Merge branch 'dev' into feat/improve-helm-chart

Author: fernandezcuesta

.github/workflows/gh-pages.yml

@@ -15,13 +15,13 @@ jobs:
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
         with:
-          hugo-version: '0.125.3'
+          hugo-version: '0.140.1'
           extended: true
 
       - name: Setup Node
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
-          node-version: '22.18.0'
+          node-version: '22.19.0'
 
       - name: Cache dependencies
         uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4

.github/workflows/k8s-tests.yml

@@ -65,7 +65,6 @@ jobs:
 
       - name: Configure HELM repos
         run: |-
-             helm repo add bitnami https://charts.bitnami.com/bitnami
              helm dependency list ./helm/defectdojo
              helm dependency update ./helm/defectdojo
 

.github/workflows/validate_docs_build.yml

@@ -12,13 +12,13 @@ jobs:
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
         with:
-          hugo-version: '0.125.3'
+          hugo-version: '0.140.1'
           extended: true
 
       - name: Setup Node
         uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
-          node-version: '22.18.0'
+          node-version: '22.19.0'
 
       - name: Cache dependencies
         uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
@@ -38,4 +38,4 @@ jobs:
         env:
           HUGO_ENVIRONMENT: production
           HUGO_ENV: production
-        run: cd docs && npm ci && hugo --minify --gc --config config/production/hugo.toml
+        run: cd docs && npm ci && hugo --minify --gc --config config/production/hugo.toml

Dockerfile.django-debian

@@ -5,7 +5,7 @@
 # Dockerfile.nginx to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.11.11-slim-bookworm@sha256:42420f737ba91d509fc60d5ed65ed0492678a90c561e1fa08786ae8ba8b52eda AS base
+FROM python:3.11.13-slim-trixie@sha256:1d6131b5d479888b43200645e03a78443c7157efbdb730e6b48129740727c312 AS base
 FROM base AS build
 WORKDIR /app
 RUN \

Dockerfile.integration-tests-debian

@@ -3,7 +3,7 @@
 
 FROM openapitools/openapi-generator-cli:v7.15.0@sha256:509f01c3c7eee9d1ad286506a7b6aa4624a95b410be9a238a306d209e900621f AS openapitools
 # currently only supports x64, no arm yet due to chrome and selenium dependencies
-FROM python:3.11.11-slim-bookworm@sha256:42420f737ba91d509fc60d5ed65ed0492678a90c561e1fa08786ae8ba8b52eda AS build
+FROM python:3.11.13-slim-trixie@sha256:1d6131b5d479888b43200645e03a78443c7157efbdb730e6b48129740727c312 AS build
 WORKDIR /app
 RUN \
   apt-get -y update && \
@@ -47,11 +47,11 @@ RUN \
   apt-get -y install $missing_chrome_deps
 
 # Install a suggested list of additional packages (https://stackoverflow.com/a/76734752)
-RUN apt-get install -y libxi6 libgconf-2-4 jq libjq1 libonig5 libxkbcommon0 libxss1 libglib2.0-0 libnss3 \
-  libfontconfig1 libatk-bridge2.0-0 libatspi2.0-0 libgtk-3-0 libpango-1.0-0 libgdk-pixbuf2.0-0 libxcomposite1 \
+RUN apt-get install -y libxi6 jq libjq1 libonig5 libxkbcommon0 libxss1 libglib2.0-0 libnss3 \
+  libfontconfig1 libatk-bridge2.0-0 libatspi2.0-0 libgtk-3-0 libpango-1.0-0 libxcomposite1 \
   libxcursor1 libxdamage1 libxtst6 libappindicator3-1 libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libxfixes3 \
   libdbus-1-3 libexpat1 libgcc1 libnspr4 libgbm1 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxext6 \
-  libxrandr2 libxrender1 gconf-service ca-certificates fonts-liberation libappindicator1 lsb-release xdg-utils
+  libxrandr2 libxrender1 ca-certificates fonts-liberation lsb-release xdg-utils
 
 # Installing the latest stable Google Chrome driver release
 WORKDIR /opt/chrome-driver

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.50.0-dev",
+  "version": "2.51.0-dev",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docs/assets/images/pro_ui_249.png

@@ -8,6 +8,24 @@ Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release
 
 For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](/en/open_source/upgrading/upgrading_guide/).
 
