done carefully.** + + + +Users can have Configuration Permissions assigned in different ways: + + +1. Users can be assigned Configuration Permissions directly. Specific permissions can be configured directly on a User page. +​ +2. User Groups can be assigned Configuration Permissions. As with Roles, specific Configuration Permissions can be added to Groups, which will give all Group members these permissions. + +Superusers have all Configuration Permissions, so they do not have a Configuration Permission section on their User page. + + + +## Group Configuration Permissions + + +If users are part of a Group, they also have Group Configuration Permissions which control their level of access to a Group’s configuration. Group Permissions do not correspond to the Group’s Product or Product Type membership. + + + +If users create a new Group, they will be given the Owner role of the new Group by default. + + + +For more information on Configuration Permissions, see our **[Configuration Permissions Chart](https://support.defectdojo.com/en/articles/8955600-user-permission-charts)**. + + + + diff --git a/docs/content/en/user_management/Configure Single-Sign On Login.md b/docs/content/en/user_management/Configure Single-Sign On Login.md new file mode 100644 index 0000000000..35fe1bec91 --- /dev/null +++ b/docs/content/en/user_management/Configure Single-Sign On Login.md @@ -0,0 +1,119 @@ +--- +title: "Configure Single-Sign On Login" +description: "Sign in to DefectDojo using OAuth or SAML login options" +pro-feature: true +--- + +Users can connect to DefectDojo with a Username and Password, but if you prefer, you can allow users to authenticate using a Single Sign\-On or SSO method. You can set up DefectDojo to work with your own SAML Identity Provider, but we also support many OAuth methods for authentication: + + +* Auth0 +* Azure AD +* GitHub Enterprise +* GitLab +* Google +* KeyCloak +* Okta + +All of these methods can only be configured by a Superuser in DefectDojo. +​ + + + +# Set Up SAML Login + + +If you would like to add DefectDojo to your SAML Identity Provider, here is the process to follow: + + +1. Start from **Plugin Manager \> Enterprise Settings** in DefectDojo. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962203362/711708ba18887c909eb7e315/9UD98h1gZT6IlhmTeHCFrypNcbJnRjqXLvrL4YOShDvR5DPTrr1sG8ohEkWS8d0NSPs2-Kz7jRM3CKvMfmO3CVx6V8OpiT98V75L8IyEA5iq4m1YIZmiBSsYshvuFZYcppzueBz3pA7A_5q_BuQSj2A?expires=1729720800&signature=d0240c843f37d66039cb98dd73ebee04e450002e9e31644517a207a0c54c7565&req=fSYlFMl9noddFb4f3HP0gNqGPNxDYkTTpt0uyAWrCi5EKyiDsGePVH3rfF2a%0AjNo%3D%0A) +2. Open the SAML tab from this page to configure your sign\-on settings. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962203371/122013c5bd92a17058bffcc9/WxdWys-zS52WnnWj8hN_MSd181XqoLt0ovx28_1TxiXGngclO0rZx3rHM1d6NBvbAuZLzT9YNjsrIPhlJx7UOOLkftWL2fcUzFwKzEzHxzhp30cqaECI-XTwiTekk7UNCofh7xyDyMJ4E7-MjqhEApM?expires=1729720800&signature=8783a41b09e02104c10c696be712ce843d80406da16acc9091b843057d41bb50&req=fSYlFMl9noZeFb4f3HP0gOOiXRyUrpec5LNNWeTj47Yz9rMjGNIySCYTH1xh%0AiKE%3D%0A) +3. Complete the SAML form. Start by setting an **Entity ID** \- this is either a label or a URL which your SAML Identity Provider can point to, and use to identify DefectDojo. This is a required field. +​ +4. If you wish, set **Login Button Text** in DefectDojo. This text will appear on the button or link users click to initiate the login process. +​ +5. You can also set a **Logout URL** to redirect your users to once they have logged out of DefectDojo. +​ +6. The **NameID Format** has four options \- Persistent, Transient, Entity and Encrypted. +​ +\- If you want your users to be consistently identified by SAML, use **Persistent.** +\- If you would prefer that users have a different SAML ID each time they access +DefectDojo, choose **Transient**. +\- If you’re ok with all of your users sharing a SAML NameID, you can select **Entity.** +\- If you would like to encrypt each user’s NameID, you can use **Encrypted** as your NameID format. +​ +7. **Required Attributes** are the attributes that DefectDojo requires from the SAML response. +​ +8. **Attribute Mapping** contains a formula for how you want these attributes to be matched to a user. For example, if your SAML response returns an email, you can associate it with a DefectDojo user with the formula **email\=email**. +​ +The left side of the ‘\=’ sign represents the attribute you want to map from the SAML response. The right side is a user’s field in DefectDojo, which you want this attribute to map to. +​ +This is a required field for this form. +​ +9. **Remote SAML Metadata** is the URL where your SAML Identity Provider is located. +​ +10. If you would prefer to upload your own SAML Metadata, you can upload an XML file to **Local SAML Metadata**. You will need at least one metadata source before you can successfully use SAML. +​ +11. Finally, check the **Enable SAML** checkbox at the bottom of this form to confirm that you want to use SAML to log in. Once this is enabled, you will see the **Login With SAML** button on the DefectDojo Login Page. + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962203378/5569f32d153fb51d9a725e54/OCJmjuI1gLuEbNaMjpore21_xlbVFZCfcChthYdnXjkDE1W_-HyfSTDbJfASHNZX0myFYWWL0eqV0oyQ-4gOBJrSCtwn47SXDli8dPopFNZb34k9i4T2GfPfkhPi1-1J-X9-Op0EVIRvx41BPx3w0Yw?expires=1729720800&signature=512df502470da5028b0e41bfb4e1b3671260b9292f5e49ec1bc72298259fb602&req=fSYlFMl9noZXFb4f3HP0gDNvSgyDTmnMnfcjRvKa660M%2BhNfabgrDzvgB6QV%0AiX4%3D%0A) + +## Additional SAML Options: + + +**Create Unknown User** allows you to decide whether or not to automatically create a new user in DefectDojo if they aren’t found in the SAML response. + + + +**Allow Unknown Attributes** allows you to authorize users who have attributes which are not found in the **Attribute Mapping** field. + + + +**Sign Assertions/Responses** will require any incoming SAML responses to be signed. + + + +**Sign Logout Requests** forces DefectDojo to sign any logout requests. + + + +**Force Authentication** determines whether you want to force your users to authenticate using your Identity Provider each time, regardless of existing sessions. + + + +**Enable SAML Debugging** will log more detailed SAML output for debugging purposes. + + + + + +# Set up OAuth Login (Google, Gitlab, Auth0…) + + +1. Start by navigating to the **Plugin Manager \> Enterprise Settings** page in DefectDojo. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962203384/0f0a7284a08e975fc6d274ad/9UD98h1gZT6IlhmTeHCFrypNcbJnRjqXLvrL4YOShDvR5DPTrr1sG8ohEkWS8d0NSPs2-Kz7jRM3CKvMfmO3CVx6V8OpiT98V75L8IyEA5iq4m1YIZmiBSsYshvuFZYcppzueBz3pA7A_5q_BuQSj2A?expires=1729720800&signature=ebc69ccc466b50855ef4e021678302c910e5122b1efe85a4f3177125c13d4818&req=fSYlFMl9nolbFb4f3HP0gDJIgX6Exhy5n7%2FXJaBEZZbyHTcVfeAqpDsS9WA7%0AgI8%3D%0A) +2. From here, navigate to the OAuth tab and select the service you want to configure from the list. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/962203390/feb13027b266b7f1a56c3c6a/lyWcUB9Jyf5ZQzDXvjrX830ShYi0AduEa7UJmtmZhabeNpjLhbHGNlcDtEXj6H44KFGJMmpE-ym55m-T5jvPDHoWabIMjo5hoRgOsr2fJk5EpCMyzmZ2fSE-JWMgIfDz8g6fTB2vuFQf703pcQILAgY?expires=1729720800&signature=bc4fb3d86492eaba3420063f792926ab3aaa884a36a988ad1cdd6ae6aae3d74e&req=fSYlFMl9nohfFb4f3HP0gM6xKW5NsJPRtLYFcZOwplcZ%2Bfx5dKJvKR%2BMjmNV%0AoOE%3D%0A) +3. Complete the relevant OAuth form. +​ +4. Finally, check the **Enable \_\_ OAuth** button from below, and click **Submit**. +​ + +Users should now be able to sign in using the OAuth service you selected. A button will be added to the DefectDojo Login page to enable them to sign on using this method. + + diff --git a/docs/content/en/user_management/Create a User Group for shared permissions.md b/docs/content/en/user_management/Create a User Group for shared permissions.md new file mode 100644 index 0000000000..45d2a0c73c --- /dev/null +++ b/docs/content/en/user_management/Create a User Group for shared permissions.md @@ -0,0 +1,165 @@ +--- +title: "Create a User Group for shared permissions" +description: "Share and maintain permissions for many users" +--- + +If you have a significant number of DefectDojo users, you may want to create one or more **Groups**, in order to set the same Role\-Based Access Control (RBAC) rules for many users simultaneously. Only Superusers can create User Groups. + + + +Groups can work in multiple ways: + + +* Set one, or many different Product or Product Type level Roles for all Group Members, allowing specific control over which Products or Product Types can be accessed and edited by the Group. +* Set a Global Role for all Group Members, giving them visibility and access to all Product or Product Types. +* Set Configuration Permissions for a Group, allowing them to change specific functionality around DefectDojo. + +For more information on Roles, please refer to our **Introduction To Roles** article. + + + +# The All Groups page + + +From the sidebar, navigate to 👤**Users \> Groups** to see a list of all active and inactive user groups. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079761/712571bc01294b06a69f4a75/MyDzT_XoLuguPYYu-jYuxHDf7urnjOypLok54WxCA88r1caHioJ_AjU6g0cp-XeoHXWVOSQdq2TlSc1J5H78RlccvDMyFv0paQAtHvabw6c5cnl3R8Y1sj3if2Ni0Q4a1DhCckGQEJ0uhCZSa-x-rYQ?expires=1729720800&signature=266260581e0d4dea599e0f18ee5a36005c4ea8acc2dcd882f80001d2752c5e70&req=fSImFs53modeFb4f3HP0gKKxkEmyAyXmnaNXsirSbxKVavgPKGJu2ESwFp86%0ApfI%3D%0A) +From here, you can create, delete or view your individual Group pages. + + + +## Creating a new User Group + + +1. Navigate to the 👤**Users \> Groups** page on the sidebar. You will see a list of all existing User Groups, including their Name, Description, Number of Users, Global Role (if applicable) and Email. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079764/e30476ab659d14a4f8757289/2dNPkv1wOi5PKzWKBbWVvPTtaKfJVqDGYfpaF74xInRWSZqXC_b-TIElh4WAfrkAdpne7Iui1DbJh0_zEw4-FCAYyD9KSbKynTS82C_pCU1ygmAfWCn5OzJIuWNPjrq2tDHi6vmXrICShlKpLK5dXac?expires=1729720800&signature=e0878a84fe1fee82d3ba86986d0773bedb5ce7452830733df051888410677502&req=fSImFs53modbFb4f3HP0gGswuHXW7%2FYi8FztZDlHEplrynEg2twBM0Ox%2BfWb%0A5u4%3D%0A) +2. Click the **🛠️button** next to the All Groups heading, and select **\+ New Group.** +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079767/0ccb7d312491d6a541473120/rVrL3MqVwr5qbaaoRSXLbbkjCqUk8CaIoOrjsWz8D4jKQICS2FfubQrGG-bI9lVgck4I3d507JqxEyOTA5dLpBTwT1QLmZieJp4TLy4L4DrEuTJ_7BuCDEW7nSG5I0pfNnY1NHl4ApaX5Ln5VgMzfuk?expires=1729720800&signature=9875e736e82c53498d7c86ad3ab57906af97f64534b3f5db88529e6719ba35ff&req=fSImFs53modYFb4f3HP0gCD3rTq2mqi%2FFPfIxL%2Bxb1q9ZM%2BZers2Kue24YVe%0AMxg%3D%0A) + +​ +3. This will take you to a page where you can create a new Group. Set the Name for this Group, and add a Description if you wish. + +If you want a weekly report sent to a particular Email address, you can enter that as well. + +You can also select a Global Role that you wish to apply to this Group, if you wish. Adding a Global Role to the Group will give all Group Members access to all DefectDojo data, along with a limited amount of edit access depending on the Global Role you choose. See our **Introduction To Roles** article for more information. + +The account that initially creates a Group will have an Owner Role for the Group by Default. + + + +## Viewing a Group Page + + + +Once you have created a Group, you can access it by selecting it in the menu listed under **Users \> Groups.** + + +The Group Page can be customized with a **Description**.It features a list of all **Group Members,** as well as the assigned **Products, Product Types**, and the associated **Role** associated with each of these**.** + + +You can also see the Group’s **Configuration Permissions** listed here. + + + + +# Managing a Group’s Users + + +Group Membership is managed from the individual Group page, which you can select from the list in the **Users \> Groups** page. Click the highlighted Group Name to access the Group page that you wish to edit. + + +In order to view or edit a Group’s Membership, a User must have the appropriate Configuration permissions enabled as well as Membership in the Group (or Superuser status). + + + +## **Add a User to a Group** + + +User Groups can have as many Users assigned as you wish. All Users in a Group will be given the associated Role on each Product or Product Type listed, but Users may also have Individual Roles which supersede the Group role. + + +1. From the Group page, select **\+ Add Users** from the **☰** button at the edge of the **Members** heading. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079770/9a9f19af98b041623f19a56c/oXOX7TJ8-K_WeDroI1ZVOj4tbuf0TMHq9wxpq3u26vx44ENod9yi34HSs4nUVEiBaUgJsCapAAXdvlqZrjvQX7P-kxnVJv6Epsny_XWtghfKGIlM3OQlnArBJaizVWVtr7RIin4T4u-YX2jPGtwm-q0?expires=1729720800&signature=70d578a3df150519a97f85be9ef2aac116c9ea8df0f0c0c9aab6792b4c9e2366&req=fSImFs53moZfFb4f3HP0gAFcZJqqJABM2WUm3gv7ScUito2Kkdq7ZBRtDsWu%0ADBY%3D%0A) + +​ +2. This will take you to the **Add Some Group Members** screen. Open the Users drop\-down menu, and then check off each user that you wish to add to the Group. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079773/777298e97a2172e654f1f77a/6a4nKNf2cr8VCeolc582OrMYTnVzWf9pOv6dTMN3t6-ZPjAJNBlPZ16E4Vq7hZlxsxoEo_MKtamMXpcYNtQynpOgMEMS9ahkMKkyHmaxQMoYiYyD4mUddoHumcgGo3b-VOFY1qy1WdMaZMuzOWS9GM0?expires=1729720800&signature=0851422a51c995da3cfd6c18b217df94ef6bb255a0d0e00d695c8806cd994a10&req=fSImFs53moZcFb4f3HP0gFTmp5bLFIVr9fnQY2PdDO3EX7f3pa1Xa2m3AmEE%0AyNI%3D%0A) + +​ +3. .Select the Group Role that you wish to assign these Users. This determines their ability to configure the Group. + + +Note that adding a member to a Group will not allow them access to their own Group page by default. This is a separate Configuration permission which must be enabled first. + + + +## **Edit or Delete a Member from a User Group** + + +1. From the Group page, select the ⋮ next to the Name of the User you wish to Edit or Delete from the Group. + +**📝 Edit** will take you to the Edit Member screen, where you can change this user's Role (from Reader, Maintainer or Owner to a different choice). + +**🗑️ Delete** removes a User's Membership altogether. It will not remove any contributions or changes the User has made to the Product or Product Type. + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079778/193ac17a68c21ef5229951f3/Ug7EpgZStTlGoOAWO6WEknzosB6acOsSgF04BsZvcXRc7JJizHPC2UyVtf6ypy8BPU_1DQfiGbFoqF3pnzgGl-AKJH4P2XNGoRqcd0Ly_sfDRgu52Oxt6hMsINrs0P1cPg7b5BDfoUcoxUGy6EW7E8U?expires=1729720800&signature=bc910b6a0fcadb8b8f2ebf49f8cec043d119a2a0700055815e2cd4b8d323b880&req=fSImFs53moZXFb4f3HP0gArlRtyu1xTrpSR6BsYwG8rs5B%2FrH2fgSSCmZdUw%0AGX0%3D%0A)## + + +# Managing a Group’s Permissions + + +Group Permissions are managed from the individual Group page, which you can select from the list in the **Users \> Groups** page. Click the highlighted Group Name to access the Group page that you wish to edit. + + +Note that only Superusers can edit a Group’s permissions (Product / Product Type, or Configuration). +​ + + +## **Add Product Roles or Product Type Roles for a Group** + + +You can register as many Product Roles or Product Type Roles as you wish in each Group. + + +1. From the Group page, select **\+ Add Product Types**, or \+ **Add Product** from the relevant heading (Product Type Groups or Product Groups). +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079782/1351085e5eb5763357887942/9n3qx3_Sbq6cYiLPkmeQCg02PN2vtL9E0a9YdHMpd1Q-sOjPa5V8t1xbfYLuzGCIASxWjT0eeMNCkBrRJTjhmrMagtTokYMnTyaoPVj_xNYxDX5OETGG4YyCijX_fI8MbXVENbRyPpu9VIK4PaO1Sv0?expires=1729720800&signature=813980ed7ae28c03ca9e2e5a32278696b255cd55741a4aa05d9aae4ea36aa337&req=fSImFs53moldFb4f3HP0gGJyBYZ775rIcOsteH0gSFLF3MozOewQY7w3TZde%0AsKw%3D%0A) +2. This will take you to a **Register New Products / Product Types** Page, where you can select a Product or Product Type to add from the drop\-down menu. + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079788/5ea383bf7e5731dfd17da056/WmQMy4lQB6sjZiK3cgtwd9mp2Oq9sddpAen_x29eS4PVe6SmMrNfu89Yhyb5I4NaYRpuEodCDS9G2yZ_5A5zRsj0xDzDx7-rsXTDebrJex07_Fx-6I0Nm8aXegeT9VEbseWsfM_Ze_Ph_fW_ugZB88M?expires=1729720800&signature=1af25adf0b17ac8381925baaa1bd605ef3be819c092e1110337637177bb4a978&req=fSImFs53molXFb4f3HP0gDHgkPXPNZKRkVqADhXUQTWPO0VU0XYsQtm3DUxZ%0AUUk%3D%0A) +3. Select the Role that you want all Group members to have regarding this particular Product or Product Type. + + +Groups cannot be assigned to Products or Product Types without a Role. If you're not sure which Role you want a Group to have, Reader is a good 'default' option. This will keep your Product state secure until you make your final decision about the Group Role. + + + +## **Assign Configuration Permissions to a Group** + + +If you want the Members in your Group to access Configuration functions, and control certain aspects of DefectDojo, you can assign these responsibilities from the Group page. + + + +Assign View, Add, Edit or Delete roles from the menu in the bottom\-right hand corner. Checking off a Configuration Permission will immediately give the Group access to this particular function. