Merge branch 'bugfix' of https://github.com/paulOsinski/django-DefectDojo into bugfix

Author: Paul Osinski

README.md

@@ -24,18 +24,18 @@
     </tr>
  </table>
 
-![Screenshot of DefectDojo](https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/screenshot1.png)
-
 [DefectDojo](https://www.defectdojo.com/) is a DevSecOps, ASPM (application security posture management), and
 vulnerability management tool.  DefectDojo orchestrates end-to-end security testing, vulnerability tracking,
 deduplication, remediation, and reporting.
 
 ## Demo
 
-Try out DefectDojo on our demo server at [demo.defectdojo.org](https://demo.defectdojo.org)
+Pro Edition: [pro.demo.defectdojo.com](https://pro.demo.defectdojo.com)
+
+Community Edition: [demo.defectdojo.org](https://demo.defectdojo.org)
 
-Log in with username `admin` and password `1Defectdojo@demo#appsec`. Please note that the demo is publicly accessible
-and regularly reset. Do not put sensitive data in the demo. An easy way to test Defect Dojo is to upload some [sample scan reports](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans).
+Either demo enviornment can be logged into with username `admin` and password `1Defectdojo@demo#appsec`. Please note that the demos are publicly accessible
+and reset every day. Do not put sensitive data in the demo. An easy way to test DefectDojo is to upload some [sample scan reports](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans).
 
 ## Quick Start for Compose V2
 
@@ -91,8 +91,9 @@ Navigate to `http://localhost:8080` to see your new instance!
 
 ## Supported Installation Options
 
+* [SaaS](https://cloud.defectdojo.com/accounts/onboarding/plg_step_1) - New UI, addittional features, includes support & supports the project
 * [Docker / Docker Compose](readme-docs/DOCKER.md)
-* [SaaS](https://www.defectdojo.com/) - Includes Support & Supports the Project
+
 
 ## Community, Getting Involved, and Updates
 
@@ -101,22 +102,20 @@ Navigate to `http://localhost:8080` to see your new instance!
 [<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/Twitter_Logo.png" alt="Twitter" height="50"/>](https://twitter.com/defectdojo)
 [<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/YouTube-Emblem.png" alt="Youtube" height="50"/>](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ)
 
-[Join the OWASP Slack community](https://owasp.org/slack/invite) and participate in the discussion! You can find us in
+[Join the OWASP Slack Community](https://owasp.org/slack/invite) and participate in the discussion! You can find us in
 our channel there, [#defectdojo](https://owasp.slack.com/channels/defectdojo). Follow DefectDojo on
 [Twitter](https://twitter.com/defectdojo), [LinkedIn](https://www.linkedin.com/company/defectdojo), and
 [YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) for project updates!
 
 ## Contributing
 
-Please see our [contributing guidelines](readme-docs/CONTRIBUTING.md) for more
-information.
+Please see our [contributing guidelines](readme-docs/CONTRIBUTING.md) for details and standards on contributing __before__ considering or submitting a pull request.
 
 ## Pro Edition
-[Upgrade to DefectDojo Pro](https://www.defectdojo.com/) today to take your DevSecOps to 11. DefectDojo Pro is
-designed to meet you wherever you are on your security journey and help you scale, with enhanced dashboards, additional
-smart features, tunable deduplication, and support from DevSecOps experts.
 
-Alternatively, for information please email info@defectdojo.com
+[Upgrade to DefectDojo Pro!](https://defectdojo.com/pricing) Pro transcends the do-it-yourself approach of open-source: A new UI, incredibile scalability, API connectors, ServiceNow, GitHub, GitLab, Azure DevOps, automatic data enrichment, prioritization, and more! See all the differentiators at the bottom of our pricing page: [defectdojo.com/pricing](https://defectdojo.com/pricing).
+
+Alternatively, for information please email hello@defectdojo.com
 
