Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: Merge back 2.41.3 into dev from: master-into-dev/2.41.3-2.42.0-dev #11462

Merged
merged 15 commits into from
Dec 23, 2024
Merged

Release: Merge back 2.41.3 into dev from: master-into-dev/2.41.3-2.42.0-dev #11462

merged 15 commits into from
Dec 23, 2024

Conversation

github-actions[bot]
Copy link
Contributor

Release triggered by rossops

DefectDojo release bot and others added 14 commits December 16, 2024 16:04
Update versions in application files
71e858c
@rossops
Merge pull request #11430 from DefectDojo/master-into-bugfix/2.41.2-2…
bba3871 
….42.0-dev

Release: Merge back 2.41.2 into bugfix from: master-into-bugfix/2.41.2-2.42.0-dev
@dependabot
Bump nanoid from 3.3.7 to 3.3.8 in /docs (#11421)
209fbb4 
Bumps [nanoid](https://github.com/ai/nanoid) from 3.3.7 to 3.3.8.
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.3.7...3.3.8)

---
updated-dependencies:
- dependency-name: nanoid
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@paulOsinski
[docs] Pro Docs release notes - 2.41.2 (#11420)
f6be5e8 
Co-authored-by: Paul Osinski <[email protected]>
@Maffooch
Release Drafter: Update upgrade notes link
e80b7d9
@Maffooch @cneill
Notifications: Convert to classes (#11296)
2f79dc6 
* Struggle bussing

* Getting tests sorted out

* Some tweaks

* Formatting

* Update mocks

* Correct ruff

* Update dojo/notifications/helper.py

Co-authored-by: Charles Neill <[email protected]>

* Update dojo/notifications/helper.py

Co-authored-by: Charles Neill <[email protected]>

* Update dojo/notifications/helper.py

Co-authored-by: Charles Neill <[email protected]>

* Update dojo/notifications/helper.py

Co-authored-by: Charles Neill <[email protected]>

* Make `no_users` default to False in more than one place

* Last ruff fix

---------

Co-authored-by: Charles Neill <[email protected]>
@manuel-sommer
fix typo in docs (#11387)
e939ca1
@paulOsinski @Maffooch
2.41.1: docs maintenance (#11413)
f1d6d02 
* qa connectors: merge articles, fix links

* qa 'connecting tools': labels, weights, content

* qa user mgmt docs: weights, content, links

* fix broken links

* fix upgrade notes typo

---------

Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: Cody Maffucci <[email protected]>
@Maffooch
Qualys Hacker Guardian: Set Dedupe Config (#11442)
7f7803a
@hblankenship
Dedupe settings for Horusec Scan (#11418)
f248414
Update versions in application files
e8c98f1
@rossops
Merge branch 'master' into release/2.41.3
bc6b530
@rossops
Merge pull request #11460 from DefectDojo/release/2.41.3
8facda6 
Release: Merge release into master from: release/2.41.3
Update versions in application files
e4e11c9
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Dec 23, 2024
edited
Loading

DryRun Security Summary

The GitHub Pull Request focuses on comprehensive documentation updates for the DefectDojo application security platform, improving user understanding of API connectors, import methods, user management, and security features across various documentation files.

Expand for full summary

Summary:

The changes in this GitHub Pull Request are primarily focused on updating the documentation for various features and integrations within the DefectDojo application security platform. The key updates include:

  1. Improvements to the documentation for API Connectors, a pro-feature that allows integrating DefectDojo with other security tools. The changes provide more detailed guidance on setting up, managing, and using the Connectors functionality.

  2. Updates to the documentation for import methods, including the Universal Importer, Smart Upload, and Reimport features. These changes aim to improve the user experience and provide more clarity around the security implications and best practices for using these import capabilities.

  3. Enhancements to the user management and permissions documentation, covering topics such as user groups, SSO configuration, and detailed permission charts. These updates are important from a security perspective, as they help ensure that access controls and user privileges are properly managed and understood.

  4. Minor documentation updates across various other areas, including changelog entries, supported tools, and general organizational changes to improve the structure and navigation of the documentation.

Overall, the changes in this Pull Request appear to be focused on improving the documentation and user experience for the DefectDojo platform, with a strong emphasis on security-related aspects and best practices. These updates can help users better understand and leverage the security features and integrations provided by DefectDojo, ultimately enhancing the application's overall security posture.

Files Changed:

  • docs/content/en/connecting_your_tools/connectors/_index.md: Updates the documentation for API Connectors, including the addition of a "pro-feature" note and changes to the page title and weight.
  • docs/content/en/about_defectdojo/new_user_checklist.md: Updates the documentation for the "New User Checklist", including changes to links and formatting.
  • .github/release-drafter.yml: Updates the configuration for the Release Drafter GitHub Action, including changes to the documentation link.
  • docs/content/en/changelog/changelog.md: Updates the changelog for the DefectDojo Pro (Cloud Version) application, including changes to the API, Beta UI, Findings, Classic UI, and documentation.
  • docs/content/en/connecting_your_tools/connectors/about_connectors.md: Expands the documentation for the "About Connectors" page, including a note about Connectors being a pro-feature and a list of supported tools.
  • docs/content/en/connecting_your_tools/connectors/add_edit_connectors.md: Adds documentation for adding and editing connectors, including information about API key management and secure communication.
  • docs/content/en/connecting_your_tools/connectors/connectors_tool_reference.md: Provides detailed setup instructions for various tool integrations, with a focus on security best practices.
  • docs/content/en/connecting_your_tools/connectors/manage_operations.md: Adds documentation for managing the "Discover" and "Sync" operations for API connectors.
  • docs/content/en/connecting_your_tools/connectors/manage_records.md: Updates the documentation for managing records in the DefectDojo platform, including information about record states and warnings.
  • docs/content/en/connecting_your_tools/external_tools.md: Updates the documentation for the Universal Importer and Dojo-CLI tools, including a note about them being pro-features.
  • docs/content/en/connecting_your_tools/import_intro.md: Updates the documentation for the "Import Methods" section, including changes to the "Comparing Upload Methods" table and the "Product Hierarchy" section.
  • docs/content/en/connecting_your_tools/import_scan_files/api_pipeline_modelling.md: Updates the documentation for creating an automated import pipeline via the DefectDojo API.
  • docs/content/en/connecting_your_tools/import_scan_files/_index.md: Updates the weight property of the "Supported Reports" page.
  • docs/content/en/connecting_your_tools/import_scan_files/import_scan_ui.md: Updates the documentation for the "Import Scan Form" feature.
  • docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md: Adds documentation for the "Reimport" feature, which allows adding new findings to an existing test.
  • `docs/content/en/connecting_your_tools/import_scan_files

Code Analysis

We ran 9 analyzers against 30 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 4 findings

Overall Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

@github-actions GitHub Actions
Copy link
Contributor Author

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor Author

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions github-actions bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR conflicts-detected docs unittests helm and removed conflicts-detected labels Dec 23, 2024
@rossops rossops merged commit 85fe160 into dev Dec 23, 2024
73 of 74 checks passed
@rossops rossops deleted the master-into-dev/2.41.3-2.42.0-dev branch December 23, 2024 16:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
conflicts-detected docs helm settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rossops @paulOsinski @Maffooch @manuel-sommer @hblankenship