Merge pull request #11722 from DefectDojo/bugfix

Release 2.43.0: Merge Bugfix into Dev

Author: rossops

.github/workflows/gh-pages.yml

@@ -39,8 +39,8 @@ jobs:
 
       - name: Setup Pages
         id: pages
-        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 - use this after https://github.com/DefectDojo/django-DefectDojo/pull/11329
-      
+        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
+
       - name: Install dependencies
         run: cd docs && npm ci
 

_config.yml

@@ -24,7 +24,7 @@ echo "Creating Announcement Banner"
 cat <<EOD | python3 manage.py shell
 from dojo.models import Announcement, UserAnnouncement, Dojo_User
 announcement, created = Announcement.objects.get_or_create(id=1)
-announcement.message = '<a href="https://www.defectdojo.com/pricing" target="_blank">Cloud and On-Premise Subscriptions Now Available! Click here for more details</a>'
+announcement.message = '<a href="https://defectdojo.com/contact" target="_blank">Cloud and On-Premise Subscriptions Now Available! Click here for more details</a>'
 announcement.dismissable = True
 announcement.save()
 for dojo_user in Dojo_User.objects.all():

docker/entrypoint-initializer.sh

@@ -6,8 +6,7 @@ Input Type:
 -
 This parser takes JSON Lines Output from Nosey Parker: https://github.com/praetorian-inc/noseyparkerSupports
 
-Supports version 0.16.0: 
-https://github.com/praetorian-inc/noseyparker/releases/tag/v0.16.0
+Supports versions [0.16.0](https://github.com/praetorian-inc/noseyparker/releases/tag/v0.16.0) and [0.22.0](https://github.com/praetorian-inc/noseyparker/releases/tag/v0.22.0) 
 
 Things to note about the Nosey Parker Parser:
 - 

docs/content/en/connecting_your_tools/parsers/file/noseyparker.md

@@ -1,81 +1,7 @@
 ---
 title: "Notification Webhooks (experimental)"
-description: "How to setup and use webhooks"
 weight: 7
 chapter: true
 sidebar:
     collapsed: true
 ---
-
-Webhooks are HTTP requests coming from the DefectDojo instance towards a user-defined webserver which expects this kind of incoming traffic.
-
-## Transition graph:
-
-It is not unusual that in some cases a webhook can not be delivered. It is usually connected to network issues, server misconfiguration, or running upgrades on the server. DefectDojo needs to react to these outages. It might temporarily or permanently disable related endpoints. The following graph shows how it might change the status of the webhook definition based on HTTP responses (or manual user interaction).
-
-```mermaid
-flowchart TD
-
-    START{{Endpoint created}}
-    ALL{All states}
-    STATUS_ACTIVE([STATUS_ACTIVE])
-    STATUS_INACTIVE_TMP
-    STATUS_INACTIVE_PERMANENT
-    STATUS_ACTIVE_TMP([STATUS_ACTIVE_TMP])
-    END{{Endpoint removed}}
-
-    START ==> STATUS_ACTIVE
-    STATUS_ACTIVE --HTTP 200 or 201 --> STATUS_ACTIVE
-    STATUS_ACTIVE --HTTP 5xx <br>or HTTP 429 <br>or Timeout--> STATUS_INACTIVE_TMP
-    STATUS_ACTIVE --Any HTTP 4xx response<br>or any other HTTP response<br>or non-HTTP error--> STATUS_INACTIVE_PERMANENT
-    STATUS_INACTIVE_TMP -.After 60s.-> STATUS_ACTIVE_TMP
-    STATUS_ACTIVE_TMP --HTTP 5xx <br>or HTTP 429 <br>or Timeout <br>within 24h<br>from the first error-->STATUS_INACTIVE_TMP
-    STATUS_ACTIVE_TMP -.After 24h.-> STATUS_ACTIVE
-    STATUS_ACTIVE_TMP --HTTP 200 or 201 --> STATUS_ACTIVE_TMP
-    STATUS_ACTIVE_TMP --HTTP 5xx <br>or HTTP 429 <br>or Timeout <br>within 24h from the first error<br>or any other HTTP response or error--> STATUS_INACTIVE_PERMANENT
-    ALL ==Activation by user==> STATUS_ACTIVE
-    ALL ==Deactivation by user==> STATUS_INACTIVE_PERMANENT
-    ALL ==Removal of endpoint by user==> END
-```
-
-Notes: 
-
-1. Transitions:
-    - bold: manual changes by user
-    - dotted: automated by celery
-    - others: based on responses on webhooks
-1. Nodes:
-    - Stadium-shaped: Active - following webhook can be sent
-    - Rectangles: Inactive - performing of webhook will fail (and not retried)
-    - Hexagonal: Initial and final states
-    - Rhombus: All states (meta node to make the graph more readable)
-
-## Body and Headers
-
-The body of each request is JSON which contains data about related events like names and IDs of affected elements.
-Examples of bodies are on pages related to each event (see below).
-
-Each request contains the following headers. They might be useful for better handling of events by the server receiving them.
-
-```yaml
-User-Agent: DefectDojo-<version of DD>
-X-DefectDojo-Event: <name of the event>
-X-DefectDojo-Instance: <Base URL for DD instance>
-```
-## Disclaimer
-
-This functionality is new and in experimental mode. This means functionality might generate breaking changes in following DefectDojo releases and might not be considered final.
-
-However, the community is open to feedback to make this functionality better and get it stable as soon as possible.
-
-## Roadmap
-
-There are a couple of known issues that are expected to be resolved as soon as core functionality is considered ready.
-
-- Support events - Not only adding products, product types, engagements, tests, or upload of new scans but also events around SLA
-- User webhook - right now only admins can define webhooks; in the future, users will also be able to define their own
-- Improvement in UI - add filtering and pagination of webhook endpoints
-
-## Events
-
-<!-- Hugo automatically renders list of subpages here -->