 ## About Us
 

docs/assets/images/integrators_1.png

@@ -0,0 +1,82 @@
+---
+title: "Integrations Guide (Pro)"
+weight: 1
+---
+
+DefectDojo Pro's Integrations let you push your Findings and Finding Groups to ticket tracking systems to easily integrate security remediation with your teams existing development workflow.
+
+Supported Integrations:
+- [Azure Devops](/en/share_your_findings/integrations_toolreference/#azure-devops-boards)
+- [GitHub](/en/share_your_findings/integrations_toolreference/#github)
+- [GitLab Boards](/en/share_your_findings/integrations_toolreference/#gitlab)
+- ServiceNow (Coming Soon)
+
+## Opening the Integrations page
+
+The Integrations page can be found under **Settings > Integrations** in the sidebar.
+
+![image](images/integrators_3.png)
+
+## Setting up an Integration
+
+An Integrator is configured with three key components:
+
+- **Integration Instance**: This is the primary connection method that DefectDojo will use with a third-party system.  The Instance will include details such as a label, location and credentials to connect with, along with any other information that may be required by the vendor.
+- **Issue Tracker Mapping**: This is where mapping information is stored - defining the details required to connect to a given "project" within the vendor.  These details include the name or ID of the "project", and mappings from DefectDojo Finding severity and status to the corresponding field in the vendor "ticket".  You may have multiple mappings configured if you are trying to push Findings to multiple "project" locations.
+- **Issue Tracker Assignment**: This is where DefectDojo Products and Engagements are assigned to a given Issue Tracker Mapping, with per-Product/Engagement options to to define how a Finding will be pushed to a given vendor system.
+
+These components are hierarchical: Each **Instance** has one or more **Mappings**, which then have one or more **Tracker Assignments**.
+
+![image](images/integrators_2.png)
+
+## Pushing Findings and Finding Groups
+
+Once these components are configured, Findings and Finding Groups can be sent to a given Issue Tracker in two ways; manually, or automatically.
+
+- **Manually**: Findings and Finding Groups contained in a Product/Engagement with an assigned **Issue Tracker Mapping** will have an option to "Push to Integrators".  This will then create an Issue in the Issue Tracker with the corresponding Finding/Finding Group information.  Push To Integrators can also be used to update an existing Issue.
+
+### Automatically Push Findings
+
+Findings can also be pushed automatically, with the **Issue Tracker Assignment** dictating how those objects will be pushed.  These are the four options:
+
+- **Explicitly Publish Changes**: This option disables any automatic behavior in the assigned Product or Engagement.  The only way to push a Finding or Finding Group will be explicitly, as mentioned above.
+- **Automatically Link New Findings**: When new Findings or Finding Groups are **created** in the assigned Product or Engagement, DefectDojo will automatically push the object to the Issue Tracker.  Once created, these Findings or Findings Groups will not be updated without a manual Push To Integrators action.
+- **Automatically Update Existing Link**: When Findings or Finding Groups are **updated** in the assigned Product or Engagement, automatically push the object to the Issue Tracker if an existing link has already been created manually.
+- **Automatically Link New and Update Existing Link**: When Findings or Finding Groups are created **or** updated in the assigned Product or Engagement, automatically push the object to the Issue Tracker.
+
+## Issue Tracker Ticket Representation
+
+Issue Tracker Tickets are represented by a series of icons under the "Integrator Tickets" column when viewing and listing
+Findings and Finding Groups
+
+Icons from left to right:
+
+- **Integration Type**: The type of Issue Tracker the Ticket is associated with
+- **Ticket ID**: The ID of the Ticket, as defined by the Issue Tracker
+- **Ticket Link**: The direct link to the Ticket, as define by the Issue Tracker
+- **Changelog**: Specifies when the Issue Tracker Ticket was associated with a Finding or Finding Group, as well as the last time DefectDojo made a change to the ticket
+
+![image](images/integrators_1.png)
+
+## Supported Project Integrations
+
+Project Integrations will have varying requirements for how DefectDojo will need to interact with them. This could be in the form of an authentication mechanism, additional fields on a per "project" basis, or severity/status mappings.
+
+For the complete list of requirements, please open the vendor specific pages below:
+
+- [Azure Devops](/en/share_your_findings/integrations_toolreference/#azure-devops-boards)
+- [GitHub](/en/share_your_findings/integrations_toolreference/#github)
+- [GitLab Boards](/en/share_your_findings/integrations_toolreference/#gitlab)
+- ServiceNow (Coming Soon)
+
+## Error Handling and Debugging
+
+Integrations can produce errors for a variety of reasons such as connectivity, authentication, permissions, etc.. To assist
+in debugging these errors, each Issue Tracker Mapping has a table of errors that list when the error occurred, the reason it
+occurred, and the Finding or Finding Group that failed to be pushed.
+
+These errors can be found by looking at the Issue Tracker Mappings & Assignments page, under the ⚠️ Total Errors column.
+
+![image](images/integrators_4.png)
+
+Clicking on the Total Errors entry will bring you to a page with more detailed descriptions of errors associated with this Integration.

