Readme docs update

[paulOsinski]

Updates broken links on readme.md to fix #11500

[dryrunsecurity]

DryRun Security Summary

The pull request updates DefectDojo's documentation and adds LDAP authentication support, focusing on improving API documentation, security best practices, and enabling integration with existing LDAP infrastructures.

Expand for full summary

Summary:

The code changes in this pull request focus on updating the documentation and adding support for LDAP (Lightweight Directory Access Protocol) authentication in the DefectDojo application.

The documentation changes provide a comprehensive guide for developers to leverage the DefectDojo API, including details on authentication, API endpoints, and available client/wrapper libraries. From a security perspective, the documentation highlights the use of token-based authentication, the importance of input validation, and the need to ensure that client libraries are regularly updated and maintained.

The addition of LDAP authentication support is a significant security-related feature that allows DefectDojo to integrate with an organization's existing LDAP infrastructure. The changes include updates to the Dockerfile, Python dependencies, Django settings, and authentication backends to enable LDAP integration. As an application security engineer, I would recommend thorough testing of the LDAP configuration, secure management of LDAP credentials, and careful consideration of potential LDAP injection risks and LDAP directory security.

Files Changed:

1. docs/content/en/open_source/api-v2-docs.md: This file has been updated to provide detailed documentation on the DefectDojo API v2, including information on authentication, API endpoints, and available client/wrapper libraries. The changes focus on security best practices, such as the use of token-based authentication and the importance of input validation.

2. README.md: The project's README file has been updated to reflect the new documentation site, remove references to the AWS AMI, and provide more details on the project's community and contributors. The changes do not introduce any security concerns, but they do highlight important security-related aspects, such as authentication options and the security of the tool parsers.

3. docs/content/en/open_source/ldap-authentication.md: This new file introduces support for LDAP authentication in the DefectDojo application. The changes include updates to the Dockerfile, Python dependencies, Django settings, and authentication backends to enable LDAP integration. As an application security engineer, I would recommend careful consideration of LDAP credential management, LDAP configuration validation, LDAP group-based access controls, LDAP injection risks, and the overall security of the LDAP directory.

Code Analysis

We ran 9 analyzers against 3 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[cneill]

Should this be updated for the new path?

Suggested change

	If you use [an alternative authentication method](../social-authentication/) for users, you may want to disable DefectDojo API tokens because it could bypass your authentication concept. \
	If you use [an alternative authentication method](/en/open_source/archived_docs/integrations/social-authentication/) for users, you may want to disable DefectDojo API tokens because it could bypass your authentication concept. \

[cneill]

Suggested change

	- [https://pypi.org/project/python-ldap/](python-ldap)
	- [https://pypi.org/project/django-auth-ldap/](django-auth-ldap)
	- [python-ldap](https://pypi.org/project/python-ldap/)
	- [django-auth-ldap](https://pypi.org/project/django-auth-ldap/)

[cneill]

I'm not sure if there's a new page for this, but this link throws a 404

[cneill]

Guessing maybe this should be changed since /api/v2/doc will no longer work. Maybe point to the Swagger UI as below? /api/v2 will return something like this if you provide a token, but I imagine the Swagger UI will be more useful for most people:

{
  "announcements": "https://demo.defectdojo.org/api/v2/announcements/",
  "configuration_permissions": "https://demo.defectdojo.org/api/v2/configuration_permissions/",
  "credential_mappings": "https://demo.defectdojo.org/api/v2/credential_mappings/",
  "credentials": "https://demo.defectdojo.org/api/v2/credentials/",
  "development_environments": "https://demo.defectdojo.org/api/v2/development_environments/",
  "dojo_groups": "https://demo.defectdojo.org/api/v2/dojo_groups/",
  "dojo_group_members": "https://demo.defectdojo.org/api/v2/dojo_group_members/",
  "endpoints": "https://demo.defectdojo.org/api/v2/endpoints/",
  "endpoint_meta_import": "https://demo.defectdojo.org/api/v2/endpoint_meta_import/",
  "endpoint_status": "https://demo.defectdojo.org/api/v2/endpoint_status/",
  "engagements": "https://demo.defectdojo.org/api/v2/engagements/",
...

Suggested change

	[`/api/v2/doc/`](https://demo.defectdojo.org/api/v2/) and can be accessed by choosing the API v2
	[`/api/v2/oa3/swagger-ui/`](https://demo.defectdojo.org/api/v2/oa3/swagger-ui/) and can be accessed by choosing the API v2

[cneill]

We generally discourage editing settings.dist.py now... I think local_settings.py would be the appropriate file to reference here? CC @Maffooch