+## August 2025: v2.49
+
+The Pro UI has been significantly reorganized, with changes to page organization.
+![image](images/pro_ui_249.png)
+
+### August 25: 2.49.3
+
+[Integrations](/en/share_your_findings/integrations/) has been added to DefectDojo Pro, adding an Jira-style integrations for Azure DevOps, GitHub and GitLab boards.
+
+* **(API)** Basic Auth Login has been removed from the swagger form.  Only cookieAuth and tokenAuth are accepted.
+* **(API)** When MFA is enabled, an MFA code will be required to use the `/api-token-auth` endpoint.
+* **(Connectors)** "Location" has been renamed to "Location URL" in Connectors setup form.
+* **(Universal Parser)** Fixed an issue where a False value in an Active key still created an Active Finding.
+* **(Pro UI)** Unique ID from Tool has been added to the Findings list and Finding view
+* **(Pro UI)** Test Status added to Test View.
+* **(Pro UI)** Added additional Import/Reimport success messages to confirm successful test creation.
+
+
 ## July 2025: v2.48
 
 ### July 21/22/28, 2025: v2.48.3 / v2.48.4 / v2.48.5
@@ -37,23 +55,23 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ## June 2025: v2.47
 
-### July 1, 2025: v2.47.4
+#### July 1, 2025: v2.47.4
 
 - **(Pro UI)** Products, Engagements, Tests, Findings and Endpoints can be edited directly from their respective tables via a modal.
 - **(Pro UI)** Calendar view now supports additional query parameters for filtering Tests or Engagements.
 - **(Pro UI)** Engagements, Tests and the entire Calendar can be exported as .ics files.
 
 ![image](images/pro_ics_export.png)
 
-### June 23, 2025: v2.47.3
+#### June 23, 2025: v2.47.3
 
 - **(Pro UI)** Finding Templates can now be added in the Pro UI, from **Findings > Finding Templates** on the sidebar.
 - **(Pro UI)** A better error message is displayed when Jira Instance deletion is unsuccessful.
 - **(Pro UI)** Product Types can now be edited through a modal: **"⋮" > Edit Product Type** will open a pop-up modal window instead of taking a user to a new page.
 
 ![image](images/pro_product_type_modal.png)
 
-### June 16, 2025: v2.47.2
+#### June 16, 2025: v2.47.2
 
 - **(Pro UI)** Endpoint Metadata can now be uploaded to Products.  You can now import a .csv list of all endpoints associated with a Product, from **View Product > Endpoints > Import Endpoint Metadata**
 
@@ -69,7 +87,7 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ![image](images/pro_login.png)
 
-### June 9, 2025: v2.47.1
+#### June 9, 2025: v2.47.1
 
 - **(Pro UI)** Vulnerable Endpoints table has now been added to Finding pages.
 
@@ -78,7 +96,7 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 - **(Pro UI)** "Original Finding" link has been added to Finding Metadata table for Duplicate Findings.
 - **(Pro UI)** CI/CD Metadata has been added to Engagement view.
 
-### June 2, 2025: v2.47.0
+#### June 2, 2025: v2.47.0
 
 - **(Pro UI)** Finding review can now be set through the Pro UI.  You can now Request Review or clear a Finding review from Finding tables, or from the Finding View.
 

docs/assets/images/verified_status_toggle.png

@@ -12,3 +12,6 @@ By default, DefectDojo identifies duplicate Findings using these [hashcode field
 
 - description
 - severity
+
+### Field fix_availabe
+The field 'fix_available' is set to true if the fix is installable.