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921079793/a85168d32a80424848c5a6f3/2LqjWP6T3Qj0QLSbmz9lIGWHJgZkf0rSDTMMIzrQkL2P4KdJafWK3t9MZLNd65dU13W6xGOlWUwWgykBzOHedNpHRuBjgTYCvF_gbE8R7VKNfJ_dqLnk0HoNKJl5_qQ92kB-iRzIbfbCYpdSi8tbwH0?expires=1729720800&signature=30ecc0453d9d3ee1067ed11e2e9cda0f664080737fbea1d5fdc6646336a17c78&req=fSImFs53mohcFb4f3HP0gO8Rmd0izzZL7KQaS2qP%2FVU3oxhlqj5pKisfrFNQ%0AEtU%3D%0A) \ No newline at end of file diff --git a/docs/content/en/user_management/Set a User's Permissions.md b/docs/content/en/user_management/Set a User's Permissions.md new file mode 100644 index 0000000000..bfc17d01ce --- /dev/null +++ b/docs/content/en/user_management/Set a User's Permissions.md @@ -0,0 +1,204 @@ +--- +title: "Set a User's Permissions" +description: "How to grant Roles & Permissions to a user, as well as superuser status" +--- + +# Introduction to Permission Types + + +Individual users have four different kinds of permission that they can be assigned: + + +* Users can be assigned as **Members to Products or Product Types**. This allows them to view and interact with Data Types (Product Types, Products, Engagements, Tests and Findings) in DefectDojo depending on the role they are assigned on the specific Product. Users can have multiple Product or Product Type memberships, with different levels of access. +​ +* Users can also have **Configuration Permissions** assigned, which allow them to access configuration pages in DefectDojo. Configuration Permissions are not related to Products or Product Types. +​ +* Users can be assigned **Global Roles**, which give them a standardized level of access to all Products and Product Types. +​ +* Users can be set up as **Superusers**: administrator level roles which give them control and access to all DefectDojo data and configuration. + +You can also create Groups if you want to assign Product Membership, Configuration Permissions or Global Roles to a group of users at the same time. If you have a large number of users in DefectDojo, such as a dedicated testing team for a particular Product, Groups may be a more helpful feature. + + + +# Superusers \& Global Roles + + +Part of your Role\-Based Access Control (RBAC) configuration may require you to create additional Superusers, or users with Global Roles. + + +* Superusers (Admins) have no limitations in the system. They can change all settings, manage users and have read / write access to all data. They can also change access rules for all users in DefectDojo. Superusers will also receive notifications for all system issues and alerts. +* Users with Global Roles can view and interact with any Data Type (Product Types, Products, Engagements, Tests and Findings) in DefectDojo depending on their assigned Role. For more information about each Role and associated privileges, please refer to our Introduction to Roles article. +* Users can also have specific Configuration Permissions assigned, allowing them to access certain DefectDojo configuration pages. Users have no Configuration Permissions by default. + +By default, the first account created on a new DefectDojo instance will have Superuser permissions. That user will be able to edit permissions for all subsequent DefectDojo users. Only an existing Superuser can add another superuser, or add a Global Role to a user. + + + +## Add Superuser or Global Role status to an existing user + + +1. Navigate to the 👤 Users \> Users page on the sidebar. You will see a list of all registered accounts on DefectDojo, along with each account's Active status, Global Roles, and other relevant User data. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921088885/49c62c711a3c48cda2d0f46a/4tacIUafivFb_ju8ii4dvCF4qnCGT1ZUPLAFP2uHdkcO0nntMgLk4V2m6BO3Hd_aRjK_Ivx7HKEa_x3lFVTZJ2Sr-llUBnG4OIsJLppyFl7zzVEOFDlV69pPtNy4Qz8fslEt_ofwCWw9xeXipYcHxFQ?expires=1729720800&signature=e68d2f5001311dc6ed0709309f255315c8a98c54f7a907d6794db9069af0baae&req=fSImFsF2lYlaFb4f3HP0gBqwDj2FOqeiaXGhVvQWwTRLmeyM7l6AyrQ%2FJiOn%0AYUc%3D%0A) +​ +2. Click the name of the account that you wish to give Superuser privileges to. This will bring you to their User Page. +​ +3. From the Default Information section of their User Page, open the ☰ menu and select Edit. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921088889/3e17242c961974a7123f628a/Q8IgH7ucjqbqGd2-b94pc-zQgSVHqW2Olj7m-jENbpaOZNZrOj9WkYiptya-zeMa3u-GXtunys7BBipAIxoSHtQoVhTTAelcNIvWiYC71lZsWxThEwUFecZF3TVyy4PmluxMkSBjPiHDvT-zjvYjHsw?expires=1729720800&signature=93c6b6dc04a176f903de40fecdf2b4042ee177d8f5eb20574eef3d7432b33892&req=fSImFsF2lYlWFb4f3HP0gNz3X5m3J2OGLTvs0YS0wl7%2BnHULfElrbz%2FcFDbF%0An3E%3D%0A) + +​ +4. From the Edit User page: +​ +For Superuser Status, check off the ☑️Superuser Status box, located in the user's Default Information. +​ +To assign a Global Role, select one from the dropdown Global Role menu at the bottom of the page. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921088893/dc5a8396e99a2d90e09bf5e9/Q8IgH7ucjqbqGd2-b94pc-zQgSVHqW2Olj7m-jENbpaOZNZrOj9WkYiptya-zeMa3u-GXtunys7BBipAIxoSHtQoVhTTAelcNIvWiYC71lZsWxThEwUFecZF3TVyy4PmluxMkSBjPiHDvT-zjvYjHsw?expires=1729720800&signature=22d9f11705570d018ab011b4b0cf3861e9d60e81a403f05b6c3385cddedc3df4&req=fSImFsF2lYhcFb4f3HP0gEHWxU%2Fw7IhY1p%2B8xccylok4xhfqgvF8k4tVqRb6%0AuKw%3D%0A) +​ +5. Click Submit to accept these changes. + ​ + +# Product \& Product Type Membership + + +By default, any new account created on DefectDojo will not have permission to view any Product Level Data. They will need to be assigned membership to each Product they want to view and interact with. + + +* Product \& Product Type membership can only be configured by **Superusers, Maintainers or Owners**. +* **Maintainers \& Owners** can only configure membership on Products / Product Types that they are already assigned to. +* **Global Maintainers \& Owners** can configure membership on any Product or Product Type, as can **Superusers**. + +Users can have two kinds of membership simultaneously at the **Product** level: + + +* The Role conferred by their underlying Product Type membership, if applicable +* Their Product\-specific Role, if one exists. + +If a user has already been added as a Product Type member, and does not require an additional level of permissions on a specific Product, there is no need to add them as a Product Member. + + + +## Adding a new Member to a Product or Product Type + + +1. Navigate to the Product or Product Type which you want to assign a user to. You can select the Product from the list under **Products \> All Products**. + + + +![](https://downloads.intercomcdn.com/i/o/921087191/89e6c1560a6f12458bfd60ab/Untitled+drawing+%281%29.png?expires=1729720800&signature=96ecb577cdc13498af657fd587b0fa8092b851d1a4420bdb5bb92f0e1dfdba75&req=fSImFsF5nIheFb4f3HP0gH8G8wzNAN%2F5uhd6ytu1ZIqaHRpLkQ5g7uSKvc6n%0ARW4%3D%0A) +2. Locate the **Members** heading, click the **☰** menu, and select **\+ Add Users**. +3. This will take you to a page where you can **Register new Members**. Select a User from the dropdown Users menu. +4. Select the Role that you want that User to have on this Product or Product Type: **API Importer, Reader, Writer, Maintainer** or **Owner.** +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921088898/911644c75e529f4f36408a33/3KQGHqXCpiCIntLoKJCTnJTIPDumnQ288VSGAirzzQLv0P4w4tGKzeBoupA9Y8g-e_9emazzpJ59sywnkkVpJk5DhmWHwhkQjvu76JhIw_gyvCIZBPKogIb_bI3wr-eZDApCEfvpL6UuPcO3q3sSBcQ?expires=1729720800&signature=3b6df84cb44e7e1d8b070d2e015bd374dc3bae4f56f5a56af3d283cd79ea480c&req=fSImFsF2lYhXFb4f3HP0gC3Dcl8NRYb791Gt2hJngopsfDqm3RlIMSPLOXJH%0AASg%3D%0A) + + +Users cannot be assigned as Members on a Product or Product Type without also having a Role. If you're not sure which Role you want a new user to have, **Reader** is a good 'default' option. This will keep your Product state secure until you make your final decision about their Role. + + + +## Edit Or Delete a Member from a Product or Product Type + + +Members can have their Role changed within a Product or Product Type. + + +Within the **Product** or **Product Type** page, navigate to the **Members** heading and click the **⋮** button next to the User who you want to Edit or Delete. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921088901/4d9da1df5f52f9457422f991/vz995X6_fV0KC8i0mGZm6A3YYlTXBiJquoqXf4jUZ-ric3WqFj5IC9QmWsB5vAw6CLqPz8oxuMX9KFV2wlDi0W2UvOitNl-ID4hYEA5GUWN8pslt7n0gpdrmk9-Lg7cqlTjAN15y9Vc0tfpReatFiAc?expires=1729720800&signature=5a205bf6a5b9f12ff144cde08633a1e510494d71180932b03d7d8daed770e3d8&req=fSImFsF2lIFeFb4f3HP0gLeO3ql9vXX0terru04tP2SCmsisptfRp%2BPTjgid%0Ae%2BA%3D%0A) +📝 **Edit** will take you to the **Edit Member** screen, where you can change this user's **Role** (from **API Importer, Reader, Writer, Maintainer** or **Owner** to a different choice). + + +🗑️ **Delete** removes a User's Membership altogether. It will not remove any contributions or changes the User has made to the Product or Product Type. + + +* If you can't Edit or Delete a user's Membership (the **⋮** is not visible) it's because they have this Membership conferred at a **Product Type** level. +* A user can have two levels of membership within a Product \- one assigned at the **Product Type** level and another assigned at the **Product** level. + + +## Adding an additional Product role to a user with a related Product Type role + + +If a User has a Product Type\-level Role, they will also be assigned Membership with this Role to every underlying Product within the category. However, if you want this User to have a special Role on a specific Product within that Product Type, you can give them an additional Role on the Product level. + + +1. From the Product page, navigate to the **Members** heading, click the **☰** menu, and select **\+ Add Users** (as if you were adding a new User to the Product). +2. Select the User's name from the drop\-down menu, and select the Product Role you want that User to be assigned. + + +A Product Role will supersede a user’s standard Product Type Role or Global Role. For example, if a User has a Product Type Role of **Reader**, but is also assigned as an **Owner** on a Product nested under that Product Type, they will have additional **Owner** permissions added for that Product only. + + + +However, this does not work in reverse. If a User has a Product Type Role or Global Role of **Owner**, assigning them a **Reader** role on a particular Product will not take away their **Owner** permissions. **Roles cannot take away permissions granted to a User by other Roles, they can only add additional permissions.** + + + +# Configuration Permissions + + +Many configuration dialogues and API endpoints can be enabled for users or groups of users, regardless of their superuser status. These Configuration Permissions allow regular users to access and contribute to parts of DefectDojo outside of their standard Product or Product Role assignment. + + + +Configuration Permissions are not related to a specific Product or Product Type \- users can have configuration permissions assigned without the need for other statuses or Product / Product Type Membership. +​ + + +## List of Configuration Permissions + + +* **Credential Manager:** Access to the ⚙️Configuration \> Credential Manager page +* **Development Environments:** Manage the Engagements \> Environments list +* **Finding Templates:** Access to the Findings \> Finding Templates page +* **Groups**: Access the 👤Users \> Groups page +* **Jira Instances:** Access the ⚙️Configuration \> JIRA page +* **Language Types**:Access the [Language Types](https://documentation.defectdojo.com/integrations/languages/) API endpoint +* **Login Banner**: Edit the ⚙️Configuration \> Login Banner page +* **Announcements**: Access ⚙️Configuration \> Announcements +* **Note Types:** Access the ⚙️Configuration \> Note Types page +* **Product Types:** n/a +* **Questionnaires**: Access the Questionnaires \> All Questionnaires page +* **Questions**: Access the Questionnaires \> Questions page +* **Regulations**: Access the ⚙️Configuration \> Regulations page +* **SLA Configuration:** Access the ⚙️Configuration \> SLA Configuration page +* **Test Types:** Add or edit a Test Type (under Engagements \> Test Types) +* **Tool Configuration:** Access the **⚙️Configuration \> Tool Types** page +* **Tool Types:** Access the ⚙️Configuration \> Tool Types page +* **Users:** Access the 👤Users \> Users page + + +## Add Configuration Permissions to a User + + +**Only Superusers can add Configuration Permissions to a User**. + + +1. Navigate to the 👤 Users \> Users page on the sidebar. You will see a list of all registered accounts on DefectDojo, along with each account's Active status, Global Roles, and other relevant User data. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/921088906/449d16d74c2ddbf786af42c3/4tacIUafivFb_ju8ii4dvCF4qnCGT1ZUPLAFP2uHdkcO0nntMgLk4V2m6BO3Hd_aRjK_Ivx7HKEa_x3lFVTZJ2Sr-llUBnG4OIsJLppyFl7zzVEOFDlV69pPtNy4Qz8fslEt_ofwCWw9xeXipYcHxFQ?expires=1729720800&signature=f40bb9c5be475ca93773f4e967a62929ba8d6c1e74998ae4f3cf2b2ce60b9dfd&req=fSImFsF2lIFZFb4f3HP0gC9vVNNi8Mjqu8Pj33LrnUR7spDzj5S4DmrcT56Z%0A244%3D%0A) + +​ +2. Click the name of the account that you wish to edit. +​ +3. Navigate to the Configuration Permissions List. This is located on the right\-hand side of the User Page. +​ +4. Select the User Configuration Permissions you wish to add. +​ + +For a detailed breakdown of User Configuration Permissions, please refer to our [Permission Chart](https://support.defectdojo.com/en/articles/8758189-user-access-roles-permissions-list#h_7258f7b1bd). + diff --git a/docs/content/en/user_management/User Permission Charts.md b/docs/content/en/user_management/User Permission Charts.md new file mode 100644 index 0000000000..5f12118eb7 --- /dev/null +++ b/docs/content/en/user_management/User Permission Charts.md @@ -0,0 +1,103 @@ +--- +title: "User Permission Charts" +description: "All user permissions in detail" +--- + +# Role Permission Chart + + +This chart is intended to list all permissions related to a Product or Product Type, as well as which permissions are available to each role. + + + + +| **Section** | **Permission** | Reader | Writer | Maintainer | Owner | API Imp | +| --- | --- | --- | --- | --- | --- | --- | +| **Product / Product Type Access** | View assigned Product or Product Type ¹ | ☑️ | ☑️ | ☑️ | ☑️ | ☑️ | +| | View nested Products, Engagements, Tests, Findings, Endpoints | ☑️ | ☑️ | ☑️ | ☑️ | ☑️ | +| | Add new Products (within assigned Product Type) ² | | | ☑️ | ☑️ | | +| | Delete assigned Products or Product Types | | | | ☑️ | | +| **Product / Product Type Membership** | Add Users as Members (excluding Owner Role) | | | ☑️ | ☑️ | | +| | Edit member Roles (excluding Owner Role) | | | ☑️ | ☑️ | | +| | Edit member Roles (including Owner Role) | | | | ☑️ | | +| | Remove self from Product / Product Type membership | ☑️ | ☑️ | ☑️ | ☑️ | | +| | Add an Owner Role to another User | | | | ☑️ | | +| | Edit an associated Product/Product Type Membership within a Group³ | | | | ☑️ | | +| | Delete an associated Product/Product Type Membership within a Group³ | | | | | | +| **Engagements** (Within a Product) | Add, Edit Engagements | | ☑️ | ☑️ | ☑️ | ☑️ | +| | Add, Edit Risk Acceptances | | ☑️ | ☑️ | ☑️ | | +| | Delete Engagements | | | ☑️ | ☑️ | | +| **Tests** (Within a Product) | Add Tests | | ☑️ | ☑️ | ☑️ | | +| | Edit Tests | | ☑️ | ☑️ | ☑️ | ☑️ | +| | Delete Tests | | | ☑️ | ☑️ | | +| **Findings** (Within a Product) | Add Findings | | ☑️ | ☑️ | ☑️ | | +| | Edit Findings | | ☑️ | ☑️ | ☑️ | | +| | Import, Reimport Scan Results | | ☑️ | ☑️ | ☑️ | ☑️ | +| | Delete Findings | | | ☑️ | ☑️ | | +| | Add, Edit, Delete Finding Groups | | ☑️ | ☑️ | ☑️ | | +| **Other Data** (Within a Product) | Add, Edit Endpoints | | ☑️ | ☑️ | ☑️ | | +| | Delete Endpoints | | | ☑️ | ☑️ | | +| | Edit Benchmarks | | ☑️ | ☑️ | ☑️ | | +| | Delete Benchmarks | | | ☑️ | ☑️ | | +| | View Note History | ☑️ | ☑️ | ☑️ | ☑️ | | +| | Add, Edit, Delete Own Notes | ☑️ | ☑️ | ☑️ | ☑️ | ☑️ | +| | Edit Other Notes | | ☑️ | ☑️ | ☑️ | ☑️ | +| | Delete Other Notes | | | ☑️ | ☑️ | | + +1. A user who is assigned permissions at the Product level only cannot view the Product Type it is contained in. +2. When a new Product is added underneath a Product Type, all Product Type\-level Users will be added as Members of the new Product with their Product Type\-level Role. +3. The user who wishes to make changes to a Group must also have **Edit Group** **Configuration Permissions**, and a **Maintainer or Owner** **Group Configuration Role** in the Group they wish to edit. + + +# Configuration Permission Chart + + +Each Configuration Permission refers to a particular function in the software, and has an associated set of actions a user can perform related to this function. + + + +The majority of Configuration Permissions give users access to certain pages in the UI. + + + + +| **Configuration Permission** | **View ☑️** | **Add ☑️** | **Edit ☑️** | **Delete ☑️** | +| --- | --- | --- | --- | --- | +| Credential Manager | Access the **⚙️Configuration \> Credential Manager** page | Add new entries to the Credential Manager | Edit Credential Manager entries | Delete Credential Manager entries | +| Development Environments | n/a | Add new Development Environments to the 🗓️**Engagements \> Environments** list | Edit Development Environments in the 🗓️**Engagements \> Environments** list | Delete Development Environments from the **🗓️Engagements \> Environments** list | +| Finding Templates¹ | Access the **Findings \> Finding Templates** page | Add a Finding Template | Edit a Finding Template | Delete a Finding Template | +| Groups | Access the **👤Users \> Groups** page | Add a new User Group | Superuser only | Superuser only | +| Jira Instances | Access the **⚙️Configuration \> JIRA page** | Add a new JIRA Configuration | Edit an existing JIRA Configuration | Delete a JIRA Configuration | +| Language Types | | | | | +| Login Banner | n/a | n/a | Edit the login banner, located under **⚙️Configuration \> Login Banner** | n/a | +| Announcements | n/a | n/a | Configure Announcements, located under **⚙️Configuration \> Announcements** | n/a | +| Note