Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.42.0 docs updates #11524

Closed
wants to merge 16 commits into from
Closed

2.42.0 docs updates #11524

wants to merge 16 commits into from

Conversation

paulOsinski
Copy link
Contributor

@paulOsinski paulOsinski commented Jan 7, 2025
edited
Loading

  • QA and reformatting: creating a report
  • Beta UI article
  • Additional info on Jira removal
  • Switching SVGs for PNG

[sc-9270]
[sc-9639]
[sc-9762]

DefectDojo release bot and others added 2 commits January 6, 2025 15:13
Update versions in application files
08fc8eb
@Maffooch
Merge pull request DefectDojo#11514 from DefectDojo/master-into-bugfi…
600eccc 
…x/2.42.0-2.43.0-dev

Release: Merge back 2.42.0 into bugfix from: master-into-bugfix/2.42.0-2.43.0-dev
@github-actions github-actions bot added the docs label Jan 7, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 7, 2025
edited
Loading

DryRun Security Summary

The code changes to DefectDojo focus on improving application functionality, security, and documentation, with updates to the API, UI, Jira integration, and dependency management, while maintaining a generally positive security posture.

Expand for full summary

Summary:

The provided code changes cover a range of updates to the DefectDojo application, including improvements to the API, enhancements to the Beta UI, updates to the Jira integration documentation, and minor version updates. From an application security perspective, the changes generally do not introduce any significant security concerns, but there are a few areas that warrant further review and consideration:

  1. Dependency Updates: The update to the package.json file, including the jQuery version update, is a positive security practice as it helps address known vulnerabilities in the libraries used by the application. However, it's important to thoroughly test the application after the update to ensure that no regressions or new issues have been introduced.

  2. Jira Integration: The changes to the Jira integration documentation highlight the importance of properly configuring the integration to ensure secure and effective communication between DefectDojo and Jira. Aspects like Webhook security, firewall configuration, and data retention should be carefully reviewed.

  3. API Payload Customization: The ability for Pro users to specify the fields they want to return in an API payload is a positive security feature, as it allows them to minimize the amount of data being transferred and potentially exposed.

  4. Deduplication Improvements: The changes to the deduplication logic for various tools can help improve the accuracy of finding deduplication and reduce the risk of missed or duplicate vulnerabilities.

Overall, the code changes appear to be focused on improving the functionality, usability, and security of the DefectDojo application. As an application security engineer, I would recommend thoroughly reviewing the changes, testing the application, and monitoring any future updates to ensure the ongoing security and integrity of the application.

Files Changed:

  1. components/package.json: Update to the application version and various library dependencies, including a jQuery version update.
  2. docs/content/en/about_defectdojo/ui_pro_vs_os.md: Documentation update for the introduction of a new "Beta UI" for the DefectDojo Pro version.
  3. docs/content/en/customize_dojo/notifications/configure_system_notifs.md: Documentation update for the configuration of system-wide notifications in DefectDojo.
  4. docs/content/en/api/api-v2-docs.md: Documentation update for the DefectDojo API v2, including information on authentication and available API wrappers/clients.
  5. docs/content/en/open_source/installation/architecture.md: Replacement of an SVG image with a PNG image for the architectural diagram of the DefectDojo platform.
  6. docs/content/en/open_source/archived_docs/usage/models.md: Documentation update, including the replacement of an inline SVG image with an external image file.
  7. docs/content/en/share_your_findings/jira_integration/_index.md: Documentation update for the "Send Findings To Jira" functionality.
  8. docs/content/en/changelog/changelog.md: Documentation update for new features and improvements in the DefectDojo Pro (Cloud Version) application.
  9. docs/content/en/share_your_findings/pro_reports/using_the_report_builder.md: Documentation update for the "Using the Report Builder" feature in the DefectDojo application.
  10. docs/content/en/share_your_findings/jira_integration/add_jira_to_product.md: Documentation update for integrating Jira with DefectDojo.
  11. docs/content/en/share_your_findings/jira_integration/connect_to_jira.md: Documentation update for the Jira integration functionality in DefectDojo.
  12. docs/content/en/share_your_findings/jira_integration/troubleshooting_jira.md: Documentation update for troubleshooting issues with the Jira integration in DefectDojo.
  13. dojo/__init__.py: Minor update to the version number of the DefectDojo application.
  14. docs/content/en/share_your_findings/pro_reports/working_with_generated_reports.md: Documentation update for working with generated reports in DefectDojo.
  15. helm/defectdojo/Chart.yaml: Update to the Helm chart for the DefectDojo application, including the underlying application version update.

Code Analysis

We ran 9 analyzers against 23 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

View PR in the DryRun Dashboard.

@paulOsinski paulOsinski changed the title 2.42.0 docs updates (WIP) 2.42.0 docs updates Jan 7, 2025
@paulOsinski paulOsinski marked this pull request as ready for review January 7, 2025 21:45
Paul Osinski and others added 6 commits January 10, 2025 11:14
replace SVGs with PNG
79609d9
add info on disconnecting Jira instances
7afafbb
Update versions in application files
9b51fee
@rossops
Merge branch 'master' into release/2.42.1
5c64bbd
@rossops
Merge pull request DefectDojo#11557 from DefectDojo/release/2.42.1
0b4bfeb 
Release: Merge release into master from: release/2.42.1
@paulOsinski
update Pro changelog 2.42.0 (DefectDojo#11518)
65d3bc2 
* update Pro changelog 2.42.0

* qa 'share your Findings'

* changelog 2.42.2

* fix typo working_with_generated_reports.md

---------

Co-authored-by: Paul Osinski <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions github-actions bot added the helm label Jan 14, 2025
@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@paulOsinski paulOsinski mentioned this pull request Jan 14, 2025
Merged
@paulOsinski
Copy link
Contributor Author

Moving this to a new PR here - ended up with some non-docs files included #11568

@paulOsinski paulOsinski deleted the docsupdates-2.42.0 branch January 25, 2025 03:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees
No one assigned
Labels
docs helm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@paulOsinski @blakeaowens @Maffooch @rossops