Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs: add supported report types index / maintenance #11921

Merged
merged 15 commits into from
Mar 7, 2025
Merged

Docs: add supported report types index / maintenance #11921

merged 15 commits into from
Mar 7, 2025

Conversation

paulOsinski
Copy link
Contributor

@paulOsinski paulOsinski commented Feb 28, 2025
edited
Loading

  • Adds 'Supported Tools' to the header along with an index page listing each supported report type. Also includes a minor Hugo template change to allow this page to render nicely.
  • Adds additional content to SSO configuration to account for Docker environment variables
  • Fixes broken 'Supported Tools' link
  • Clarifies external tools usecase
  • fix every remaining broken path (!) [thank you to https://github.com/filiph/linkcheck, I don't know why I didn't use this sooner]

[sc-10088]
[sc-10089]
[sc-10156]
[sc-10438]

@github-actions github-actions bot added the docs label Feb 28, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 28, 2025
edited
Loading

DryRun Security Summary

DefectDojo documentation repository updates revealed multiple security observations, including URL exposures, potential information disclosure, and configuration details that could aid security assessments.

Expand for full summary

DefectDojo documentation repository received multiple updates across various files, primarily focusing on documentation link corrections, formatting improvements, and content clarifications. Multiple security observations were identified across the patches.

Security Findings:

  1. URL Exposure: Several patches revealed internal URLs and development endpoints, including localhost configurations and API routes (e.g., https://cloud.defectdojo.com/accounts/, http://localhost:8080)
  2. Potential Information Disclosure: Documentation patches exposed details about authentication methods, cloud management interfaces, and system configuration mechanics
  3. Webhook Security Considerations: Experimental webhook features were noted with potential unvetted security implementations
  4. Local Development URL Risks: Some examples used unencrypted http:// URLs, indicating potential insecure communication protocols
  5. Sensitive Configuration Details: Some patches revealed system configuration variables and performance tuning parameters

While no direct code-level vulnerabilities were introduced, the documentation updates provide insights into DefectDojo's internal structures and configuration methods that could be valuable for potential security assessments.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Mar 3, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@paulOsinski paulOsinski changed the base branch from master to bugfix March 3, 2025 21:12
dogboat
dogboat requested changes Mar 4, 2025
View reviewed changes
docs/content/en/customize_dojo/user_management/configure_sso.md Outdated
@@ -141,7 +141,7 @@ When a user is removed from a given group in Azure AD, they will also be removed

### Open-Source

Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](../../open_source/installation/configuration)).
Open-Source users will need to map these variables as an environment variable, or in the `local_settings.py` file. (see [Configuration](../../open_source/installation/configuration)).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"map" replaced with "set" elsewhere below -- does this one need to change as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not actually sure what word is most accurate, map or set?

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 6, 2025

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 6, 2025

Conflicts have been resolved. A maintainer will review the pull request shortly.

@dogboat @Maffooch
Update docs/content/en/customize_dojo/user_management/configure_sso.md
d4319d5 
Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
@Maffooch Maffooch merged commit 32ee0bf into DefectDojo:bugfix Mar 7, 2025
77 checks passed
@paulOsinski paulOsinski deleted the docs-reporttypes branch March 12, 2025 18:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch

@grendel513 grendel513

@mtesauro mtesauro

@dogboat dogboat

Assignees
No one assigned
Labels
docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@paulOsinski @grendel513 @mtesauro @dogboat @Maffooch