docs/content/en/open_source/notification_webhooks/_index.md

@@ -1,6 +1,6 @@
 ---
 title: "Event: engagement_added"
-weight: 3
+weight: 4
 chapter: true
 ---
 

docs/content/en/open_source/notification_webhooks/engagement_added.md

@@ -0,0 +1,83 @@
+---
+title: "How to setup and use webhooks"
+weight: 1
+chapter: true
+---
+
+Webhooks are HTTP requests coming from the DefectDojo instance towards a user-defined webserver which expects this kind of incoming traffic.
+
+## Transition graph:
+
+It is not unusual that in some cases a webhook can not be delivered. It is usually connected to network issues, server misconfiguration, or running upgrades on the server. DefectDojo needs to react to these outages. It might temporarily or permanently disable related endpoints. The following graph shows how it might change the status of the webhook definition based on HTTP responses (or manual user interaction).
+
+```kroki {type=mermaid}
+flowchart TD
+
+    START{{Endpoint created}}
+    ALL{All states}
+    STATUS_ACTIVE([STATUS_ACTIVE])
+    STATUS_INACTIVE_TMP
+    STATUS_INACTIVE_PERMANENT
+    STATUS_ACTIVE_TMP([STATUS_ACTIVE_TMP])
+    END{{Endpoint removed}}
+
+    START ==> STATUS_ACTIVE
+    STATUS_ACTIVE --HTTP 200 or 201 --> STATUS_ACTIVE
+    STATUS_ACTIVE --HTTP 5xx <br>or HTTP 429 <br>or Timeout--> STATUS_INACTIVE_TMP
+    STATUS_ACTIVE --Any HTTP 4xx response<br>or any other HTTP response<br>or non-HTTP error--> STATUS_INACTIVE_PERMANENT
+    STATUS_INACTIVE_TMP -.After 60s.-> STATUS_ACTIVE_TMP
+    STATUS_ACTIVE_TMP --HTTP 5xx <br>or HTTP 429 <br>or Timeout <br>within 24h<br>from the first error-->STATUS_INACTIVE_TMP
+    STATUS_ACTIVE_TMP -.After 24h.-> STATUS_ACTIVE
+    STATUS_ACTIVE_TMP --HTTP 200 or 201 --> STATUS_ACTIVE_TMP
+    STATUS_ACTIVE_TMP --HTTP 5xx <br>or HTTP 429 <br>or Timeout <br>within 24h from the first error<br>or any other HTTP response or error--> STATUS_INACTIVE_PERMANENT
+    ALL ==Activation by user==> STATUS_ACTIVE
+    ALL ==Deactivation by user==> STATUS_INACTIVE_PERMANENT
+    ALL ==Removal of endpoint by user==> END
+```
+
+Notes: 
+
+1. Transitions:
+    - bold: manual changes by user
+    - dotted: automated by celery
+    - others: based on responses on webhooks
+1. Nodes:
+    - Stadium-shaped: Active - following webhook can be sent
+    - Rectangles: Inactive - performing of webhook will fail (and not retried)
+    - Hexagonal: Initial and final states
+    - Rhombus: All states (meta node to make the graph more readable)
+
+## Body and Headers
+
+The body of each request is JSON which contains data about related events like names and IDs of affected elements.
+Examples of bodies are on pages related to each event (see below).
+
+Each request contains the following headers. They might be useful for better handling of events by the server receiving them.
+
+```yaml
+User-Agent: DefectDojo-<version of DD>
+X-DefectDojo-Event: <name of the event>
+X-DefectDojo-Instance: <Base URL for DD instance>
+```
+## Disclaimer
+
+This functionality is new and in experimental mode. This means functionality might generate breaking changes in following DefectDojo releases and might not be considered final.
+
+However, the community is open to feedback to make this functionality better and get it stable as soon as possible.
+
+## Roadmap
+
+There are a couple of known issues that are expected to be resolved as soon as core functionality is considered ready.
+
+- Support events - Not only adding products, product types, engagements, tests, or upload of new scans but also events around SLA
+- User webhook - right now only admins can define webhooks; in the future, users will also be able to define their own
+- Improvement in UI - add filtering and pagination of webhook endpoints
+
+## Events
+
+- [`product_type_added`](../product_type_added)
+- [`product_added`](../product_added)
+- [`engagement_added`](../engagement_added)
+- [`test_added`](../test_added)
+- [`scan_added` and `scan_added_empty`](../scan_added)
+- [`ping`](../ping)

docs/content/en/open_source/notification_webhooks/how_to.md

@@ -0,0 +1,21 @@
+---
+title: "Event: ping"
+weight: 7
+chapter: true
+---
+
+An event `ping` is sent during Webhook setup to test whether the endpoint is up and responding with the expected status code.
+
+## Event HTTP header
+```yaml
+X-DefectDojo-Event: ping
+```
+
+## Event HTTP body
+```json
+{
+    "description": "Test webhook notification",
+    "title": "",
+    "user": null,
+}
+```

docs/content/en/open_source/notification_webhooks/ping.md

@@ -1,6 +1,6 @@
 ---
 title: "Event: product_added"
-weight: 2
+weight: 3
 chapter: true
 ---
 

docs/content/en/open_source/notification_webhooks/product_added.md

@@ -1,6 +1,6 @@
 ---
 title: "Event: product_type_added"
-weight: 1
+weight: 2
 chapter: true
 ---