Types | Access the ⚙️Configuration \> Note Types page | Add a Note Type | Edit a Note Type | Delete a Note Type | +| Product Types | n/a | Add a new Product Type (under Products \> Product Type) | n/a | n/a | +| Questionnaires | Access the **Questionnaires \> All Questionnaires** page | Add a new Questionnaire | Edit an existing Questionnaire | Delete a Questionnaire | +| Questions | Access the **Questionnaires \> Questions** page | Add a new Question | Edit an existing Question | n/a | +| Regulations | n/a | Add a Regulation to the **⚙️Configuration \> Regulations** page | Edit an existing Regulation | Delete a Regulation | +| SLA Configuration | Access the **⚙️Configuration \> SLA Configuration** page | Add a new SLA Configuration | Edit an existing SLA Configuration | Delete an SLA Configuration | +| Test Types | n/a | Add a new Test Type (under **Engagements \> Test Types**) | Edit an existing Test Type | n/a | +| Tool Configuration | Access the **⚙️Configuration \> Tool Configuration** page | Add a new Tool Configuration | Edit an existing Tool Configuration | Delete a Tool Configuration | +| Tool Types | Access the **⚙️Configuration \> Tool Types** page | Add a new Tool Type | Edit an existing Tool Type | Delete a Tool Type | +| Users | Access the **👤Users \> Users** page | Add a new User to DefectDojo | Edit an existing User | Delete a User | + +1. Access to the Finding Templates page also requires the **Writer, Maintainer** or **Owner** Global Role for this user. + + + +# Group Configuration Permissions + + + + +| Configuration Permission | **Reader** | **Maintainer** | **Owner** | +| --- | --- | --- | --- | +| View Group | ☑️ | ☑️ | ☑️ | +| Remove self from Group | ☑️ | ☑️ | ☑️ | +| Edit a Member’s role in a Group | | ☑️ | ☑️ | +| Edit or Delete a Product or Product Type Membership from a Group¹ | | ☑️ | ☑️ | +| Change a Group Member’s role to Owner | | | ☑️ | +| Delete Group | | | ☑️ | + +1. This also requires the User to have at least a Maintainer Role on the Product or Product Type which they wish to edit. diff --git a/docs/content/en/user_management/_index.md b/docs/content/en/user_management/_index.md new file mode 100644 index 0000000000..4f30f9e478 --- /dev/null +++ b/docs/content/en/user_management/_index.md @@ -0,0 +1,18 @@ +--- +title: "Set User Permissions" +description: "Set User Permissions" +summary: "" +date: 2023-09-07T16:06:50+02:00 +lastmod: 2023-09-07T16:06:50+02:00 +draft: false +weight: 2 +chapter: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + robots: "" # custom robot tags (optional) + +--- \ No newline at end of file diff --git a/docs/content/en/working_with_findings/Finding Status Definitions.md b/docs/content/en/working_with_findings/Finding Status Definitions.md new file mode 100644 index 0000000000..5a2ed6759d --- /dev/null +++ b/docs/content/en/working_with_findings/Finding Status Definitions.md @@ -0,0 +1,140 @@ +--- +title: "Finding Status Definitions" +description: "A quick reference to Finding status: Open, Verified, Accepted.." +--- + +Each Finding created in DefectDojo has a Status which communicates relevant information. Statuses help your team keep track of their progress in resolving issues. + + + +Each Finding status has a context\-specific meaning which will need to be defined by your own team. These are our suggestions, but your team's usage may vary. + + + +## **Active** **Findings** + + +‘This Finding has been discovered by a scanning tool.’ + + + +By default, any new Finding created in DefectDojo will be labeled as **Active**. Active in this case means ‘this is a new Finding that DefectDojo has not recorded on a past import’. If a Finding has been Mitigated in the past, but appears in a scan again in the future, the status of that Finding will reopen to reflect that the vulnerability has returned. + + + +## **Verified Findings** + + +‘This Finding has been confirmed by our team to exist.’ + + + +Just because a tool records a problem does not necessarily mean the Finding requires engineering attention. Therefore, new Findings are also labeled as **Unverified** by default. + + + +If you’re able to confirm that the Finding does exist, you can mark it as **Verified**. + + + +If you don’t need to manually verify each Finding, you can automatically mark them as Verified during import, or disregard this Status. + + + +## **Open Findings** + + +‘There is work to be done on these Findings.’ + + + +Once a Finding is **Active**, it will be labeled as an **Open** Finding, regardless of whether or not it has been **Verified.** + + + +Open Findings can be seen from the **Findings \> Open Findings** view of DefectDojo. + + + +## **Closed Findings** + + +**‘**The Vulnerability recorded here is no longer active’. + + + +Once the work on a Finding is complete, you can manually Close it from the Close Findings option. Alternatively, if a scan is re\-imported into DefectDojo which does not contain a previously\-recorded Finding, the previously\-recorded Finding will automatically close. + + + +## **Under Review** + + +‘I have sent this Finding to one or more team members to look at.’ + + + +When a Finding is Under Review, it needs to be reviewed by a team member. You can put a Finding under review by Selecting **Request Peer Review** from the Finding’s drop\-down menu. + + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/985091935/822f376964d68879e7a4681b/QFGEwU-GN1KKusdUrgO79c-tO2xHoxGf_KJKGAly5-kbFqUgrZ4ucsbvdeoEU1KGqppGGIA-8A3gtLc76DOTwxb9QCdswOB9DDZQISGWbxdp97qnTnYjeXwQVRirdSWmFxhk3kDJxHhUs1w5z8vxaXA?expires=1729720800&signature=c8cee4ebaf9ec90f9865a4615ea2cafbb127a24c1e799570703b3fe5f0375a45&req=fSgiFsB%2FlIJaFb4f3HP0gJeA1SZaCA1dNNYzqvbz6cG3w4UWa9xdE2Lq7jiz%0Ap4k%3D%0A) + +## **Risk Accepted** + + +‘Our team has evaluated the risk associated with this Finding, and we’ve agreed that we can safely delay fixing it.’ + + + +Findings cannot always be remediated or addressed for various reasons. You can add a Risk Acceptance to a Finding with the Add Risk Acceptance option. Risk Acceptances allow you to upload files and enter notes to support a Risk Acceptance decision. + + + +Risk Acceptances have expiry dates, at which time you can reevaluate the impact of the Finding and decide what to do next. + + + + +## **Out Of Scope** + + +‘This Finding was discovered by our scanning tool, but detecting this kind of vulnerability was not the direct goal of our test.’ + + + +When you mark a Finding as Out Of Scope, you are indicating that it is not directly relevant to the Engagement or Test it is contained within. + + + +If you have a testing and remediation effort related to a specific aspect of your software, you can use this Status to indicate that this Finding is not part of your effort. + + + + +## **False Positive** + + +‘This Finding was discovered by our scanning tool, but after reviewing the Finding we have discovered that this reported vulnerability does not exist.’ + + + +Once you’ve reviewed a Finding, you might discover that the vulnerability reported does not actually exist. The False Positive status allows DefectDojo to keep track of this information, and future imports will also apply the False Positive status to this Finding. + + + +If a different scanning tool finds a similar Finding, it will not be recorded as a False Positive. DefectDojo can only compare Findings within the same tool to determine if a Finding has already been recorded. + + + + +## **Inactive** + + +‘This Finding was discovered previously but it was either mediated or does not require immediate attention.’ + + + +If a Finding is marked as Inactive, this means that the issue currently has no impact on the software environment and does not need to be addressed. This status does not necessarily mean that the issue has been resolved. + diff --git a/docs/content/en/working_with_findings/Introduction to Findings.md b/docs/content/en/working_with_findings/Introduction to Findings.md new file mode 100644 index 0000000000..2b7d38b0f6 --- /dev/null +++ b/docs/content/en/working_with_findings/Introduction to Findings.md @@ -0,0 +1,149 @@ +--- +title: "Introduction to Findings" +description: "The main workflow and vulnerability tracking system of DefectDojo" +--- + +Findings are the main way that DefectDojo standardizes and guides the reporting and remediation process of your security tools. Regardless of whether a vulnerability was reported in SonarQube, Acunetix, or your team’s custom tool, Findings give you the ability to manage each vulnerability in the same way. + + + + +# What are Findings? + + +Findings in DefectDojo are made up of the following components: + + +* The reported vulnerability data in question +* The ‘status’ of the Finding, used to track remediation, risk acceptance or other decisions made around the vulnerability +* Other metadata related to the Finding. For example, this could include the location of a Finding in your network, a tool’s suggestions for remediation, or links to an associated CWE or EPSS score. + + +In addition to storing the vulnerability data and providing a remediation framework, DefectDojo also enhances your Findings in the following ways: + + + +* Automatically adding related EPSS scores to a Finding to describe exploitability +* Automatically translating a security tool’s severity metric into a Severity score for each Finding, which confers an SLA onto the Finding according to your Product’s SLA Configuration. + + +Overall, DefectDojo Findings are designed to work with the Product Hierarchy to standardize your efforts, and apply a consistent method to each Product. + + + + +# A Finding Page + + +The Finding Page contains various components. Each will be populated by the Import process when the Finding is created. + + + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204626420/d4b31aeb933a01a91c8f9fcbab53/AD_4nXeCuL73nA2NQtVBVqVJPKGjtd-RbuuqPn2CpxasGuOplzjTfVjR_VaOyfWqxaOueQOzf9OXNnCCWZttl6OGDA5jVtYhG3gT0kqAKXQw7m0MADYtJ8WocQ5FWHDys6UhIc54DdQtlwhRJqLqM06ApretgQ8b?expires=1729720800&signature=5fdaf3b96d90627f967590cbbcd16a974954e553b5fca4a45d8cdf70040b15e8&req=dSInEs98m4VdWfMW1HO4zR0l5%2BsqlD4BklyhzEusXAB9j0VOFPYkQ%2B7zhpyj%0ARB4q%0A) +1. **The Title of the Finding:** Usually this is a descriptive shorthand which identifies the vulnerability or issue detected. This section is also where user\-created Tags are displayed if they exist. +​ +2. **Finding Overview:** This section contains five separate pages of relevant information for the Finding: Description, Mitigation, Impact, References and Notes. These fields can be populated automatically based on the incoming vulnerability data, or they can be edited by a DefectDojo user to provide additional context. +​ +​**\- Description** is a more detailed summary and explanation of the Finding in question. +​**\- Mitigation** is a suggested method for mitigating the Finding so that it is no longer present in your system. +​**\- Impact** describes the impact of the vulnerability on your security posture. This page might hold descriptive text, or it may include a [CVSS Vector String](https://qualysguard.qualys.com/qwebhelp/fo_portal/setup/cvss_vector_strings.htm), which is a shorthand way to communicate the vulnerability’s overall exploitability and with the consequences of an exploitation to your organization. Impact is closely related to a Finding’s Severity field. +​**\- References** will list any links or additional information relevant to this Finding if included. +​**\- Notes** is a page where you can record any other relevant information to this Finding. Notes are ‘DefectDojo\-only’ metadata, and they are not created at the time of import. Use this field to track your mitigation progress or to add more specific detail to the Finding. +​ +3. **Additional Details:** This section lists other details related to this Finding, if relevant: + + + * Request/Response Pairs associated with the vulnerability + * Steps To Reproduce the vulnerability + * Severity Justification where you can record a more detailed explanation of the severity or impact of the Finding. + ​ + ​ +4. **Metadata: This section contains filterable metadata related to the Finding:** + + + * **ID:** the ID value of the Finding in DefectDojo + * **Severity:** the Severity value of the Finding. Can be Info, Low, Medium, High or Critical. Finding Severities are directly related to the Finding’s calculated SLA, based on the Product the Finding is stored in. + * **Status:** the status of the Finding. Can be either Active or Inactive. In addition to these, Findings can also have a Status of Duplicate, Mitigated, False Positive, Out Of Scope, Risk Accepted or Under Defect Review. These Statuses explain the State of the Finding in more detail. + * **Type:** this field describes how the Finding was found, either via a Static (SAST) evaluation of the source code, or through a Dynamic (DAST) evaluation of the Product as it was running. This field is defined by the tool type. + * **Location:** this field describes the related File Path to your vulnerability, if relevant. + * **Line:** this field describes the line of code containing the vulnerability, if relevant. + * **Date Discovered:** this field shows either the date the Finding was imported to DefectDojo, or the date the Finding was discovered by the Tool. + * **Age:** this calculated field shows the number of days the Finding has been active. + * **Reporter:** this is the username of the DefectDojo account who created this Finding. + * **CWE:** this field is a link to the external CWE (Common Weakness Enumeration) definition which applies to this Finding. + * **Vulnerability ID:** if there is a particular ID value for this vulnerability within the tool itself, it will be tracked here. + * **EPSS Score / Percentile:** if the source data has a CWE value, DefectDojo will automatically pull an [EPSS Score](https://www.first.org/epss/) and Percentile (Exploit Prediction Scoring System). EPSS represents the likelihood that a software vulnerability can be exploited, based on real\-world exploit data. EPSS scores are updated on an ongoing basis, using the latest exploitation data from First. + * **Found By:** This will list the scanner used to find this vulnerability. + ​ + +# Example Finding Workflows + + +How you work with Findings in DefectDojo depends on your team’s responsibilities within your organization. Here are some examples of these processes, and how DefectDojo can help: + + + +## Discover and Report vulnerabilities + + +If you’re in charge of security reporting for many different contexts, software Products or teams, DefectDojo can report on those vulnerabilities uncovered. Using the Product Hierarchy, you can organize your Finding data into the appropriate context. For example: + + +* Each Product in DefectDojo can have a different SLA configuration, so that you can instantly flag Findings that are discovered in Production or other highly sensitive environments. +* You can create a report directly from a **Product Type, Product, Engagement or Test** to ‘zoom in and out’ of your security context. **Tests** contain results from a single tool, **Engagements** can combine multiple Tests, **Products** can contain multiple Engagements, **Product Types** can contain multiple Products. + +For more information on creating a Report, see our guides to **[Custom Reporting](https://support.defectdojo.com/en/collections/6542282-reports)**. + + + + +## Triage Vulnerabilities using Finding Status + + +If your team needs to validate the Findings discovered, you can do so by manually applying the **Verified** status to Findings as you review them. You can also apply other statuses, such as: + + +* **False Positive:** A tool detected the threat, but the threat is not active in the environment. +* **Out Of Scope:** Active, but irrelevant to the current testing effort. +* **Risk Accepted:** Active, but determined not to be a priority to address until the Risk Acceptance expires. +* **Under Review:** may or may not be Active \- your team is still investigating. +* **Mitigated:** This issue has been resolved since the Finding was created. + + +If a tool reports a previously triaged Finding on a subsequent import, DefectDojo will remember the Finding’s previous status and update accordingly. Findings with **False Positive**, **Out Of Scope, Risk Accepted and Under Review** statuses will remain as they are, but any Finding that has been **Mitigated** will be **reactivated** to let you know that the Finding has returned to the Test environment. + + + +## Ensure Team\-wide Consensus and Accountability with Risk Acceptances + + +Part of a security team’s responsibility is to collaborate with developers to prioritize and deprioritize security issue remediation. This is where Risk Acceptances come in. Adding a Risk Acceptance to a Finding allows you to: + + +* Store records and ‘artifact’ files on DefectDojo \- these could be emails from colleagues acknowledging the Risk Acceptance, meeting notes, or simply a written justification for accepting the risk from your own security team. +* Add an expiration date to the Risk Acceptance, so that the vulnerability can be re\-examined after a given period of time. + +Any Appsec team member understands that issue mitigation can’t be prioritized exclusively by developer teams, so Risk Acceptances help you log those sensitive decisions when they are made. + + + + +## Monitor current vulnerabilities using CWEs and EPSS scores + + +Sometimes, the exploitability and threat posed by a known vulnerability can change based on new data. To keep your work up to date, DefectDojo has partnered with First.org to maintain a database of the latest EPSS scores related to Findings. Any Findings in DefectDojo will be kept up to