docs/assets/images/integrators_2.png

@@ -0,0 +1,124 @@
+---
+title: "Integrators Tool Reference"
+description: "Beta Feature"
+weight: 1
+---
+
+Here are specific instructions detailing how to set up a DefectDojo Integration with a third party Issue Tracker.
+
+## Azure DevOps Boards
+
+### Instance Setup
+
+- **Label** should be the label that you want to use to identify this integration.
+- **Location** should be set to your Azure URL - for example `https://dev.azure.com/{your organization}`
+- **Token** should be set to a personal access token from Azure.
+
+Authentication with Azure DevOps requires a [personal access token](https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows)
+with permissions set to "Read, Write and Manage" for "Work Items" for the Azure Project that you wish to work with.
+
+### Issue Tracker Mapping
+
+These details dictate how DefectDojo will map Finding or Finding Group attributes to a given Project in Azure DevOps:
+
+#### Issue Tracker Mapping Details
+
+The `Project ID` field corresponds to the name or the ID of the Project in Azure.
+
+#### Severity Mapping Details
+
+The attributes in the form are supplied as defaults, and are as follows:
+
+- **Severity Field Name**: `/fields/Microsoft.VSTS.Common.Priority`
+- **Info Mapping**: `4`
+- **Low Mapping**: `4`
+- **Medium Mapping**: `3`
+- **High Mapping**: `2`
+- **Critical Mapping**: `1`
+
+#### Status Mapping Details
+
+The attributes in the form are supplied as defaults and are as follows:
+
+- **Status Field Name**: `/fields/System.State`
+- **Active Mapping**: `To Do`
+- **Closed Mapping**: `Done`
+- **False Positive Mapping**: `Done`
+- **Risk Accepted Mapping**: `Done`
+
+## GitHub
+
+The GitHub integration allows you to add issues to a [GitHub Project](https://docs.github.com/en/issues/planning-and-tracking-with-projects/learning-about-projects/about-projects), which also open Issues in an associated Repo.  These Repos/Projects can be associated with either a GitHub Organization or a personal GitHub account.
+
+### Instance Setup
+
+- **Label** should be the label that you want to use to identify this integration.
+- **Location** should be set to your GitHub User or Organization URL, depending on where you wish to create issues. for example `https://github.com/{your-organization}`
+- **Token** should be set to a personal access token from GitHub.
+
+Personal access tokens for GitHub can be created at https://github.com/settings/tokens.  The token must have Repo and Project scopes.
+
+### Issue Tracker Mapping
+
+- **Issue Tracker Mapping Label** should be set to identify the Project or Repo that you wish to create Issues in.
+- **Project Number** should be the ID of a GitHub project that you want to send items to.  You can get this from the URL while looking at a Project, for example `https://github.com/orgs/{your-org}/projects/{project number}`.
+- **Repository Name** should be the name of a repo associated with your organization (or user) that you want to push Issues to.
+
+
+### Severity Mapping Details
+
+**In order to set up the integration, the Project MUST have a custom field created to represent Issue Priority, otherwise Severity will not be mapped correctly and Issues will not push to GitHub.**
+
+Follow this guide to create a [custom field](https://docs.github.com/en/issues/planning-and-tracking-with-projects/learning-about-projects/quickstart-for-projects#creating-a-field-to-track-priority).
+Each Severity will need to have a corresponding single-select option available.  For example, out of the box DefectDojo suggests P0, P1, P2, P3, P4 as possible Priority values, and each of those will need to be added to the Priority custom field.
+
+- **Severity Field Name**: `Priority`
+- **Info Mapping**: `P0`
+- **Low Mapping**: `P1`
+- **Medium Mapping**: `P2`
+- **High Mapping**: `P3`
+- **Critical Mapping**: `P4`
+
+### Status Mapping Details
+
+By default, new GitHub Projects will have Statuses for Issues of "In Progress" and "Done".  Additional statuses can be added to the Project to track False Positive or Risk Accepted status if you wish.  One of the ways this can be done is by adding a new Status Column to the Project Board.
+
+- **Status Field Name**: `Status`
+- **Active Mapping**: `In Progress`
+- **Closed Mapping**: `Done`
+- **False Positive Mapping**: `Done`
+- **Risk Accepted Mapping**: `Done`
+
+## GitLab
+
+The GitLab integration allows you to add issues to a [GitLab Project](https://docs.gitlab.com/ee/user/project/).
+
+### Instance Setup
+
+- **Label** should be the label that you want to use to identify this integration.
+- **Location** should be set to the link to your GitLab server, for example `https://gitlab.com/`.
+- **Token** should be set to a personal access token from GitLab. The token must have API scopes. See [GitLab’s guide to creating a personal access token](https://docs.gitlab.com/user/profile/personal_access_tokens/#create-a-personal-access-token).
+
+### Issue Tracker Mapping
+
+- **Project Name**: The name of the project in GitLab that you want to send issues to
+
+### Severity Mapping Details
+
+This maps to the GitLab Priority field.
+- **Severity Field Name**: `Priority`
+- **Info Mapping**: `1`
+- **Low Mapping**: `2`
+- **Medium Mapping**: `3`
+- **High Mapping**: `4`
+- **Critical Mapping**: `5`
+
+### Status Mapping Details
+
+By default, GitLab has statuses of 'opened' and 'closed'.  Additional status labels can be added if you want to track False Positive or Risk Accepted status.  See [GitLab Docs](https://docs.gitlab.com/user/work_items/status/) for details.
+
+- **Status Field Name**: `Status`
+- **Active Mapping**: `opened`
+- **Closed Mapping**: `closed`
+- **False Positive Mapping**: `closed`
+- **Risk Accepted Mapping**: `closed`

