Merge branch 'dev' into perf-upgrade-notes

Author: valentijnscholten

.github/workflows/integration-tests.yml

@@ -2,12 +2,18 @@ name: Integration tests
 
 on:
   workflow_call:
+    inputs:
+        auditlog_type:
+          type: string
+          default: "django-auditlog"
 
 jobs:
   integration_tests:
     # run tests with docker compose
     name: User Interface Tests
     runs-on: ubuntu-latest
+    env:
+      AUDITLOG_TYPE: ${{ inputs.auditlog_type }}
     strategy:
       matrix:
         test-case: [

.github/workflows/rest-framework-tests.yml

@@ -6,11 +6,16 @@ on:
         platform:
           type: string
           default: "linux/amd64"
+        auditlog_type:
+          type: string
+          default: "django-auditlog"
 
 jobs:
   unit_tests:
     name: Rest Framework Unit Tests
     runs-on: ${{ inputs.platform ==  'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    env:
+      AUDITLOG_TYPE: ${{ inputs.auditlog_type }}
 
     strategy:
       matrix:

.github/workflows/unit-tests.yml

@@ -25,18 +25,26 @@ jobs:
     strategy:
         matrix:
             platform: ['linux/amd64', 'linux/arm64']
+            auditlog_type: ['django-auditlog', 'django-pghistory']
         fail-fast: false
     needs: build-docker-containers
     uses: ./.github/workflows/rest-framework-tests.yml
     secrets: inherit
     with:
       platform: ${{ matrix.platform}}
+      auditlog_type: ${{ matrix.auditlog_type }}
 
   # only run integration tests for linux/amd64 (default)
   test-user-interface:
     needs: build-docker-containers
     uses: ./.github/workflows/integration-tests.yml
     secrets: inherit
+    strategy:
+      matrix:
+        auditlog_type: ['django-auditlog', 'django-pghistory']
+      fail-fast: false
+    with:
+      auditlog_type: ${{ matrix.auditlog_type }}
 
   # only run k8s tests for linux/amd64 (default)
   test-k8s:

docker-compose.yml

@@ -120,7 +120,7 @@ services:
           source: ./docker/extra_settings
           target: /app/docker/extra_settings
   postgres:
-    image: postgres:18.0-alpine@sha256:9636ae7feacd8d630303eede7f95cd0f472d514e7864422c6aa8ea07b2171df8
+    image: postgres:18.0-alpine@sha256:70b32afe0c274b4d93098fd724fcdaab3aba47270a4f1e63cbf9cc69d7bf1be4
     environment:
       POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo}
       POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo}

docker/entrypoint-initializer.sh

@@ -110,6 +110,8 @@ python3 manage.py makemigrations --no-input --check --dry-run --verbosity 3 || {
     cat <<-EOF
 
 ********************************************************************************
+WARNING: Missing Database Migrations Detected
+********************************************************************************
 
 You made changes to the models without creating a DB migration for them.
 
@@ -119,15 +121,25 @@ If you're not familiar with migrations in Django, please read the
 great documentation thoroughly:
 https://docs.djangoproject.com/en/5.0/topics/migrations/
 
+This is now a WARNING and the container will continue to start.
+However, you should create the necessary migrations as soon as possible using:
+docker compose exec uwsgi bash -c 'python manage.py makemigrations -v2'
+
 ********************************************************************************
 
 EOF
-    exit 1
+    echo "WARNING: Continuing startup despite missing migrations..."
 }
 
 echo "Migrating"
 python3 manage.py migrate
 
+echo "Configuring pghistory triggers based on audit settings"
+cat <<EOD | python3 manage.py shell
+from dojo.auditlog import configure_pghistory_triggers
+configure_pghistory_triggers()
+EOD
+
 echo "Admin user: ${DD_ADMIN_USER}"
 ADMIN_EXISTS=$(echo "SELECT * from auth_user;" | python manage.py dbshell | grep "${DD_ADMIN_USER}" || true)
 # Abort if the admin user already exists, instead of giving a new fake password that won't work

docs/content/en/connecting_your_tools/parsers/file/snyk_issue_api.md

@@ -2,7 +2,11 @@
 title: "Snyk Issue API"
 toc_hide: true
 ---
-The Snyk Issue API parser supports importing vulnerability data from the Snyk Issue API in JSON format. Currently only parsing issues of type `code` is supported. Samples of ther issue types are welcome.
+The Snyk Issue API parser supports importing vulnerability data from the Snyk Issue API in JSON format.
+
+Currently parsing issues of type `code` (SAST) and `package_vulnerability` (SCA) are supported.
+
+Samples of ther issue types are welcome.
 
 For more information about the Snyk Issue API, refer to the [official Snyk API documentation](https://docs.snyk.io/snyk-api/reference/issues#get-orgs-org_id-issues).
 

docs/package-lock.json

@@ -23,7 +23,7 @@
   },
   "devDependencies": {
     "prettier": "3.6.2",
-    "vite": "7.1.7"
+    "vite": "7.1.9"
   },
   "engines": {
     "node": "22.20.0"

docs/package.json

@@ -1,5 +1,5 @@
-from auditlog.models import LogEntry
 from django.contrib import admin
+from django.contrib.admin.sites import NotRegistered
 from polymorphic.admin import PolymorphicChildModelAdmin, PolymorphicParentModelAdmin
 
 from dojo.models import (
@@ -14,7 +14,13 @@
     TextQuestion,
 )
 
-admin.site.unregister(LogEntry)
+# Conditionally unregister LogEntry from auditlog if it's registered
+try:
+    from auditlog.models import LogEntry
+    admin.site.unregister(LogEntry)
+except (ImportError, NotRegistered):
+    # auditlog not available or LogEntry not registered
+    pass
 
 # ==============================
 # Defect Dojo Engaegment Surveys

dojo/admin.py

@@ -2104,8 +2104,14 @@ class CommonImportScanSerializer(serializers.Serializer):
         required=False,
         validators=[ImporterFileExtensionValidator()],
     )
-    product_type_name = serializers.CharField(required=False)
-    product_name = serializers.CharField(required=False)
+    product_type_name = serializers.CharField(
+        required=False,
+        help_text=_("Also referred to as 'Organization' name."),
+    )
+    product_name = serializers.CharField(
+        required=False,
+        help_text=_("Also referred to as 'Asset' name."),
+    )
     engagement_name = serializers.CharField(required=False)
     engagement_end_date = serializers.DateField(
         required=False,
@@ -2160,8 +2166,14 @@ class CommonImportScanSerializer(serializers.Serializer):
     # confused
     test_id = serializers.IntegerField(read_only=True)
     engagement_id = serializers.IntegerField(read_only=True)
-    product_id = serializers.IntegerField(read_only=True)
-    product_type_id = serializers.IntegerField(read_only=True)
+    product_id = serializers.IntegerField(
+        read_only=True,
+        help_text=_("Also referred to as 'Asset' ID."),
+    )
+    product_type_id = serializers.IntegerField(
+        read_only=True,
+        help_text=_("Also referred to as 'Organization' ID."),
+    )
     statistics = ImportStatisticsSerializer(read_only=True, required=False)
     pro = serializers.ListField(read_only=True, required=False)
     apply_tags_to_findings = serializers.BooleanField(