date automatically according to their EPSS, which is directly based on the CWE of the Finding. + + + +If a Finding’s EPSS score changes (i.e. the related Finding becomes more exploitable or less exploitable), the Severity of the Finding will adjust accordingly. + + + + +# Next Steps: + + +* Learn how to add or adjust data on your Findings through the **[Edit Findings](https://support.defectdojo.com/en/articles/9958762-editing-findings)** menu. +* Learn how to update Findings in bulk using the **[Bulk Edit](https://support.defectdojo.com/en/articles/9958816-bulk-editing-findings)** menu. +* Learn how to apply **[Risk Acceptances](https://support.defectdojo.com/en/articles/9958767-risk-acceptances)** to Findings which create a record of sensitive decisions made surrounding risk\-accepted vulnerabilities. diff --git a/docs/content/en/working_with_findings/Risk Acceptances.md b/docs/content/en/working_with_findings/Risk Acceptances.md new file mode 100644 index 0000000000..c7d461b9d3 --- /dev/null +++ b/docs/content/en/working_with_findings/Risk Acceptances.md @@ -0,0 +1,92 @@ +--- +title: "Risk Acceptances" +description: "Adding Simple and Full Risk Acceptances to your Findings" +--- + +‘Risk Accepted’ is a special status that can be applied to a Finding in two ways: + + +* **Risk Accepted** can be freely applied as a Status **if ‘Simple Risk Acceptance’** is enabled. +* You can also create **Full Risk Acceptances**, which are objects stored in DefectDojo to capture a risk acceptance decision made by your team. + + +A **Full Risk Acceptance** is a special object in DefectDojo, used when Active Findings are ‘backlogged’ by your team. Often, both security teams and developer teams will decide when a Risk Acceptance is appropriate. In DefectDojo, your team can create Risk Acceptances which capture the internal decision making process and can be used as a source of truth. + + + +## About Full Risk Acceptances + + + +Each Full Risk Acceptance can store details about the following: + + +* The Security team’s recommendation to a Product owner or other stakeholder +* Description of the decision made by stakeholders +* The DefectDojo user involved in the decision making process +* One or more Findings governed by the Risk Acceptance + +Findings can be added to a Risk Acceptance regardless of the Product, Test or Engagement they are in. + + + +Any Findings associated with a Full Risk Acceptance will be set to **Inactive**, **Risk Accepted**. + + + +Generally, any Risk Acceptances should follow your internal security policy and be re\-examined at an appropriate time. As a result, Risk Acceptances also have expiration dates. Once a Risk Acceptance expires, any Findings will be set to Active again. + + + +## Adding a new Full Risk Acceptance + + +Risk Acceptances can be added to a Finding in two ways: + + +* Using the **Bulk Edit** menu, when looking at a list of Findings +* Using the **Add Risk Acceptance** button on an individual Finding + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204636819/b9dd073262332f1944c0cfacfd2a/AD_4nXfy5v0NTmT2-wzbXdnxwNZtiYLk18QuyFJM0t6uhv_8RToYIsjB0d9jKIKeYoVF2jEIL_XSnYVgGsnMP2D5EdkyuJg0ilLdjR--1QhI_l81yP8yPmmlpO4UkUlANShbUsvOT6VqSFD5jNKPAqenonX7GnSM?expires=1729720800&signature=1115c41a7aa8dec8ac1854137467fcba167b85c3b479cdd97a625b19a75ab611&req=dSInEs99m4leUPMW1HO4zeaRgo0pTnme8fBYAl4WbyXDzvLafNSr2o%2BGMLsB%0AcNM2%0A)## + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204636820/11762eeeaf483c78d521d7446ca1/AD_4nXe9Mit2Y220ayEJR0rbzABrWY24WQ1LUfZJCZgBsM_0V24ZMJcWGr6U6REZYP2PMGmSuN0Dk60kT_2LSDkG9Jo2XC3t_uumxIOFlWJ7Qg4f7clfC1S_DZWvy811Gzrj4dTm1WJzR1Z7XIkVBgZn5jXrjTt1?expires=1729720800&signature=1cf2c1b627251a1063864290fc3e005c24c43ac5caddc7721ae5e2a5e9270fd7&req=dSInEs99m4ldWfMW1HO4zRkGaztiDiOJcg%2Bp%2FR3%2FI2bFU4DBwLfqHSfAvvJw%0ACeTp%0A) +To create a New Risk Acceptance, complete the Add to New Risk Acceptance form on a Finding you wish to Risk Accept. + + +# + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204636818/9419eeece88da46563d490017da3/AD_4nXcEwS6HnTQUszfs2jHj7pEXXZnDqskbX2sVw-pWhBfvuuzr5fowhUuz53rMWLbkLJCEg0jMSA-41MIgLXoksJEDHswtmkX5gExVwSmYme6KqR4Y4Pav-vWPz47vJ6fVvj1v7ZE4VqEEieLQNkuIVYVevMI?expires=1729720800&signature=3a873d6c6f98ce933165f4225de1333a537f3c67f38936f57a7328af1d7262a3&req=dSInEs99m4leUfMW1HO4zWGsfrz%2FC8qjBdsvsU%2BkGkqvMVSR%2FYsJZwwE%2FuT0%0AoDt6%0A)1. Create a **Name** for the Risk Acceptance. +2. Select the **Owner** of the Risk Acceptance \- this is generally meant to be the DefectDojo team member responsible for the decision to Risk Accept the Finding +3. Complete the **Optional Fields** with any relevant information. If you want to set an Expiration Date or a Warning for that Expiration Date, you can do so here as well. If you don’t specify a date, the Default Risk Acceptance / Default Risk Acceptance Expiration days will be used from the **System Settings** page. +4. Select whether you want to **Reactivate** or **Restart SLAs** on any associated Findings once the Risk Acceptance expires. + + +# Simple Risk Acceptances + + +If you don’t want to create a Full Risk Acceptance object and would prefer to simply **apply a status of ‘Risk Accepted’ to a Finding**, you can do so through the Bulk Edit menu. This method is called **Simple Risk Acceptance**. + + + +Before you can apply a Simple Risk Acceptance to a Finding, Simple Risk Acceptance will need to be enabled at the Product level. This setting can be found on the **Edit Product Form**. + + + +## Applying a Simple Risk Acceptance + + +With one or more Findings selected, open **Bulk Update Actions**. Navigate to **Simple Risk Acceptance Status** and select either **Accept Risk** or **Unaccept Risk**. Once you have submitted the Bulk Update, ‘Risk Accepted’ will be applied to any Findings selected without the need to create a Risk Acceptance object (with an expiration date or additional metadata). + + + + +# Locating Risk Accepted Findings + + +The sidebar in DefectDojo allows you to quickly find any Risk Accepted Findings by opening **Manage \> Risk Acceptances.** From here you can view the Risk Acceptance objects themselves, or view a list of Risk Accepted Findings. + + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204640131/447a5095df2fb468d8fbe43d4a1d/Screenshot+2024-10-04+at+2_23_38%E2%80%AFPM.png?expires=1729720800&signature=127f9a6b5dd30515098838117a5fbe61b2464fadfa93d6f630c9fd8c39b48ca9&req=dSInEs96nYBcWPMW1HO4zT2bUZxwU%2FbqrPBD4qx8knM3HZEXsp9ooOlsDdne%0A5t8q%0A) diff --git a/docs/content/en/working_with_findings/_index.md b/docs/content/en/working_with_findings/_index.md new file mode 100644 index 0000000000..f5ecca6649 --- /dev/null +++ b/docs/content/en/working_with_findings/_index.md @@ -0,0 +1,9 @@ +--- +title: "Working With Findings" +date: 2021-02-02T20:46:29+01:00 +draft: false +type: docs +weight: 8 +sidebar: + collapsed: true +--- diff --git a/docs/content/en/working_with_findings/finding_deduplication/About Deduplication.md b/docs/content/en/working_with_findings/finding_deduplication/About Deduplication.md new file mode 100644 index 0000000000..7da2e72b4b --- /dev/null +++ b/docs/content/en/working_with_findings/finding_deduplication/About Deduplication.md @@ -0,0 +1,73 @@ +--- +title: "About Deduplication" +description: "Deduplication fundamentals and key concepts" +--- + +DefectDojo is designed to ingest bulk reports from tools, creating one or more Findings based on the content of the report. When using DefectDojo, you’ll most likely be ingesting reports from the same tool on a regular basis, which means that duplicate Findings are highly likely. + + + +This is where Deduplication comes in, a Smart feature which you can set up to automatically manage duplicate Findings. + + + + +## How DefectDojo handles duplicates + + +1. First, you import **Test 1\.** Your report contains a vulnerability which is recorded as Finding A. +2. **Later, you import Test 2 which contains the same vulnerability. This will be recorded as Finding B, and Finding B will be marked as a duplicate of Finding A.** +3. Later still, you import **Test 3** which also contains that vulnerability. This will be recorded as Finding C, which will be marked as a duplicate of Finding A. + +By creating and marking Duplicates in this way, DefectDojo ensures that all the work for the ‘original’ vulnerability is centralized on the original Finding page, without creating separate contexts, or giving your team the impression that there are multiple separate vulnerabilities which need to be addressed. + + + +By default, these Tests would need to be nested under the same Product for Deduplication to be applied. If you wish, you can further limit the Deduplication scope to a single Engagement. + + + +Duplicate Findings are set as Inactive by default. This does not mean the Duplicate Finding itself is Inactive. Rather, this is so that your team only has a single active Finding to work on and remediate, with the implication being that once the original Finding is Mitigated, the Duplicates will also be Mitigated. + + + + +## Deduplication vs Reimport + + +Deduplication and Reimport are similar processes but they have a key difference: + + +* When you Reimport to a Test, the Reimport process looks at incoming Findings, **filters and** **discards any matches**. Those matches will never be created as Findings or Finding Duplicates. +* Deduplication is applied 'passively' on Findings that have already been created. It will identify duplicates in scope and **label them**, but it will not delete or discard the Finding unless 'Delete Deduplicate Findings' is enabled. +* The 'reimport' action of discarding a Finding always happens before deduplication; DefectDojo **cannot deduplicate Findings that are never created** as a result of Reimport's filtering. + + +## When are duplicates appropriate? + + +Duplicates are useful when you’re dealing with shared, but discrete Testing contexts. For example, if your Product is uploading Test results for two different repositories, which need to be compared, it’s useful to know which vulnerabilities are shared across those repositories. + + + +However, if DefectDojo is creating excess duplicates, this can also be a sign that you need to adjust your import processes. + + + +## What do my duplicates indicate? + + +* **The same vulnerability, but found in a different context:** this is the appropriate way to use Duplicate Findings. If you have many components which are affected by the same vulnerability, you would likely want to know which components are affected to understand the scope of the problem. +​ +* **The same vulnerability, found in the same context**: better options exist for this case. If the Duplicate Finding does not give you any new context on the vulnerability, or if you find yourself frequently ignoring or deleting your duplicate Findings, this is a sign that your process can be improved. For example, Reimport allows you to effectively manage incoming reports from a CI/CD pipeline. Rather than create a completely new Finding object for each duplicate, Reimport will make a note of the incoming duplicate without creating the Duplicate Finding at all. + + + +# Next Steps: + + +* **Enable and configure Deduplication** from the System Settings page. +* Brush up on DefectDojo’s **Product and Engagement data models** to make sure that your environment is optimized for deduplication. +* Learn how to manage excess duplicates with the **Delete Deduplicate Findings** option. + + diff --git a/docs/content/en/working_with_findings/finding_deduplication/Avoiding Duplicates: Reimport Recurring Tests.md b/docs/content/en/working_with_findings/finding_deduplication/Avoiding Duplicates: Reimport Recurring Tests.md new file mode 100644 index 0000000000..8b0ee61d3c --- /dev/null +++ b/docs/content/en/working_with_findings/finding_deduplication/Avoiding Duplicates: Reimport Recurring Tests.md @@ -0,0 +1,122 @@ +--- +title: "Avoiding Duplicates: Reimport Recurring Tests" +description: "" +--- + +If you have a CI/CD pipeline, a daily scan process or any kind of repeated incoming report, setting up a Reimport process in advance is key to avoiding excessive duplicates. Reimport collapses the context and Findings associated with a recurring test into a single Test page, where you can review import history and track vulnerability changes across scans. + + + +1. Create an Engagement to store the CI/CD results for the object you’re running CI/CD on. This could be a code repository where you have CI/CD actions set up to run. Generally, you want a separate Engagement set up for each pipeline so that you can quickly understand where the Finding results are coming from. +​ +2. Each CI/CD action will import data to DefectDojo in a separate step, so each of those should be mapped to a separate Test. For example, if each pipeline execution runs an NPM\-audit as well as a dependency scan, each scan result will need to flow into a Test (nested under the Engagement). +​ +3. You do not need to create a new Test each time the CI/CD action runs. Instead, you can **Reimport** data to the same test location. + + +​ + + +# Reimport in action + + + +DefectDojo will compare the incoming scan data with the existing scan data, and then apply changes to the Findings contained within your Test as follows: +​ + + + +## Create Findings + + +Any vulnerabilities which were not contained in the previous import will be added to the Test automatically as new Findings. +​ + + + +## Ignore existing Findings + + +If any incoming Findings match Findings that already exist, the incoming Findings will be discarded rather than recorded as Duplicates. These Findings have been recorded already \- no need to add a new Finding object. The Test page will show these Findings as **Left Untouched**. +​ + + + +## Close Findings + + +If there are any Findings that already exist in the Test but which are not present in the incoming report, you can choose to automatically set those Findings to Inactive and Mitigated (on the assumption that those vulnerabilities have been resolved since the previous import). The Test page will show these Findings as **Closed**. + + + +If you don’t want any Findings to be closed, you can disable this behavior on Reimport: + + +* Uncheck the **Close Old Findings** checkbox if using the UI +* Set **close\_old\_findings** to **False** if using the API +​ + +## Reopen Findings + + +* If there are any Closed Findings which appear again in a Reimport, they will automatically be Reopened. The assumption is that these vulnerabilities have occurred again, despite previous mitigation. The Test page will track these Findings as **Reactivated**. + + +If you’re using a triage\-less scanner, or you don’t otherwise want Closed Findings to reactivate, you can disable this behavior on Reimport: + + +* Set **do\_not\_reactivate** to **True** if using the API +* Check the **Do Not Reactivate** checkbox if using the UI + + + + + +# Working with Import History + + +Import History for a given test is listed under the **Test Overview** header on the **Test** page. + + + +This table shows each Import or Reimport as a single line with a **Timestamp**, along with **Branch Tag, Build ID, Commit Hash** and **Version** columns if those were specified. + + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1072559379/da50b8239d865c6f98fc63c1/AD_4nXejcQLbylSeEMEkwYFrpxjGC1qkw7DQWwEQDCGhE7XrZSOGd_kNkAQNxHReNuFG3HivbQW-r6_NhC799O-rm3O2v_tBeTLtuqKFOuCDPng1qvmhQNeFwZ-whwp6CzdaQVy3Vir6pR3Kln9CRxzX2u6dTZY?expires=1729720800&signature=d5205cc3ff455b2643173a38835faf8a06f5ec4cc7c57c646ec7e78fa62678e4&req=dSAgFMx7lIJYUPMW1HO4ze2b3g1yLkBVYYHceZ4nu9nWxFX94Pj8EZWhdT2l%0ATMnX%0A) +## Actions + + +This header indicates the actions taken by an Import/Reimport. + + + +* **\# created indicates the number of new Findings created at the time of Import/Reimport** +* **\# closed shows the number of Findings that were closed by a Reimport (due to not existing in the incoming report).** +* **\# left untouched shows the count of Open Findings which were unchanged by a Reimport (because they also existed in the incoming report).** +* **\#** **reactivated** shows any Closed Findings which were reopened by an incoming Reimport. + + + + + +# Why not simply use Import? + + +Although both methods are possible, Import should be reserved for **new occurrences** of Findings and Data, while Reimport should be applied for **further iterations** of the same data. + + + +If your CI/CD pipeline runs an Import and creates a new Test object each time, each Import will give you a collection of discrete Findings which you will then need to manage as separate objects. Using Reimport alleviates this problem and eliminates the amount of ‘cleanup’ you’ll need to do when a vulnerability is resolved. + + + +Using Reimport allows you to store each recurring report on the same page, and maintains a continuity of each time new data was added to the Test. + + + +However, if you’re using the same scanning tool in multiple locations or contexts, it may be more appropriate to create a separate Test for each location or context. This depends on your preferred method of organization. + + + diff --git a/docs/content/en/working_with_findings/finding_deduplication/Delete Deduplicate Findings.md b/docs/content/en/working_with_findings/finding_deduplication/Delete Deduplicate Findings.md new file mode 100644 index 0000000000..dd5e0df4fb --- /dev/null +++ b/docs/content/en/working_with_findings/finding_deduplication/Delete Deduplicate Findings.md @@ -0,0 +1,36 @@ +--- +title: "Delete Deduplicate Findings" +description: "Remove excess duplicate Findings from DefectDojo" +--- + +If you have an excessive amount of duplicate Findings which you want to delete, you can set **Delete Deduplicate Findings** as an option in the **System Settings**. + + + +**Delete Deduplicate Findings**, combined with the **Maximum Duplicates** field allows DefectDojo to limit the amount of Duplicate Findings stored. When this field is enabled, DefectDojo will only keep a certain number of Duplicate Findings. + + + + +## Which duplicates will be deleted? + + +The original Finding will never be deleted automatically from DefectDojo, but once the threshold for Maximum Duplicates is crossed, DefectDojo will automatically delete the oldest Duplicate Finding. + + + + +For example, let’s say that you had your Maximum Duplicates field set to ‘1’. + + + +1. First, you import **Test 1\.