docs/assets/images/integrators_3.png

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa: F401
 
-__version__ = "2.49.1"
+__version__ = "2.49.2"
 __url__ = "https://github.com/DefectDojo/django-DefectDojo"
 __docs__ = "https://documentation.defectdojo.com"

docs/assets/images/integrators_4.png

@@ -1,3 +1,5 @@
+import contextlib
+
 from auditlog.models import LogEntry
 from django.conf import settings
 from django.contrib.contenttypes.models import ContentType
@@ -12,18 +14,20 @@
 
 @receiver(post_delete, sender=Endpoint)
 def endpoint_post_delete(sender, instance, using, origin, **kwargs):
-    if instance == origin:
-        description = _('The endpoint "%(name)s" was deleted') % {"name": str(instance)}
-        if settings.ENABLE_AUDITLOG:
-            if le := LogEntry.objects.filter(
-                action=LogEntry.Action.DELETE,
-                content_type=ContentType.objects.get(app_label="dojo", model="endpoint"),
-                object_id=instance.id,
-            ).order_by("-id").first():
-                description = _('The endpoint "%(name)s" was deleted by %(user)s') % {
-                                "name": str(instance), "user": le.actor}
-        create_notification(event="endpoint_deleted",  # template does not exists, it will default to "other" but this event name needs to stay because of unit testing
-                            title=_("Deletion of %(name)s") % {"name": str(instance)},
-                            description=description,
-                            url=reverse("endpoint"),
-                            icon="exclamation-triangle")
+    # Catch instances in async delete where a single object is deleted more than once
+    with contextlib.suppress(sender.DoesNotExist):
+        if instance == origin:
+            description = _('The endpoint "%(name)s" was deleted') % {"name": str(instance)}
+            if settings.ENABLE_AUDITLOG:
+                if le := LogEntry.objects.filter(
+                    action=LogEntry.Action.DELETE,
+                    content_type=ContentType.objects.get(app_label="dojo", model="endpoint"),
+                    object_id=instance.id,
+                ).order_by("-id").first():
+                    description = _('The endpoint "%(name)s" was deleted by %(user)s') % {
+                                    "name": str(instance), "user": le.actor}
+            create_notification(event="endpoint_deleted",  # template does not exists, it will default to "other" but this event name needs to stay because of unit testing
+                                title=_("Deletion of %(name)s") % {"name": str(instance)},
+                                description=description,
+                                url=reverse("endpoint"),
+                                icon="exclamation-triangle")