** Your report contains a vulnerability which is recorded as Finding A. +2. **Later, you import Test 2 contains the same vulnerability. This will be recorded as Finding B, and Finding B will be marked as a duplicate of Finding A.** +3. Later still, you import **Test 3** which also contains that vulnerability. This will be recorded as Finding C, which will be marked as a duplicate of Finding A. At this time, Finding B will be deleted from DefectDojo as the threshold for maximum duplicates has been crossed. + + +# Applying this setting + + +Applying **Delete Deduplicate Findings** will begin a deletion process immediately. This setting can be applied on the **System Settings** page. See Enabling Deduplication for more information. + diff --git a/docs/content/en/working_with_findings/finding_deduplication/Enabling Deduplication within an Engagement.md b/docs/content/en/working_with_findings/finding_deduplication/Enabling Deduplication within an Engagement.md new file mode 100644 index 0000000000..c1198f983a --- /dev/null +++ b/docs/content/en/working_with_findings/finding_deduplication/Enabling Deduplication within an Engagement.md @@ -0,0 +1,40 @@ +--- +title: "Enabling Deduplication within an Engagement" +description: "" +--- + +Rather than Deduplicating across an entire Product, you can set a deduplication scope to be within a single Engagement exclusively. + + + +# Navigating to the Edit Engagement page + + + +* To enable Deduplication within a New Engagement, start with the **\+ New Engagement** option from the sidebar, which you can find by opening the **📥Engagements** sub\-menu. +​ + + +![](https://downloads.intercomcdn.com/i/o/1196253571/bcc773bae11e0974316d9669/AD_4nXciYtqXNeAAzCO_WbTM5mS7X0gyNp13Wj0MAs1bHrlE0_rdLWxDQVJhhRbit89miW_HDlHt7uj9OMLEzETEiAnoXUWQ84H5RzIWjiybriFkMIRrBxB3Ay0Xg3TCZV8bqSoockHPKM_7udgjdYgPBelwcT0?expires=1729720800&signature=7d44908ba9093dc59a62061480bd26b60d9609824c1e458f5ef32de3cadfd860&req=dSEuEMt7noRYWPMW1HO4zXFaqgGz7VtHBjy63Irk3DfPNitCTrREpnVC492Y%0AHTye%0A) + +​ +* To enable Deduplication within an existing Engagement: from the **All Engagements** page, select the **Edit Engagement** option from the **⋮** menu. +​ + + +![](https://downloads.intercomcdn.com/i/o/1196254637/7e441a6b39b65379e5d0258f/AD_4nXdOAfa7o32j4v3mFahzL_gjSykP7gvEAHGStpR7yw9YIyXbECukfQ3_DYU0zwuzUDBHmY5Y5yVq5LD_qtjYciLNVCH0h19XFSpunFSOPrA8TsNAwJr25J6Ik41MAcYDOeKbCYF0PMHgCvv5CztO7i8SbbZ1?expires=1729720800&signature=8d0d98729d1f0b7193fd386b137f7117569b912ffffce90ea218f6729f325c6d&req=dSEuEMt7mYdcXvMW1HO4zdhz%2FS3XYYEKT4KNIN5P6B3a9gWbvcLFnD1A4A2v%0A7pBZ%0A) +* You can also open this menu from a specific **Engagement Page** by clicking the ⚙️Gear icon in the top\-right hand corner. +​ + + +![](https://downloads.intercomcdn.com/i/o/1196254509/1b93ba5ddb5fb8a1fc906ece/AD_4nXcF0S-MTcABjEW4VheppDRqp0LTeIEiVr5rAaoon87pMQzzF9cZeK6ZRal_djcKgTTiVAe9QFSW7uq0WlWNix9ZjWIbKqtzEWsOoGYOeA8l2uquOvvBKUZkY2CtrcswclqhuR0teoun06e1jMf3yTQifptb?expires=1729720800&signature=1008cb3fb40ba04d33f9b7c35a6a450fa5b36a67c3cf22209bae9b686d4842b3&req=dSEuEMt7mYRfUPMW1HO4zXjnnOfTxm0gaugjxFbGD8K2XwiFzVsTeS%2Fx3BkJ%0AyjRC%0A) + + +# Completing the Edit Engagement form + + +1. Start by opening the **Optional Fields \+** menu at the bottom of the **Edit Engagement** form. +2. Click the ☐ **Deduplication Within This Engagement** box. +3. Submit the form. + +![](https://downloads.intercomcdn.com/i/o/1196254909/e83b69fc7648fcaa7d4375d6/AD_4nXdIwMiOxcYE3nJqTQoIE1ViuNm7uUj8tXrI4GD2X27vNHWrBftniw5rNxPCDrd-8zL6085kSR8SfAGF7bDyzvEJAOVZDb8at2h4VX2rTbwyhJEJQOdk4yrMApzIR3S69XcIdR59wZogYo7I3m4e1KezMYVw?expires=1729720800&signature=94609d56cd8ba25a82a3bc62254eb2bb66f445a8dada8357637768a12a8090c3&req=dSEuEMt7mYhfUPMW1HO4zQ4wI0%2BWyDKzeg0IWM1rEWvzJlRMDNqiyK2yUCDl%0A63pX%0A) \ No newline at end of file diff --git a/docs/content/en/working_with_findings/finding_deduplication/Enabling Product-Level Deduplication.md b/docs/content/en/working_with_findings/finding_deduplication/Enabling Product-Level Deduplication.md new file mode 100644 index 0000000000..a247b6435d --- /dev/null +++ b/docs/content/en/working_with_findings/finding_deduplication/Enabling Product-Level Deduplication.md @@ -0,0 +1,39 @@ +--- +title: "Enabling Product-Level Deduplication" +description: "How to enable Deduplication at the Product level" +--- + +Deduplication can be implemented at either a Product level or at a more narrow Engagement level. This article describes the more common approach of deduplicating within a single Product. + + +1. Start by navigating to the System Settings page. This is nested under **Settings \> Pro Settings \> ⚙️System Settings** on the sidebar. + + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1124595466/23510e2be09c57c31794ddbf/AD_4nXc_etHPxb2G3QGrOuEK3jNUcQevdHrW7fhe1DF-Oeom5oZFFdTmTmnM1tZpABw6ROzUbbu9DN9szFMKHCUxNWjqBOWKxk-AsYaVwpM4CPAAuKrMju_BqRLrl1vGIABLQaiXTEhVOSJOG5r71eSLuYMs1ZUQ?expires=1729720800&signature=15fe9ccd68bea2289aafaf51e2a0158bb8170f03cc21b6e2b5c8936eee5ba3f5&req=dSElEsx3mIVZX%2FMW1HO4zUxInD5pTrydt8XM8g5%2FosYwTdr%2FFJmlu8o7z1Ey%0AypWn%0A) +2. **Deduplication and Finding Settings** are at the top of the **System Settings** menu. +​ + + +![](https://defectdojo-inc.intercom-attachments-7.com/i/o/1124595482/5c6e4140b748d743380db52a/AD_4nXczFRPMaaBteblXtLfkioIjnUmaYz5Z2voT_wskuvTBDFBoqWV7F8Ncte1qYrgwhZ-TYhvFYTNbQoEjj_dgbpGfnvWt-nJ3Jxo046VxDAA1YmPcZRmJQwprmTWpkNNKAoROh_lUWEtZiehwJ-v-MU8mqNR9?expires=1729720800&signature=477386cba875c6d0eef54c5a9657ccd17320ac1f5355e6d5c2604a81049065a2&req=dSElEsx3mIVXW%2FMW1HO4zfS9u6vQjS6vS8fDvrkeJ6fkTP%2FTlmiDVWCQsro%2F%0Aqjfg%0A) + +## Enable Finding Deduplication + + +**Enable Finding Deduplication** will turn on the Deduplication Algorithm for all Findings. Deduplication will be triggered on all subsequent imports \- when this happens, DefectDojo will look at any Findings contained in the destination Product, and deduplicate as per your settings. + + + +## Delete Deduplicate Findings + + +**Delete Deduplicate Findings**, combined with the **Maximum Duplicates** field allows DefectDojo to limit the amount of Duplicate Findings stored. When this field is enabled, DefectDojo will only keep a certain number of Duplicate Findings. + + + +Applying **Delete Deduplicate Findings** will begin a deletion process immediately. DefectDojo will look at each Finding with Duplicates recorded, and will delete old duplicate Findings until the Maximum Duplicate number has been reached. + + + +For more information on how DefectDojo determines what to delete, see our guide to **[Deleting Deduplicate Findings](https://support.defectdojo.com/en/articles/9658110-delete-deduplicate-findings).** + diff --git a/docs/content/en/working_with_findings/finding_deduplication/_index.md b/docs/content/en/working_with_findings/finding_deduplication/_index.md new file mode 100644 index 0000000000..7a5fb41a14 --- /dev/null +++ b/docs/content/en/working_with_findings/finding_deduplication/_index.md @@ -0,0 +1,6 @@ +--- +title: "Finding Deduplication" +date: 2021-02-02T20:46:29+01:00 +draft: false +type: docs +--- diff --git a/docs/content/en/working_with_findings/findings_workflows/Bulk Editing Findings.md b/docs/content/en/working_with_findings/findings_workflows/Bulk Editing Findings.md new file mode 100644 index 0000000000..52b8705b40 --- /dev/null +++ b/docs/content/en/working_with_findings/findings_workflows/Bulk Editing Findings.md @@ -0,0 +1,70 @@ +--- +title: "Bulk Editing Findings" +description: "Quickly update one or more Findings from a table" +--- + +Findings can be edited in bulk from a Finding List, which can be found either on the Findings page itself, or from within a Test. + + + +# Selecting Findings for Bulk Edit + + +When looking at a table with multiple Findings, such as the ‘Findings From \[tool]’ table on a Test Page or the All Findings list, you can use the checkboxes next to Findings to mark them for Bulk Edit. + + + +Selecting one or more Findings in this way will open the (hidden) Bulk Edit menu, which contains the following four options: + + +* **Bulk Update Actions**: apply metadata changes to the selected Findings. +* **Risk Acceptance Actions: create a Full Risk Acceptance to govern the selected Findings, or add the Findings to an existing Full Risk Acceptance** +* **Finding Group Actions: create a Finding Group made up of the selected Findings. Note that Finding Groups can only be created within an individual Test.** +* **Delete: delete the selected Findings. You will need to confirm this action in a new window.** + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204643191/7924c15fbd2501b5a5e4b8fe71e3/AD_4nXer6k5QNaqhZs1J_hL6iuSLPvb8rHb-MdkW0pXJMf-V8x0cup_i0D0lnLHR3njiPTbVksdPHlsZ_UBmRy0m1t0zojl-M9dmSCfM0vk4PEQoPijdUfiv2PtwIqeSdJGfq4rZzCFJkaqJRibweVmucx5CEbM?expires=1729720800&signature=a12f0f004827941909402f24c36cd3a561a40709b013fcb5a4107878c3d7a278&req=dSInEs96noBWWPMW1HO4zXtiW9%2FFHhjCVKf5fbU6dSDW8tlXaxh7cSUWPAyF%0Ac20A%0A) +## Bulk Update Actions + + +Through the Bulk Update Actions menu, you can apply the following changes to any Findings you have selected: + + +* Update the **Severity** +* Apply a new **Finding Status** +* Change the Discovery or Planned Remediation Date of the Findings +* Add a **Simple Risk Acceptance,** if the option is enabled at the Product level +* Apply **Tags** or **Notes** to all of the selected Findings. + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204643192/2e01da408c1c8577257f36a74b43/AD_4nXcKzDiYnBIXMeEADA94q5TOEsbekEvXcB1lGVpbf94uO-mhLTo8AFnNF-FPSVYQlt1lyLRZNvNKz1POM2355bhJf0LUnxvYHjiBiD03k0TX41ZomVMOBEDlFb1enxpUSD2nw_ZU8EepAfsh-aH4Moca7n8?expires=1729720800&signature=74e51fe72c571f3b082a7ecee8684a85926aee8f9008c7a1097657eb24893868&req=dSInEs96noBWW%2FMW1HO4zRJT2q6EAbAjOLg8OA%2FoX1CY5iBqsc4giZcOa9%2Fp%0ACy9Q%0A) + +## Risk Acceptance Actions + + +This page allows you to add a **Full Risk Acceptance** to the selected Findings. You can either create a new **Full Risk Acceptance** or add the Findings to one that already exists. + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204644667/a5f2736f84de2f0cd77b04a0f9d4/AD_4nXePV5J0MY919X4dR2UdUSgzKT7cW9LvybGRHUaX3w0b5RQM3ySJUxhELJNSfq9tagOPiGb8N1iq2V3q7kdJ5ymLIiP5HVGSm8exP3vy_ZffAtpKv6vST6cojD7hAh-9ZHmmZg-khe0GM6m9MRkhqs-2_dY?expires=1729720800&signature=837eb6067922019a34ea694f13a3543844c735c23045322de7e53875030e5f64&req=dSInEs96mYdZXvMW1HO4zT4P2n9ZNwcwoSpDvuwOAfL%2BgCUq1%2BgkyhJ5AoRn%0APDRp%0A) + +## Finding Group Actions + + +This page allows you to create a new Finding Group from the Selected Findings, or add them to an existing Finding Group. + + +However, Finding Groups can only be created within an individual **Test** \- Findings from different Tests, Engagements or Products cannot be added to the same Finding Group. + + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204644883/6c30db7dce1c5c83e52195dc4fbb/AD_4nXeJRkRhtYmQ2suWzq_HIXWloIzKee1SAZ55tHdfIyI0hPOwIRdouZJXynlg0jHqkANarx34TTulLyTGNCHmSzd6aXHj5XJQ7CZXi82RRgTFIaVtDIb8HNofipknoSinugyyBaciW6wBt2sfvqjgB-5v0t8C?expires=1729720800&signature=2db1f51df35195bfba6640bf1b57cf2a2eeb6f2acf3f4fcba6d59c7306bfa078&req=dSInEs96mYlXWvMW1HO4zU0com58eS0SDjBSIgJ8buJr5hH5unUcrKxIQk10%0AWsRi%0A) + +## Bulk Delete Findings + + +You can also Delete selected Findings by clicking on the red **Delete** button. A popup window will appear asking you to confirm this decision. + + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204643187/1f5a6460d056fa521fc6d72a31cc/AD_4nXd0HP5saZ5unMQT9Hyv53DvcecF-eZT-hT_a2XUvoYLdGJNL_gGK0k77YRi_Udcvo5cfDhCo95spM5AShUFEAyYUmXSiNvaA1KQbKhUNCdxlIlkH-hSGl2CfNNn5sCVWz8adjPT8fGvzsmXn3c8R5Fw6lwl?expires=1729720800&signature=6969cfebf6052fd687d388f69737ac0109322104d50d082b4591c10aed2ecf45&req=dSInEs96noBXXvMW1HO4zRM%2FyKneOnX09YRnkV%2BmXEPubkbUVrmV074qxpI7%0AX53%2B%0A) + diff --git a/docs/content/en/working_with_findings/findings_workflows/Creating Findings Manually.md b/docs/content/en/working_with_findings/findings_workflows/Creating Findings Manually.md new file mode 100644 index 0000000000..600fde6d09 --- /dev/null +++ b/docs/content/en/working_with_findings/findings_workflows/Creating Findings Manually.md @@ -0,0 +1,20 @@ +--- +title: "Creating Findings Manually" +description: "Track vulnerability information without using a scan tool" +--- + +Normally, most of the Findings in your environment will be imported from other security tools. If you wish, you can add manual Finding entries as well, if you have vulnerabilities or work you wish to manage that was not created from a scan tool. + + + +1. From the DefectDojo Sidebar, open the New Finding link by clicking **Manage \> Findings \> New Finding**. +​ + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204646258/e2fab38379d284ad5b2aebffa718/AD_4nXeSTWP8bHEisluYG3PatY0V1Bw34F5193ydejr8BNDLZCZFphUNmok3jYtHZB_6Pnnbq6-b0pVc0jp5ZNEGQ9tO9iUv2JmhE2AjDc5o_yV0zloiqpbObujzjTgR84uu7KpnrUJ-wSpG5C8fKEYkAYLR6PiQ?expires=1729720800&signature=3a90174da1ae920701127a961a7cefb9baa980425e1baeb872f64c0ed5972a9c&req=dSInEs96m4NaUfMW1HO4zZjmOGH99gF4kHGAj1PnTvbgHifpl4o%2BR8%2BvHpJ3%0AG7g9%0A) + +​ +2. This opens the **New Finding** form, which you can fill out with any relevant information surrounding your Finding. You will need to assign this Finding to a previously created Test in DefectDojo. + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204645582/e2bfe82da64a254f2b5cbece2f28/AD_4nXeUMvPiS6NmxgUGcQSYel14w-O6N0Fa9De1LEX8tPOZpV8u5Cdp2FWgF2FB9LV7uyZ1O_I9YQFSQEfhKonOHdXrSBfi64LsaxMYFnnmo61Qvq1cswTsN0GtCFgvsxQUkPBuvd_ozJDvirDxWk--pHPt174V?expires=1729720800&signature=7f520ae406bf2876462b2a5d2d18b1f18ba2f8b30b18810454c6aa7f212357d5&req=dSInEs96mIRXW%2FMW1HO4zSpdNgBXR0m7lIF0Qe0vTqPPflkCMa%2BVwfFOLuIo%0AXX0j%0A) \ No newline at end of file diff --git a/docs/content/en/working_with_findings/findings_workflows/Editing Findings.md b/docs/content/en/working_with_findings/findings_workflows/Editing Findings.md new file mode 100644 index 0000000000..a954d19578 --- /dev/null +++ b/docs/content/en/working_with_findings/findings_workflows/Editing Findings.md @@ -0,0 +1,43 @@ +--- +title: "Editing Findings" +description: "Change a Finding’s Status, or add more metadata as you resolve an issue" +--- + +If you want to add notes or update the language on a Finding to be more relevant to the current situation, you can do so through the Edit Finding form. + + + +# Opening the Edit Finding Form + + +You can update a Finding by opening the **⚙️ Gear** **Menu** in the top and clicking **Edit Finding.** + + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204632847/caabbaa73e3ef1bad6d5afd0c0c3/AD_4nXc-cAVmWrNapE3BCbl21cYhzGEzqrV0o4zodyvkqLDjYjqvNrBM67_otDPrXN2vsMYkNLdcZFzvVqezCgTUrRmQIzgtNvb4cRTE9kdpc88bpV8oSXOvNcHywzO-huexpt4P6fxGgPEsSDO6zJk8N3z5ZWUo?expires=1729720800&signature=22b34d4835d8a263cf7a88501eed00e460d632f75e0053937123db9133e7a411&req=dSInEs99n4lbXvMW1HO4zfYhXR6UzORlNJ7u6J8QRDrXXi9HNu3VCLIi6oKU%0ApZLf%0A) + +This will open the **Edit Finding** form, where you can edit the metadata, change the Finding’s Status and add additional information. + + + +![](https://downloads.intercomcdn.com/i/o/tj2vh1ie/1204632848/e42a82139f528b871c01165d9b4c/AD_4nXdFNE-8nMU2l4QB-XtB6-VIYSQQkBQV6ftDNSZVGQP8EMft5gsns2T-XW82aqa0qDFGvDe2lI6IBiz6doLZMQDQf3UhHROVy5IvrctL5CozTO2RbD_E_ucl75_dHk327Oh2Zi3Pw8wnkrtk_4iadpPdXlIP?expires=1729720800&signature=80692fc66497b589d53b91a22e47873bb3cc79201110a484add3a47969f5cff7&req=dSInEs99n4lbUfMW1HO4zbhYFPglAYUL38JRhBdLBlt3Yjr8W%2FF3HwChTLmN%0A5gmh%0A) +## Edit Finding Form: Fields + + +* **"Test" cannot be edited:** Findings always have to be associated with a Test object, and cannot be moved out of that context. However, the Engagement containing a Test can be moved to another Product. +​ +* **Found By** is the scan tool which discovered this Finding. Note that you can add additional scan tools beyond the tool associated with the Test. +​ +* **Title** is created from the scan report, but you can edit this title to be more meaningful if you need to. Note that this may affect Deduplication, as Deduplication generally uses the titles of Findings to identify duplicates. +​ +* **Date** is meant to represent the date the Finding was uncovered by the scanner \- not necessarily the date the Finding was imported into DefectDojo. This date is pulled from the scan report, but you can update this date to be more accurate if you need to (for example, if working with historical data, or if using a scanning tool which does not log discovery dates). +​ +* **Description** is the description of a Finding provided by the scan tool. You can add or remove information from the Finding Description if you wish. +​ +* **Severity** is calculated based on several factors. At a base level, this will be the Severity reported by a tool, but a Finding’s Severity can be affected by EPSS changes. You can also manually adjust the Finding’s Severity to an appropriate level. +​ +* **Tags** are generic text labels that you can use to organize your Findings via Filters \- or they can simply be used as shorthand to identify a specific Finding. +​ +* **Active / Verified** are the primary Finding statuses used by a tool. Active Findings are Findings that are currently active in your network and have been reported by a tool. Verified means that this Finding has been confirmed to exist by a team member. +​ +* **SAST / DAST** are labels used to organize your Findings into the context they were discovered in. Generally, this label is populated based on the scanning tool used, but you can adjust this to a more accurate level (for example, if the Finding was found by both a SAST and a DAST tool). diff --git a/docs/content/en/working_with_findings/findings_workflows/How-To: Manage Duplicate Findings.md b/docs/content/en/working_with_findings/findings_workflows/How-To: Manage Duplicate Findings.md new file mode 100644 index 0000000000..212d68b2b7 --- /dev/null +++ b/docs/content/en/working_with_findings/findings_workflows/How-To: Manage Duplicate Findings.md @@ -0,0 +1,75 @@ +--- +title: "How-To: Manage Duplicate Findings" +description: "How to discover and correct redundancies in your workflow - using Deduplication, Reimiport and other Smart features" +--- + +One of DefectDojo’s strengths is that the data model can accommodate many different use\-cases and applications. You’ll likely change your approach as you master the software and discover ways to optimize your workflow. + + + +By default, DefectDojo does not delete any duplicate Findings that are created. Each Finding is considered to be a separate instance of a vulnerability. So in this case, **Duplicate Findings** can be an indicator that a process change is required to your workflow. + + + + +# Step 1: Clean up your excess Duplicates + + +Fortunately, DefectDojo’s Deduplication settings allow you to mass\-delete duplicates once a certain threshold has been crossed. This feature makes the cleanup process easier. To learn more about this process, see our article on **Finding Deduplication** \<\-link will go here. + + + +# Step 2: Evaluate your Engagements for redundancies + + +Once you’ve cleaned up your duplicate Findings, it’s a good practice to look at the Product which contained them to see if there’s a clear culprit. You might find that there are Engagements contained within which have a redundant context. + + + +## Duplicate or Reused Engagements + + +Engagements store one or more Tests for a particular testing context. That context is ultimately up to you to define for yourself, but if you see a few Engagements within your Product which should share the same context, consider combining them into a single engagement. +​ + + +## Questions to ask when defining Engagement context: + + +* If I wanted to make a report on this work, would the Engagement contain all of the relevant information I need? +* Are we proactively creating Engagements ahead of time or are they being created ‘ad\-hoc’ by my import process? +* Are we using the right kind of Engagement \- **Interactive** or **CI/CD**? +* What section of the codebase is being worked on by tests: is each repository a separate context or could multiple repositories make up a shared context for testing? +* Who are the stakeholders involved with the Productt, and how will I share results with them? + + +# Step 3: Check for redundant Tests + + +If you discover that separate Tests have been created which capture the same testing context, this may be an indicator that these tests can be consolidated into a single Reimport. + + + +DefectDojo has two methods for importing test data to create Findings: **Import** and **Reimport**. Both of these methods are very similar, but the key difference between the two is that **Import** always creates a new Test, while **Reimport** can add new data to an existing Test. It’s also worth noting that **Reimport** does not create duplicate Findings within that Test. + + + +Each time you import new vulnerability reports into DefectDojo, those reports will be stored in a Test object. A Test object can be created by a user ahead of time to hold a future **Import**. If a user wants to import data without specifying a Test destination, a new Test will be created to store the incoming report. + + + +Tests are flexible objects, and although they can only hold one *kind* of report, they can handle multiple instances of that same report through the **Reimport** method. To learn more about Reimport, see our **[article](https://support.defectdojo.com/en/articles/9424972-reimport-recurring-tests)** on this topic. + + + + +# When are Duplicate Findings acceptable? + + +Duplicate Findings are not always indicative of a problem. There are many cases where keeping duplicates is the preferred approach. For example: + + + +* If your team uses and reports on Interactive Engagements. If you want to create a discrete report on a single Test specifically, you would want to know if there’s an occurrence of a Finding that was already uncovered earlier. +* If you have Engagements which are contextually separated (for example, because they cover different repositories) you would want to be able to flag Findings which are occurring in both places. + diff --git a/docs/content/en/working_with_findings/findings_workflows/_index.md b/docs/content/en/working_with_findings/findings_workflows/_index.md new file mode 100644 index 0000000000..21f410a14f --- /dev/null +++ b/docs/content/en/working_with_findings/findings_workflows/_index.md @@ -0,0 +1,6 @@ +--- +title: "Findings Workflows" +date: 2021-02-02T20:46:29+01:00 +draft: false +type: docs +--- diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/Product Health Grade.md b/docs/content/en/working_with_findings/organizing_engagements_tests/Product Health Grade.md new file mode 100644 index 0000000000..4e951611d1 --- /dev/null +++ b/docs/content/en/working_with_findings/organizing_engagements_tests/Product Health Grade.md @@ -0,0 +1,45 @@ +--- +title: "Product Health Grade" +description: "How DefectDojo calculates a Product Health Grade" +--- + +DefectDojo can calculate a grade for your Products based on the amount of Findings contained within. Grades are ranked from A \- F. + + + +Note that only Active \& Verified Findings contribute to a Product Grade \- unverified Findings will not have an impact. + + + + +# Product Grade Calculation + + +Every Product Grade starts at 100 (with no Findings). + + + +Grade calculation starts by looking at the highest **Severity** level of a Finding in a Product, and reducing the Product Health to a base level. + + + + +| **Highest Severity Level of a Finding** | **Maximum Grade** | +| --- | --- | +| **Critical** | **40** | +| **High** | **60** | +| **Medium** | **80** | +| **Low** | **95** | + +Further points are then deducted from the Grade for each additional Finding: + + + + +| **Severity Level of an additional Finding** | **Grade Reduced by** | +| --- | --- | +| **Critical** | **5** | +| **High** | **3** | +| **Medium** | **2** | +| **Low** | **1** | + diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/Product Hierarchy: Overview.md b/docs/content/en/working_with_findings/organizing_engagements_tests/Product Hierarchy: Overview.md new file mode 100644 index 0000000000..ba5011d71e --- /dev/null +++ b/docs/content/en/working_with_findings/organizing_engagements_tests/Product Hierarchy: Overview.md @@ -0,0 +1,233 @@ +--- +title: "Product Hierarchy: Overview" +description: "Understand Product Types, Products, Engagements, Tests and Findings" +--- + +DefectDojo uses five main data classes to organize your work: **Product Types, Products**, **Engagements**, **Tests**, and **Findings**. + + + +DefectDojo is made to be flexible to conform to your team, rather than making your team conform to the tool. You'll be able to design a robust, adaptable workspace once you understand how these data classes can be used to organize your work. + + + + +# **Product Types** + + +The first category of data you'll need to set up in DefectDojo is a Product Type. Product Types are intended to categorize Products in a specific way. This could be: + + +* by business domain +* by development team +* by security team + +![](https://downloads.intercomcdn.com/i/o/886742892/642722b973c01c39a0aa533e/Product+Type+Hierarchy.png?expires=1729720800&signature=f416d0eee2d29e5a926c9f7287579efffb74ccf55aeecb8bf9b3884cd1572801&req=fCghEc18lYhdFb4f3HP0gMX0MoIxq3p7ta8SylkRlAboMhPkbdVx3E69%2Fny%2B%0Ai3A%3D%0A) +Product Types can have Role\-Based Access Control rules applied, which limit team members' ability to view and interact with their data (including any underlying Products with Engagement, Test and Finding data). For more information on user roles, see our **Introduction To Roles** article. + + + + +## What can a Product Type represent? + + +* If a particular software project has many distinct deployments or versions, it may be worth creating a single Product Type which covers the scope of the entire project, and having each version exist as individual Products. +​ +* You also might consider using Product Types to represent stages in your software development process: one Product Type for 'In Development', one Product Type for 'In Production', etc. +​ +* Ultimately, it's your decision how you wish to organize your Products, and what you Product Type to represent. Your DefectDojo hierarchy may need to change to fit your security teams' needs. + + + +# **Products** + + +A **Product** in DefectDojo is intended to represent any project, program, or product that you are currently testing. The Product hosts all of the security work and testing history related to the underlying goal. + + + +![](https://downloads.intercomcdn.com/i/o/886743202/725d5bedab67b7fa1f6b6ed4/Product+Hierarchy+%282%29.png?expires=1729720800&signature=ba717a51a34144947926a7cc2c0ec99034e93fd5def26a17e05f1f162c8c0599&req=fCghEc19n4FdFb4f3HP0gKcjfuSKAo3raoDOoFM14rwusH%2BZxfDNYtoJF2%2BC%0AYBE%3D%0A)Products always have: + + +* a unique **Name** +* a **Description** +* a product **Type** +* an assigned **SLA Configuration** + +Products can be as broad or as specific in scope as you wish. By default, Products are completely separate objects in the hierarchy, but they can be grouped together by **Product Type**. + + + +Products are 'walled\-off' and do not interact with other Products. DefectDojo's Smart Features, such as **Deduplication**, only apply within the context of a single Product. + + + +Like **Product Types**, **Products** can have Role\-Based Access Control rules applied, which limit team members' ability to view and interact with them (as well as any underlying Engagement, Test and Finding data). For more information on user roles, see our **Introduction To Roles** article. + + + + +## What can a Product represent? + + +DefectDojo's concept of a 'Product' will not necessarily correspond 1:1 to what your organization would refer to as a 'Product'. Software development is complex, and security needs can vary greatly even within the scope of a single piece of software. + + + +The following scenarios are good reasons to consider creating a separate DefectDojo Product: + + +* "**ExampleProduct**" has a Windows version, a Mac version, and a Cloud version +* "**ExampleProduct 1\.0**" uses completely different software components from "**ExampleProduct 2\.0**", and both versions are actively supported by your company. +* The team assigned to work on "**ExampleProduct version A**" is different than the product team assigned to work on "**ExampleProduct version B**", and needs to have different security permissions assigned as a result. + + +These variations within a single Product can also be handled at the Engagement level. Note that Engagements don't have access control in the way Products and Product Types do. + + +# **Engagements** + + +Once a Product is set up, you can begin creating and scheduling Engagements. Engagements are meant to represent moments in time when testing is taking place, and contain one or more **Tests**. + + + +Engagements always have: + + +* a unique **Name** +* target **Start and End dates** +* **Status** (Not Started, In Progress, Cancelled, Completed...) +* an assigned **Testing Lead** +* an associated **Product** + +There are two types of Engagement: **Interactive** and **CI/CD**. + + +* An **Interactive Engagement** is typically run by an engineer. Interactive Engagements are focused on testing the application while the app is running, using an automated test, human tester, or any activity “interacting” with the application functionality. See [OWASP's definition of IAST](https://owasp.org/www-project-devsecops-guideline/latest/02c-Interactive-Application-Security-Testing#:~:text=Interactive%20Application%20Security%20Testing,interacting%E2%80%9D%20with%20the%20application%20functionality.). +* A **CI/CD Engagement** is for automated integration with a CI/CD pipeline. CI/CD Engagements are meant to import data as an automated action, triggered by a step in the release process. + +Engagements can be tracked using DefectDojo's **Calendar** view. + + + + +## What can an Engagement represent? + + +Engagements are meant to represent groups of related testing efforts. How you wish to group your testing efforts depends on your approach. + + + +If you have a planned testing effort scheduled, an Engagement offers you a place to store all of the related results. Here's an example of this kind of Engagement: + + +#### **Engagement:** ExampleSoftware 1\.5\.2 \- Interactive Testing Effort + + +*In this example, a security team runs multiple tests on the same day as part of a software release.* + + +* **Test:** Nessus Scan Results (March 12\) +* **Test:** NPM Scan Audit Results (March 12\) +* **Test:** Snyk Scan Results (March 12\) +​ + + +You can also organize CI/CD Test results within an Engagement. These kinds of Engagements are 'Open\-Ended' meaning that they don't have a date, and will instead add additional data each time the associated CI/CD actions are run. + + +#### Engagement: ExampleSoftware CI/CD Testing + + +*In this example, multiple CI/CD scans are automatically imported as Tests every time a new software release is created.* + + +* Test: 1\.5\.2 Scan Results (March 12\) +* Test: 1\.5\.1 Scan Results (March 3\) +* Test: 1\.5\.0 Scan Results (February 14\) + + + +Engagements can be organized however works best for your team. All Engagements nested under a Product can be viewed by the team assigned to work on the Product. + + + +# **Tests** + + +Tests are a grouping of activities conducted by engineers to attempt to discover flaws in a product. + + + +Tests always have: + + +* a unique **Test Title** +* a specific **Test Type (**API Test, Nessus Scan, etc) +* an associated test **Environment** +* an associated **Engagement** + +Tests can be created in different ways. Scan data can be directly imported to an Engagement, which will then create a new Test containing that data. Tests can also be created in advance without scan data, as part of planning future Engagements. + + + + +## **How do Tests interact with each other?** + + +Tests take your testing data and group it into Findings. Generally, security teams will be running the same testing effort repeatedly, and Tests in DefectDojo allow you to handle this process in an elegant way. + + + +**Previously imported tests can be reimported** \- If you're running the same type of test within the same Engagement context, you can Reimport the test results after each completed scan. DefectDojo will compare the Reimported data to the existing result, and will not create new Findings if duplicates exist in the scan data. + + + +**Tests can be imported separately** \- If you run the same test on a Product within separate Engagements, DefectDojo will still compare the data with previous Tests to find duplicate Findings. This allows you to keep track of previously mitigated or risk\-accepted Findings. + + + +If a Test is added directly to a Product without an Engagement, a generic Engagement will be created automatically to contain the Test. This allows for ad\-hoc data imports. + + + +**Examples of Tests:** + + +* Burp Scan from Oct. 29, 2015 to Oct. 29, 2015 +* Nessus Scan from Oct. 31, 2015 to Oct. 31, 2015 +* API Test from Oct. 15, 2015 to Oct. 20, 2015 + + +# **Findings** + + +Once data has been added uploaded to a Test, the results of that data will be listed in the Test as individual **Findings** for review. + + + +A finding represents a specific flaw discovered while testing. + + + +Findings always have: + + +* a unique **Finding Name** +* the **Date** they were uncovered +* multiple associated **Statuses**, such as Active, Verified or False Positive +* an associated **Test** +* a **Severity** level: Critical, High, Medium, Low, and Informational (Info). + +Findings can be added through a data import, but they can also be added manually to a Test. + + + +**Examples of Findings:** + + +* OpenSSL ‘ChangeCipherSpec’ MiTM Potential Vulnerability +* Web Application Potentially Vulnerable to Clickjacking +* Web Browser XSS Protection Not Enabled + diff --git a/docs/content/en/working_with_findings/organizing_engagements_tests/_index.md b/docs/content/en/working_with_findings/organizing_engagements_tests/_index.md new file mode 100644 index 0000000000..73f51afe3e --- /dev/null +++ b/docs/content/en/working_with_findings/organizing_engagements_tests/_index.md @@ -0,0 +1,6 @@ +--- +title: "Organizing Engagements and Tests" +date: 2021-02-02T20:46:29+01:00 +draft: false +type: docs +--- diff --git a/docs/layouts/index.html b/docs/layouts/index.html new file mode 100644 index 0000000000..c99e8414ea --- /dev/null +++ b/docs/layouts/index.html @@ -0,0 +1,73 @@ +{{ define "main" }} +
+
+
+

{{ .Title }}

+
+
+

{{ .Params.lead | safeHTML }}

+ Open The Docs + {{ .Content }} +
+
+
+
+
+
+
+

Getting Started

+

Start your journey with DefectDojo with our New User Checklist.

+
+
+

Import Data

+

Learn how to import data from 190+ supported security tools here.

+
+
+

Create Reports

+

Use the Report Builder to present customizable reports of Findings.

+
+
+
+
+{{ end }} + +{{ define "sidebar-prefooter" }} + {{ if site.Params.doks.backgroundDots -}} +
+
+
+ {{ end -}} + {{ if eq $.Site.Language.LanguageName "English" }} +
+
+
+
+

Join the Dojo community

+

Check out live events, upcoming features and connect with other security professionals on our Community Page.

+
+
+

Sign up for a trial

+

Ready to go Pro? Create an account here.

+
+
+

Reach out to Support

+

Need some help? Pro users can send an email to support@defectdojo.com

+
+
+
+
+ {{ end }} +{{ end }} + +{{ define "sidebar-footer" }} +{{ if site.Params.doks.sectionFooter -}} +
+
+
+

Start building with Doks today

+ {{ i18n "get-started" }} +
+
+
+{{ end -}} +{{ end }} diff --git a/docs/layouts/partials/footer/script-footer-custom.html b/docs/layouts/partials/footer/script-footer-custom.html new file mode 100644 index 0000000000..4411a70797 --- /dev/null +++ b/docs/layouts/partials/footer/script-footer-custom.html @@ -0,0 +1,13 @@ +{{/* Put your custom tags here */}} + +{{/* EXAMPLE - only load script for production +{{ if eq (hugo.Environment) "production" -}} + {{ partial "footer/esbuild" (dict "src" "js/instantpage.js" "load" "async" "transpile" false) -}} +{{ end -}} +*/}} + +{{/* EXAMPLE - only load script for a page type e.g. contact or gallery +{{ if eq .Type "gallery" -}} + {{ partial "footer/esbuild" (dict "src" "js/gallery.js" "load" "async" "transpile" false) -}} +{{ end -}} +*/}} diff --git a/docs/layouts/partials/head/custom-head.html b/docs/layouts/partials/head/custom-head.html new file mode 100644 index 0000000000..21e7beaf35 --- /dev/null +++ b/docs/layouts/partials/head/custom-head.html @@ -0,0 +1 @@ + diff --git a/docs/layouts/partials/head/resource-hints.html b/docs/layouts/partials/head/resource-hints.html new file mode 100644 index 0000000000..749114b99f --- /dev/null +++ b/docs/layouts/partials/head/resource-hints.html @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/docs/layouts/partials/head/script-header.html b/docs/layouts/partials/head/script-header.html new file mode 100644 index 0000000000..aba98029eb --- /dev/null +++ b/docs/layouts/partials/head/script-header.html @@ -0,0 +1 @@ + diff --git a/docs/layouts/partials/header/header.html b/docs/layouts/partials/header/header.html new file mode 100644 index 0000000000..4ffd7e06ff --- /dev/null +++ b/docs/layouts/partials/header/header.html @@ -0,0 +1,277 @@ +{{ if site.Params.doks.alert -}} + {{ partial "header/alert.html" . }} +{{ end -}} + +{{ if site.Params.doks.navbarSticky -}} +
+{{ end -}} + +{{ if site.Params.doks.headerBar -}} +
+{{ end -}} + + +{{ if site.Params.doks.navbarSticky -}} +
+{{ end -}} + + +{{ if site.Params.doks.flexSearch -}} +{{ partial "header/search-modal" . }} +{{ end -}} diff --git a/docs/netlify.toml b/docs/netlify.toml new file mode 100644 index 0000000000..fca7810dde --- /dev/null +++ b/docs/netlify.toml @@ -0,0 +1,49 @@ +[build] + publish = "public" + functions = "functions" + +[build.environment] + NODE_VERSION = "20.11.0" + NPM_VERSION = "10.2.4" + HUGO_VERSION = "0.125.1" + +[context.production] + command = "npm run build" + +[context.deploy-preview] + command = "npm run build" + +[context.branch-deploy] + command = "npm run build" + +[context.next] + command = "npm run build" + +[context.next.environment] + HUGO_ENV = "next" + +[dev] + framework = "#custom" + command = "npm run dev" + targetPort = 1313 + port = 8888 + publish = "public" + autoLaunch = false + +# Redirects and rewrites — https://docs.netlify.com/routing/redirects/#syntax-for-the-netlify-configuration-file + +# Custom headers — https://docs.netlify.com/routing/headers/#syntax-for-the-netlify-configuration-file +[[headers]] + for = "/*" + [headers.values] + Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload" + X-Content-Type-Options = "nosniff" + X-XSS-Protection = "1; mode=block" + Content-Security-Policy = "default-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; img-src 'self' https://avatars.githubusercontent.com data:; script-src 'self' 'nonce-dXNlcj0iaGVsbG8iLGRvbWFpbj0iaGVua3ZlcmxpbmRlLmNvbSIsZG9jdW1lbnQud3JpdGUodXNlcisiQCIrZG9tYWluKTs=' 'sha256-aWZ3y/RxbBYKHXH0z8+8ljrHG1mSBvyzSfxSMjBSaXk='; style-src 'self'" + X-Frame-Options = "SAMEORIGIN" + Referrer-Policy = "strict-origin" + Permissions-Policy = "geolocation=(self), microphone=(), camera=()" + Cache-Control= ''' + public, + max-age=31536000''' + Access-Control-Allow-Origin = "*" diff --git a/docs/package-lock.json b/docs/package-lock.json deleted file mode 100644 index 182df8260a..0000000000 --- a/docs/package-lock.json +++ /dev/null @@ -1,1614 +0,0 @@ -{ - "name": "docs", - "lockfileVersion": 2, - "requires": true, - "packages": { - "": { - "devDependencies": { - "autoprefixer": "10.4.20", - "postcss": "8.4.49", - "postcss-cli": "11.0.0" - } - }, - "node_modules/@nodelib/fs.scandir": { - "version": "2.1.5", - "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", - "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", - "dev": true, - "dependencies": { - "@nodelib/fs.stat": "2.0.5", - "run-parallel": "^1.1.9" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/@nodelib/fs.stat": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", - "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", - "dev": true, - "engines": { - "node": ">= 8" - } - }, - "node_modules/@nodelib/fs.walk": { - "version": "1.2.8", - "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", - "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", - "dev": true, - "dependencies": { - "@nodelib/fs.scandir": "2.1.5", - "fastq": "^1.6.0" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/@sindresorhus/merge-streams": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/@sindresorhus/merge-streams/-/merge-streams-1.0.0.tgz", - "integrity": "sha512-rUV5WyJrJLoloD4NDN1V1+LDMDWOa4OTsT4yYJwQNpTU6FWxkxHpL7eu4w+DmiH8x/EAM1otkPE1+LaspIbplw==", - "dev": true, - "engines": { - "node": ">=18" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/ansi-styles": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", - "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "dev": true, - "dependencies": { - "color-convert": "^2.0.1" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/anymatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", - "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", - "dev": true, - "dependencies": { - "normalize-path": "^3.0.0", - "picomatch": "^2.0.4" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/autoprefixer": { - "version": "10.4.20", - "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.20.tgz", - "integrity": "sha512-XY25y5xSv/wEoqzDyXXME4AFfkZI0P23z6Fs3YgymDnKJkCGOnkL0iTxCa85UTqaSgfcqyf3UA6+c7wUvx/16g==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - { - "type": "tidelift", - "url": "https://tidelift.com/funding/github/npm/autoprefixer" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "dependencies": { - "browserslist": "^4.23.3", - "caniuse-lite": "^1.0.30001646", - "fraction.js": "^4.3.7", - "normalize-range": "^0.1.2", - "picocolors": "^1.0.1", - "postcss-value-parser": "^4.2.0" - }, - "bin": { - "autoprefixer": "bin/autoprefixer" - }, - "engines": { - "node": "^10 || ^12 || >=14" - }, - "peerDependencies": { - "postcss": "^8.1.0" - } - }, - "node_modules/binary-extensions": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", - "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/braces": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", - "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", - "dev": true, - "dependencies": { - "fill-range": "^7.1.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/browserslist": { - "version": "4.23.3", - "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.3.tgz", - "integrity": "sha512-btwCFJVjI4YWDNfau8RhZ+B1Q/VLoUITrm3RlP6y1tYGWIOa+InuYiRGXUBXo8nA1qKmHMyLB/iVQg5TT4eFoA==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/browserslist" - }, - { - "type": "tidelift", - "url": "https://tidelift.com/funding/github/npm/browserslist" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "dependencies": { - "caniuse-lite": "^1.0.30001646", - "electron-to-chromium": "^1.5.4", - "node-releases": "^2.0.18", - "update-browserslist-db": "^1.1.0" - }, - "bin": { - "browserslist": "cli.js" - }, - "engines": { - "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" - } - }, - "node_modules/caniuse-lite": { - "version": "1.0.30001646", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001646.tgz", - "integrity": "sha512-dRg00gudiBDDTmUhClSdv3hqRfpbOnU28IpI1T6PBTLWa+kOj0681C8uML3PifYfREuBrVjDGhL3adYpBT6spw==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/browserslist" - }, - { - "type": "tidelift", - "url": "https://tidelift.com/funding/github/npm/caniuse-lite" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ] - }, - "node_modules/chokidar": { - "version": "3.5.3", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", - "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", - "dev": true, - "funding": [ - { - "type": "individual", - "url": "https://paulmillr.com/funding/" - } - ], - "dependencies": { - "anymatch": "~3.1.2", - "braces": "~3.0.2", - "glob-parent": "~5.1.2", - "is-binary-path": "~2.1.0", - "is-glob": "~4.0.1", - "normalize-path": "~3.0.0", - "readdirp": "~3.6.0" - }, - "engines": { - "node": ">= 8.10.0" - }, - "optionalDependencies": { - "fsevents": "~2.3.2" - } - }, - "node_modules/cliui": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", - "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", - "dev": true, - "dependencies": { - "string-width": "^4.2.0", - "strip-ansi": "^6.0.0", - "wrap-ansi": "^7.0.0" - } - }, - "node_modules/color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "dev": true, - "dependencies": { - "color-name": "~1.1.4" - }, - "engines": { - "node": ">=7.0.0" - } - }, - "node_modules/color-name": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", - "dev": true - }, - "node_modules/dependency-graph": { - "version": "0.11.0", - "resolved": "https://registry.npmjs.org/dependency-graph/-/dependency-graph-0.11.0.tgz", - "integrity": "sha512-JeMq7fEshyepOWDfcfHK06N3MhyPhz++vtqWhMT5O9A3K42rdsEDpfdVqjaqaAhsw6a+ZqeDvQVtD0hFHQWrzg==", - "dev": true, - "engines": { - "node": ">= 0.6.0" - } - }, - "node_modules/electron-to-chromium": { - "version": "1.5.4", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.4.tgz", - "integrity": "sha512-orzA81VqLyIGUEA77YkVA1D+N+nNfl2isJVjjmOyrlxuooZ19ynb+dOlaDTqd/idKRS9lDCSBmtzM+kyCsMnkA==", - "dev": true - }, - "node_modules/emoji-regex": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", - "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", - "dev": true - }, - "node_modules/escalade": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", - "integrity": "sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/fast-glob": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", - "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==", - "dev": true, - "dependencies": { - "@nodelib/fs.stat": "^2.0.2", - "@nodelib/fs.walk": "^1.2.3", - "glob-parent": "^5.1.2", - "merge2": "^1.3.0", - "micromatch": "^4.0.4" - }, - "engines": { - "node": ">=8.6.0" - } - }, - "node_modules/fastq": { - "version": "1.17.0", - "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.0.tgz", - "integrity": "sha512-zGygtijUMT7jnk3h26kUms3BkSDp4IfIKjmnqI2tvx6nuBfiF1UqOxbnLfzdv+apBy+53oaImsKtMw/xYbW+1w==", - "dev": true, - "dependencies": { - "reusify": "^1.0.4" - } - }, - "node_modules/fill-range": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", - "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", - "dev": true, - "dependencies": { - "to-regex-range": "^5.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/fraction.js": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz", - "integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==", - "dev": true, - "engines": { - "node": "*" - }, - "funding": { - "type": "patreon", - "url": "https://github.com/sponsors/rawify" - } - }, - "node_modules/fs-extra": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.0.0.tgz", - "integrity": "sha512-4YxRvMi4P5C3WQTvdRfrv5UVqbISpqjORFQAW5QPiKAauaxNCwrEdIi6pG3tDFhKKpMen+enEhHIzB/tvIO+/w==", - "dev": true, - "dependencies": { - "graceful-fs": "^4.2.0", - "jsonfile": "^6.0.1", - "universalify": "^2.0.0" - }, - "engines": { - "node": ">=14.14" - } - }, - "node_modules/fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "dev": true, - "hasInstallScript": true, - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": "^8.16.0 || ^10.6.0 || >=11.0.0" - } - }, - "node_modules/get-caller-file": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", - "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", - "dev": true, - "engines": { - "node": "6.* || 8.* || >= 10.*" - } - }, - "node_modules/get-stdin": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", - "integrity": "sha512-dVKBjfWisLAicarI2Sf+JuBE/DghV4UzNAVe9yhEJuzeREd3JhOTE9cUaJTeSa77fsbQUK3pcOpJfM59+VKZaA==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/glob-parent": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", - "dev": true, - "dependencies": { - "is-glob": "^4.0.1" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/globby": { - "version": "14.0.0", - "resolved": "https://registry.npmjs.org/globby/-/globby-14.0.0.tgz", - "integrity": "sha512-/1WM/LNHRAOH9lZta77uGbq0dAEQM+XjNesWwhlERDVenqothRbnzTrL3/LrIoEPPjeUHC3vrS6TwoyxeHs7MQ==", - "dev": true, - "dependencies": { - "@sindresorhus/merge-streams": "^1.0.0", - "fast-glob": "^3.3.2", - "ignore": "^5.2.4", - "path-type": "^5.0.0", - "slash": "^5.1.0", - "unicorn-magic": "^0.1.0" - }, - "engines": { - "node": ">=18" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/graceful-fs": { - "version": "4.2.10", - "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz", - "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==", - "dev": true - }, - "node_modules/ignore": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.0.tgz", - "integrity": "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==", - "dev": true, - "engines": { - "node": ">= 4" - } - }, - "node_modules/is-binary-path": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", - "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", - "dev": true, - "dependencies": { - "binary-extensions": "^2.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/is-extglob": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", - "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/is-fullwidth-code-point": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", - "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/is-glob": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", - "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", - "dev": true, - "dependencies": { - "is-extglob": "^2.1.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/is-number": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", - "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", - "dev": true, - "engines": { - "node": ">=0.12.0" - } - }, - "node_modules/jsonfile": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", - "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", - "dev": true, - "dependencies": { - "universalify": "^2.0.0" - }, - "optionalDependencies": { - "graceful-fs": "^4.1.6" - } - }, - "node_modules/lilconfig": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.0.0.tgz", - "integrity": "sha512-K2U4W2Ff5ibV7j7ydLr+zLAkIg5JJ4lPn1Ltsdt+Tz/IjQ8buJ55pZAxoP34lqIiwtF9iAvtLv3JGv7CAyAg+g==", - "dev": true, - "engines": { - "node": ">=14" - } - }, - "node_modules/merge2": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", - "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", - "dev": true, - "engines": { - "node": ">= 8" - } - }, - "node_modules/micromatch": { - "version": "4.0.5", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", - "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", - "dev": true, - "dependencies": { - "braces": "^3.0.2", - "picomatch": "^2.3.1" - }, - "engines": { - "node": ">=8.6" - } - }, - "node_modules/nanoid": { - "version": "3.3.7", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", - "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "bin": { - "nanoid": "bin/nanoid.cjs" - }, - "engines": { - "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" - } - }, - "node_modules/node-releases": { - "version": "2.0.18", - "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.18.tgz", - "integrity": "sha512-d9VeXT4SJ7ZeOqGX6R5EM022wpL+eWPooLI+5UpWn2jCT1aosUQEhQP214x33Wkwx3JQMvIm+tIoVOdodFS40g==", - "dev": true - }, - "node_modules/normalize-path": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", - "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/normalize-range": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz", - "integrity": "sha1-LRDAa9/TEuqXd2laTShDlFa3WUI=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/path-type": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/path-type/-/path-type-5.0.0.tgz", - "integrity": "sha512-5HviZNaZcfqP95rwpv+1HDgUamezbqdSYTyzjTvwtJSnIH+3vnbmWsItli8OFEndS984VT55M3jduxZbX351gg==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/picocolors": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", - "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", - "dev": true - }, - "node_modules/picomatch": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", - "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", - "dev": true, - "engines": { - "node": ">=8.6" - }, - "funding": { - "url": "https://github.com/sponsors/jonschlinkert" - } - }, - "node_modules/pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/postcss": { - "version": "8.4.49", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.49.tgz", - "integrity": "sha512-OCVPnIObs4N29kxTjzLfUryOkvZEq+pf8jTF0lg8E7uETuWHA+v7j3c/xJmiqpX450191LlmZfUKkXxkTry7nA==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - { - "type": "tidelift", - "url": "https://tidelift.com/funding/github/npm/postcss" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "dependencies": { - "nanoid": "^3.3.7", - "picocolors": "^1.1.1", - "source-map-js": "^1.2.1" - }, - "engines": { - "node": "^10 || ^12 || >=14" - } - }, - "node_modules/postcss-cli": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/postcss-cli/-/postcss-cli-11.0.0.tgz", - "integrity": "sha512-xMITAI7M0u1yolVcXJ9XTZiO9aO49mcoKQy6pCDFdMh9kGqhzLVpWxeD/32M/QBmkhcGypZFFOLNLmIW4Pg4RA==", - "dev": true, - "dependencies": { - "chokidar": "^3.3.0", - "dependency-graph": "^0.11.0", - "fs-extra": "^11.0.0", - "get-stdin": "^9.0.0", - "globby": "^14.0.0", - "picocolors": "^1.0.0", - "postcss-load-config": "^5.0.0", - "postcss-reporter": "^7.0.0", - "pretty-hrtime": "^1.0.3", - "read-cache": "^1.0.0", - "slash": "^5.0.0", - "yargs": "^17.0.0" - }, - "bin": { - "postcss": "index.js" - }, - "engines": { - "node": ">=18" - }, - "peerDependencies": { - "postcss": "^8.0.0" - } - }, - "node_modules/postcss-load-config": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-5.0.2.tgz", - "integrity": "sha512-Q8QR3FYbqOKa0bnC1UQ2bFq9/ulHX5Bi34muzitMr8aDtUelO5xKeJEYC/5smE0jNE9zdB/NBnOwXKexELbRlw==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "dependencies": { - "lilconfig": "^3.0.0", - "yaml": "^2.3.4" - }, - "engines": { - "node": ">= 18" - }, - "peerDependencies": { - "jiti": ">=1.21.0", - "postcss": ">=8.0.9" - }, - "peerDependenciesMeta": { - "jiti": { - "optional": true - }, - "postcss": { - "optional": true - } - } - }, - "node_modules/postcss-reporter": { - "version": "7.0.5", - "resolved": "https://registry.npmjs.org/postcss-reporter/-/postcss-reporter-7.0.5.tgz", - "integrity": "sha512-glWg7VZBilooZGOFPhN9msJ3FQs19Hie7l5a/eE6WglzYqVeH3ong3ShFcp9kDWJT1g2Y/wd59cocf9XxBtkWA==", - "dev": true, - "dependencies": { - "picocolors": "^1.0.0", - "thenby": "^1.3.4" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - "peerDependencies": { - "postcss": "^8.1.0" - } - }, - "node_modules/postcss-value-parser": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", - "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==", - "dev": true - }, - "node_modules/pretty-hrtime": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz", - "integrity": "sha512-66hKPCr+72mlfiSjlEB1+45IjXSqvVAIy6mocupoww4tBFE9R9IhwwUGoI4G++Tc9Aq+2rxOt0RFU6gPcrte0A==", - "dev": true, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/queue-microtask": { - "version": "1.2.3", - "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", - "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ] - }, - "node_modules/read-cache": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", - "integrity": "sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==", - "dev": true, - "dependencies": { - "pify": "^2.3.0" - } - }, - "node_modules/readdirp": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", - "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", - "dev": true, - "dependencies": { - "picomatch": "^2.2.1" - }, - "engines": { - "node": ">=8.10.0" - } - }, - "node_modules/require-directory": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", - "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/reusify": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", - "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", - "dev": true, - "engines": { - "iojs": ">=1.0.0", - "node": ">=0.10.0" - } - }, - "node_modules/run-parallel": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", - "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ], - "dependencies": { - "queue-microtask": "^1.2.2" - } - }, - "node_modules/slash": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/slash/-/slash-5.1.0.tgz", - "integrity": "sha512-ZA6oR3T/pEyuqwMgAKT0/hAv8oAXckzbkmR0UkUosQ+Mc4RxGoJkRmwHgHufaenlyAgE1Mxgpdcrf75y6XcnDg==", - "dev": true, - "engines": { - "node": ">=14.16" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/source-map-js": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", - "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/string-width": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", - "dev": true, - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "dev": true, - "dependencies": { - "ansi-regex": "^5.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/thenby": { - "version": "1.3.4", - "resolved": "https://registry.npmjs.org/thenby/-/thenby-1.3.4.tgz", - "integrity": "sha512-89Gi5raiWA3QZ4b2ePcEwswC3me9JIg+ToSgtE0JWeCynLnLxNr/f9G+xfo9K+Oj4AFdom8YNJjibIARTJmapQ==", - "dev": true - }, - "node_modules/to-regex-range": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", - "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", - "dev": true, - "dependencies": { - "is-number": "^7.0.0" - }, - "engines": { - "node": ">=8.0" - } - }, - "node_modules/unicorn-magic": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/unicorn-magic/-/unicorn-magic-0.1.0.tgz", - "integrity": "sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ==", - "dev": true, - "engines": { - "node": ">=18" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/universalify": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", - "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", - "dev": true, - "engines": { - "node": ">= 10.0.0" - } - }, - "node_modules/update-browserslist-db": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.0.tgz", - "integrity": "sha512-EdRAaAyk2cUE1wOf2DkEhzxqOQvFOoRJFNS6NeyJ01Gp2beMRpBAINjM2iDXE3KCuKhwnvHIQCJm6ThL2Z+HzQ==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/browserslist" - }, - { - "type": "tidelift", - "url": "https://tidelift.com/funding/github/npm/browserslist" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "dependencies": { - "escalade": "^3.1.2", - "picocolors": "^1.0.1" - }, - "bin": { - "update-browserslist-db": "cli.js" - }, - "peerDependencies": { - "browserslist": ">= 4.21.0" - } - }, - "node_modules/wrap-ansi": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", - "dev": true, - "dependencies": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/wrap-ansi?sponsor=1" - } - }, - "node_modules/y18n": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", - "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", - "dev": true, - "engines": { - "node": ">=10" - } - }, - "node_modules/yaml": { - "version": "2.3.4", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.4.tgz", - "integrity": "sha512-8aAvwVUSHpfEqTQ4w/KMlf3HcRdt50E5ODIQJBw1fQ5RL34xabzxtUlzTXVqc4rkZsPbvrXKWnABCD7kWSmocA==", - "dev": true, - "engines": { - "node": ">= 14" - } - }, - "node_modules/yargs": { - "version": "17.5.1", - "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.5.1.tgz", - "integrity": "sha512-t6YAJcxDkNX7NFYiVtKvWUz8l+PaKTLiL63mJYWR2GnHq2gjEWISzsLp9wg3aY36dY1j+gfIEL3pIF+XlJJfbA==", - "dev": true, - "dependencies": { - "cliui": "^7.0.2", - "escalade": "^3.1.1", - "get-caller-file": "^2.0.5", - "require-directory": "^2.1.1", - "string-width": "^4.2.3", - "y18n": "^5.0.5", - "yargs-parser": "^21.0.0" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/yargs-parser": { - "version": "21.0.1", - "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.0.1.tgz", - "integrity": "sha512-9BK1jFpLzJROCI5TzwZL/TU4gqjK5xiHV/RfWLOahrjAko/e4DJkRDZQXfvqAsiZzzYhgAzbgz6lg48jcm4GLg==", - "dev": true, - "engines": { - "node": ">=12" - } - } - }, - "dependencies": { - "@nodelib/fs.scandir": { - "version": "2.1.5", - "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", - "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", - "dev": true, - "requires": { - "@nodelib/fs.stat": "2.0.5", - "run-parallel": "^1.1.9" - } - }, - "@nodelib/fs.stat": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", - "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", - "dev": true - }, - "@nodelib/fs.walk": { - "version": "1.2.8", - "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", - "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", - "dev": true, - "requires": { - "@nodelib/fs.scandir": "2.1.5", - "fastq": "^1.6.0" - } - }, - "@sindresorhus/merge-streams": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/@sindresorhus/merge-streams/-/merge-streams-1.0.0.tgz", - "integrity": "sha512-rUV5WyJrJLoloD4NDN1V1+LDMDWOa4OTsT4yYJwQNpTU6FWxkxHpL7eu4w+DmiH8x/EAM1otkPE1+LaspIbplw==", - "dev": true - }, - "ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true - }, - "ansi-styles": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", - "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "dev": true, - "requires": { - "color-convert": "^2.0.1" - } - }, - "anymatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz", - "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==", - "dev": true, - "requires": { - "normalize-path": "^3.0.0", - "picomatch": "^2.0.4" - } - }, - "autoprefixer": { - "version": "10.4.20", - "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.20.tgz", - "integrity": "sha512-XY25y5xSv/wEoqzDyXXME4AFfkZI0P23z6Fs3YgymDnKJkCGOnkL0iTxCa85UTqaSgfcqyf3UA6+c7wUvx/16g==", - "dev": true, - "requires": { - "browserslist": "^4.23.3", - "caniuse-lite": "^1.0.30001646", - "fraction.js": "^4.3.7", - "normalize-range": "^0.1.2", - "picocolors": "^1.0.1", - "postcss-value-parser": "^4.2.0" - } - }, - "binary-extensions": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz", - "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==", - "dev": true - }, - "braces": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", - "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", - "dev": true, - "requires": { - "fill-range": "^7.1.1" - } - }, - "browserslist": { - "version": "4.23.3", - "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.3.tgz", - "integrity": "sha512-btwCFJVjI4YWDNfau8RhZ+B1Q/VLoUITrm3RlP6y1tYGWIOa+InuYiRGXUBXo8nA1qKmHMyLB/iVQg5TT4eFoA==", - "dev": true, - "requires": { - "caniuse-lite": "^1.0.30001646", - "electron-to-chromium": "^1.5.4", - "node-releases": "^2.0.18", - "update-browserslist-db": "^1.1.0" - } - }, - "caniuse-lite": { - "version": "1.0.30001646", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001646.tgz", - "integrity": "sha512-dRg00gudiBDDTmUhClSdv3hqRfpbOnU28IpI1T6PBTLWa+kOj0681C8uML3PifYfREuBrVjDGhL3adYpBT6spw==", - "dev": true - }, - "chokidar": { - "version": "3.5.3", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz", - "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==", - "dev": true, - "requires": { - "anymatch": "~3.1.2", - "braces": "~3.0.2", - "fsevents": "~2.3.2", - "glob-parent": "~5.1.2", - "is-binary-path": "~2.1.0", - "is-glob": "~4.0.1", - "normalize-path": "~3.0.0", - "readdirp": "~3.6.0" - } - }, - "cliui": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", - "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", - "dev": true, - "requires": { - "string-width": "^4.2.0", - "strip-ansi": "^6.0.0", - "wrap-ansi": "^7.0.0" - } - }, - "color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "dev": true, - "requires": { - "color-name": "~1.1.4" - } - }, - "color-name": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", - "dev": true - }, - "dependency-graph": { - "version": "0.11.0", - "resolved": "https://registry.npmjs.org/dependency-graph/-/dependency-graph-0.11.0.tgz", - "integrity": "sha512-JeMq7fEshyepOWDfcfHK06N3MhyPhz++vtqWhMT5O9A3K42rdsEDpfdVqjaqaAhsw6a+ZqeDvQVtD0hFHQWrzg==", - "dev": true - }, - "electron-to-chromium": { - "version": "1.5.4", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.4.tgz", - "integrity": "sha512-orzA81VqLyIGUEA77YkVA1D+N+nNfl2isJVjjmOyrlxuooZ19ynb+dOlaDTqd/idKRS9lDCSBmtzM+kyCsMnkA==", - "dev": true - }, - "emoji-regex": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", - "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", - "dev": true - }, - "escalade": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", - "integrity": "sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==", - "dev": true - }, - "fast-glob": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", - "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==", - "dev": true, - "requires": { - "@nodelib/fs.stat": "^2.0.2", - "@nodelib/fs.walk": "^1.2.3", - "glob-parent": "^5.1.2", - "merge2": "^1.3.0", - "micromatch": "^4.0.4" - } - }, - "fastq": { - "version": "1.17.0", - "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.0.tgz", - "integrity": "sha512-zGygtijUMT7jnk3h26kUms3BkSDp4IfIKjmnqI2tvx6nuBfiF1UqOxbnLfzdv+apBy+53oaImsKtMw/xYbW+1w==", - "dev": true, - "requires": { - "reusify": "^1.0.4" - } - }, - "fill-range": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", - "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", - "dev": true, - "requires": { - "to-regex-range": "^5.0.1" - } - }, - "fraction.js": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz", - "integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==", - "dev": true - }, - "fs-extra": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.0.0.tgz", - "integrity": "sha512-4YxRvMi4P5C3WQTvdRfrv5UVqbISpqjORFQAW5QPiKAauaxNCwrEdIi6pG3tDFhKKpMen+enEhHIzB/tvIO+/w==", - "dev": true, - "requires": { - "graceful-fs": "^4.2.0", - "jsonfile": "^6.0.1", - "universalify": "^2.0.0" - } - }, - "fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "dev": true, - "optional": true - }, - "get-caller-file": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", - "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", - "dev": true - }, - "get-stdin": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-9.0.0.tgz", - "integrity": "sha512-dVKBjfWisLAicarI2Sf+JuBE/DghV4UzNAVe9yhEJuzeREd3JhOTE9cUaJTeSa77fsbQUK3pcOpJfM59+VKZaA==", - "dev": true - }, - "glob-parent": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", - "dev": true, - "requires": { - "is-glob": "^4.0.1" - } - }, - "globby": { - "version": "14.0.0", - "resolved": "https://registry.npmjs.org/globby/-/globby-14.0.0.tgz", - "integrity": "sha512-/1WM/LNHRAOH9lZta77uGbq0dAEQM+XjNesWwhlERDVenqothRbnzTrL3/LrIoEPPjeUHC3vrS6TwoyxeHs7MQ==", - "dev": true, - "requires": { - "@sindresorhus/merge-streams": "^1.0.0", - "fast-glob": "^3.3.2", - "ignore": "^5.2.4", - "path-type": "^5.0.0", - "slash": "^5.1.0", - "unicorn-magic": "^0.1.0" - } - }, - "graceful-fs": { - "version": "4.2.10", - "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz", - "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==", - "dev": true - }, - "ignore": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.0.tgz", - "integrity": "sha512-g7dmpshy+gD7mh88OC9NwSGTKoc3kyLAZQRU1mt53Aw/vnvfXnbC+F/7F7QoYVKbV+KNvJx8wArewKy1vXMtlg==", - "dev": true - }, - "is-binary-path": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", - "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", - "dev": true, - "requires": { - "binary-extensions": "^2.0.0" - } - }, - "is-extglob": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", - "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", - "dev": true - }, - "is-fullwidth-code-point": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", - "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", - "dev": true - }, - "is-glob": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", - "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", - "dev": true, - "requires": { - "is-extglob": "^2.1.1" - } - }, - "is-number": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", - "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", - "dev": true - }, - "jsonfile": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", - "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", - "dev": true, - "requires": { - "graceful-fs": "^4.1.6", - "universalify": "^2.0.0" - } - }, - "lilconfig": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.0.0.tgz", - "integrity": "sha512-K2U4W2Ff5ibV7j7ydLr+zLAkIg5JJ4lPn1Ltsdt+Tz/IjQ8buJ55pZAxoP34lqIiwtF9iAvtLv3JGv7CAyAg+g==", - "dev": true - }, - "merge2": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", - "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", - "dev": true - }, - "micromatch": { - "version": "4.0.5", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", - "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", - "dev": true, - "requires": { - "braces": "^3.0.2", - "picomatch": "^2.3.1" - } - }, - "nanoid": { - "version": "3.3.7", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", - "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", - "dev": true - }, - "node-releases": { - "version": "2.0.18", - "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.18.tgz", - "integrity": "sha512-d9VeXT4SJ7ZeOqGX6R5EM022wpL+eWPooLI+5UpWn2jCT1aosUQEhQP214x33Wkwx3JQMvIm+tIoVOdodFS40g==", - "dev": true - }, - "normalize-path": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", - "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", - "dev": true - }, - "normalize-range": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz", - "integrity": "sha1-LRDAa9/TEuqXd2laTShDlFa3WUI=", - "dev": true - }, - "path-type": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/path-type/-/path-type-5.0.0.tgz", - "integrity": "sha512-5HviZNaZcfqP95rwpv+1HDgUamezbqdSYTyzjTvwtJSnIH+3vnbmWsItli8OFEndS984VT55M3jduxZbX351gg==", - "dev": true - }, - "picocolors": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", - "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", - "dev": true - }, - "picomatch": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", - "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", - "dev": true - }, - "pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==", - "dev": true - }, - "postcss": { - "version": "8.4.49", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.49.tgz", - "integrity": "sha512-OCVPnIObs4N29kxTjzLfUryOkvZEq+pf8jTF0lg8E7uETuWHA+v7j3c/xJmiqpX450191LlmZfUKkXxkTry7nA==", - "dev": true, - "requires": { - "nanoid": "^3.3.7", - "picocolors": "^1.1.1", - "source-map-js": "^1.2.1" - } - }, - "postcss-cli": { - "version": "11.0.0", - "resolved": "https://registry.npmjs.org/postcss-cli/-/postcss-cli-11.0.0.tgz", - "integrity": "sha512-xMITAI7M0u1yolVcXJ9XTZiO9aO49mcoKQy6pCDFdMh9kGqhzLVpWxeD/32M/QBmkhcGypZFFOLNLmIW4Pg4RA==", - "dev": true, - "requires": { - "chokidar": "^3.3.0", - "dependency-graph": "^0.11.0", - "fs-extra": "^11.0.0", - "get-stdin": "^9.0.0", - "globby": "^14.0.0", - "picocolors": "^1.0.0", - "postcss-load-config": "^5.0.0", - "postcss-reporter": "^7.0.0", - "pretty-hrtime": "^1.0.3", - "read-cache": "^1.0.0", - "slash": "^5.0.0", - "yargs": "^17.0.0" - } - }, - "postcss-load-config": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-5.0.2.tgz", - "integrity": "sha512-Q8QR3FYbqOKa0bnC1UQ2bFq9/ulHX5Bi34muzitMr8aDtUelO5xKeJEYC/5smE0jNE9zdB/NBnOwXKexELbRlw==", - "dev": true, - "requires": { - "lilconfig": "^3.0.0", - "yaml": "^2.3.4" - } - }, - "postcss-reporter": { - "version": "7.0.5", - "resolved": "https://registry.npmjs.org/postcss-reporter/-/postcss-reporter-7.0.5.tgz", - "integrity": "sha512-glWg7VZBilooZGOFPhN9msJ3FQs19Hie7l5a/eE6WglzYqVeH3ong3ShFcp9kDWJT1g2Y/wd59cocf9XxBtkWA==", - "dev": true, - "requires": { - "picocolors": "^1.0.0", - "thenby": "^1.3.4" - } - }, - "postcss-value-parser": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", - "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==", - "dev": true - }, - "pretty-hrtime": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz", - "integrity": "sha512-66hKPCr+72mlfiSjlEB1+45IjXSqvVAIy6mocupoww4tBFE9R9IhwwUGoI4G++Tc9Aq+2rxOt0RFU6gPcrte0A==", - "dev": true - }, - "queue-microtask": { - "version": "1.2.3", - "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", - "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", - "dev": true - }, - "read-cache": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", - "integrity": "sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==", - "dev": true, - "requires": { - "pify": "^2.3.0" - } - }, - "readdirp": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", - "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", - "dev": true, - "requires": { - "picomatch": "^2.2.1" - } - }, - "require-directory": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", - "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", - "dev": true - }, - "reusify": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", - "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", - "dev": true - }, - "run-parallel": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", - "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", - "dev": true, - "requires": { - "queue-microtask": "^1.2.2" - } - }, - "slash": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/slash/-/slash-5.1.0.tgz", - "integrity": "sha512-ZA6oR3T/pEyuqwMgAKT0/hAv8oAXckzbkmR0UkUosQ+Mc4RxGoJkRmwHgHufaenlyAgE1Mxgpdcrf75y6XcnDg==", - "dev": true - }, - "source-map-js": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", - "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", - "dev": true - }, - "string-width": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", - "dev": true, - "requires": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - } - }, - "strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "dev": true, - "requires": { - "ansi-regex": "^5.0.1" - } - }, - "thenby": { - "version": "1.3.4", - "resolved": "https://registry.npmjs.org/thenby/-/thenby-1.3.4.tgz", - "integrity": "sha512-89Gi5raiWA3QZ4b2ePcEwswC3me9JIg+ToSgtE0JWeCynLnLxNr/f9G+xfo9K+Oj4AFdom8YNJjibIARTJmapQ==", - "dev": true - }, - "to-regex-range": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", - "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", - "dev": true, - "requires": { - "is-number": "^7.0.0" - } - }, - "unicorn-magic": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/unicorn-magic/-/unicorn-magic-0.1.0.tgz", - "integrity": "sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ==", - "dev": true - }, - "universalify": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.0.tgz", - "integrity": "sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==", - "dev": true - }, - "update-browserslist-db": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.0.tgz", - "integrity": "sha512-EdRAaAyk2cUE1wOf2DkEhzxqOQvFOoRJFNS6NeyJ01Gp2beMRpBAINjM2iDXE3KCuKhwnvHIQCJm6ThL2Z+HzQ==", - "dev": true, - "requires": { - "escalade": "^3.1.2", - "picocolors": "^1.0.1" - } - }, - "wrap-ansi": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", - "dev": true, - "requires": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - } - }, - "y18n": { - "version": "5.0.8", - "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", - "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", - "dev": true - }, - "yaml": { - "version": "2.3.4", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.4.tgz", - "integrity": "sha512-8aAvwVUSHpfEqTQ4w/KMlf3HcRdt50E5ODIQJBw1fQ5RL34xabzxtUlzTXVqc4rkZsPbvrXKWnABCD7kWSmocA==", - "dev": true - }, - "yargs": { - "version": "17.5.1", - "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.5.1.tgz", - "integrity": "sha512-t6YAJcxDkNX7NFYiVtKvWUz8l+PaKTLiL63mJYWR2GnHq2gjEWISzsLp9wg3aY36dY1j+gfIEL3pIF+XlJJfbA==", - "dev": true, - "requires": { - "cliui": "^7.0.2", - "escalade": "^3.1.1", - "get-caller-file": "^2.0.5", - "require-directory": "^2.1.1", - "string-width": "^4.2.3", - "y18n": "^5.0.5", - "yargs-parser": "^21.0.0" - } - }, - "yargs-parser": { - "version": "21.0.1", - "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.0.1.tgz", - "integrity": "sha512-9BK1jFpLzJROCI5TzwZL/TU4gqjK5xiHV/RfWLOahrjAko/e4DJkRDZQXfvqAsiZzzYhgAzbgz6lg48jcm4GLg==", - "dev": true - } - } -} diff --git a/docs/package.json b/docs/package.json index 15c781ee3f..1e7f79e64a 100644 --- a/docs/package.json +++ b/docs/package.json @@ -1,7 +1,29 @@ { + "name": "doks", + "version": "0.0.0", + "description": "Doks theme", + "author": "Thulite", + "license": "MIT", + "scripts": { + "create": "hugo new", + "dev": "hugo server --disableFastRender --noHTTPCache", + "format": "prettier **/** -w -c", + "build": "hugo --minify --gc", + "preview": "vite preview --outDir public" + }, + "dependencies": { + "@thulite/doks-core": "^1.8.0", + "@thulite/images": "^3.3.0", + "@thulite/inline-svg": "^1.1.0", + "@thulite/seo": "^2.4.1", + "@tabler/icons": "^3.12.0", + "thulite": "^2.5.0" + }, "devDependencies": { - "postcss": "8.4.49", - "autoprefixer": "10.4.20", - "postcss-cli": "11.0.0" + "prettier": "^3.3.3", + "vite": "^5.4.2" + }, + "engines": { + "node": ">=20.11.0" } -} +} \ No newline at end of file diff --git a/docs/static/.gitkeep b/docs/static/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/docs/static/fonts/worksans/work-sans-v19-latin-500.woff2 b/docs/static/fonts/worksans/work-sans-v19-latin-500.woff2 new file mode 100644 index 0000000000..f400e01be4 Binary files /dev/null and b/docs/static/fonts/worksans/work-sans-v19-latin-500.woff2 differ diff --git a/docs/static/fonts/worksans/work-sans-v19-latin-regular.woff2 b/docs/static/fonts/worksans/work-sans-v19-latin-regular.woff2 new file mode 100644 index 0000000000..a701d03399 Binary files /dev/null and b/docs/static/fonts/worksans/work-sans-v19-latin-regular.woff2 differ diff --git a/unittests/test_parsers.py b/unittests/test_parsers.py index ff1237ae53..2e61c48273 100644 --- a/unittests/test_parsers.py +++ b/unittests/test_parsers.py @@ -28,7 +28,7 @@ def test_file_existence(self): "wizcli_common_parsers", # common class for other wizcli parsers ]: with self.subTest(parser=parser_dir.name, category="docs"): - doc_file = os.path.join(basedir, "docs", "content", "en", "integrations", "parsers", category, f"{doc_name}.md") + doc_file = os.path.join(basedir, "docs", "content", "en", "connecting_your_tools", "parsers", category, f"{doc_name}.md") self.assertTrue( Path(doc_file).is_file(), f"Documentation file '{doc_file}' is missing or using different name", @@ -103,7 +103,7 @@ def test_file_existence(self): i = 0 def test_parser_existence(self): - for docs in os.scandir(os.path.join(basedir, "docs", "content", "en", "integrations", "parsers", "file")): + for docs in os.scandir(os.path.join(basedir, "docs", "content", "en", "connecting_your_tools", "parsers", "file")): if docs.name not in [ "_index.md", "codeql.md", "edgescan.md", ]: