DefectDojo
diff --git a/‎.github/workflows/validate_docs_build.yml‎
Lines changed: 41 additions & 0 deletions b/‎.github/workflows/validate_docs_build.yml‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎docs/content/en/connecting_your_tools/parsers/file/anchore_engine.md‎
Lines changed: 1 addition & 26 deletions b/‎docs/content/en/connecting_your_tools/parsers/file/anchore_engine.md‎
Lines changed: 1 addition & 26 deletions
diff --git a/‎docs/content/en/connecting_your_tools/parsers/file/aqua.md‎
Lines changed: 32 additions & 2 deletions b/‎docs/content/en/connecting_your_tools/parsers/file/aqua.md‎
Lines changed: 32 additions & 2 deletions
diff --git a/‎docs/content/en/customize_dojo/user_management/configure_sso.md‎
Lines changed: 17 additions & 13 deletions b/‎docs/content/en/customize_dojo/user_management/configure_sso.md‎
Lines changed: 17 additions & 13 deletions
@@ -0,0 +1,41 @@
+name: "Docs: Dry Run Production Deployment"
+
+on:
+  pull_request:
+    paths:
+      - 'docs/**'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup Hugo
+        uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
+        with:
+          hugo-version: '0.125.3'
+          extended: true
+
+      - name: Setup Node
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        with:
+          node-version: '22.14.0'
+
+      - name: Cache dependencies
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: recursive
+          fetch-depth: 0
+
+      - name: Test the build process
+        env:
+          HUGO_ENVIRONMENT: production
+          HUGO_ENV: production
+        run: cd docs && npm ci && hugo --minify --gc --config config/production/hugo.toml
@@ -9,32 +9,7 @@ DefectDojo parser accepts a .json file.
 Using the [Anchore CLI](https://docs.anchore.com/current/docs/using/cli_usage/images/inspecting_image_content/) is the most reliable way to generate an Anchore report which DefectDojo can parse. When generating a report with the Anchore CLI, please use the following command to ensure complete data: `anchore-cli --json image vuln <image:tag> all`
 
 ### Acceptable JSON Format
-All properties are strings and are required by the parser.
-
-~~~
-
-{
-    "imageDigest": "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
-    "vulnerabilities": [
-        {
-            "feed": "example-feed",
-            "feed_group": "example-feed-group",
-            "fix": "1.2.4",
-            "package": "example-package",
-            "package_cpe": "cpe:2.3:a:*:example:1.2.3:*:*:*:*:*:*:*",
-            "package_name": "example-package-name",
-            "package_path": "path/to/package",
-            "package_type": "dpkg",
-            "package_version": "1.2.3",
-            "severity": "Medium",
-            "url": "https://example.com/cve/CVE-2011-3389",
-            "vuln": "CVE-2011-3389"
-        },
-      ...
-    ],
-    "vulnerability_type": "os"
-}
-~~~
+All properties are strings and are required by the parser. As the parser evolved, two anchore engine parser JSON formats are present till now. Both ([old](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_engine/many_vulns.json) / [new](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_engine/new_format_issue_11552.json)) are supported.
 
 ### Sample Scan Data
 Sample Anchore-Engine scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_engine).
@@ -2,7 +2,37 @@
 title: "Aqua"
 toc_hide: true
 ---
-JSON report format.
+
+### File Types
+DefectDojo parser accepts JSON report format.
+
+See Aqua documention: https://docs.aquasec.com
+
+### CI/CD Scans
+Aqua scanning can be integrated with several types of third-party CI/CD systems. 
+
+If there is no plugin available for a particular development tool, Aqua can be integrated with the CI/CD pipeline using Scanner CLI.
+
+CI/CD scans produces JSON scan reports that are supported by the parser. With this kind of report, the parser is able to retrieve vulnerabilities as well as sensitive datas.
+
+### REST API
+
+You can also retrieve the JSON directly from Aqua if you use one of the following endpoint:
+
+-	`/api/v1/scanner/registry/<registryName>/image/<imageName>/scan_result`
+
+-	`/api/v2/risks/vulnerabilities`
+
+Example
+```
+curl -X GET <aquaseceurl>/api/v1/scanner/registry/<registryName>/image/<imageName>/scan_result > report.json
+```
+
+```
+curl -X GET <aquaseceurl>/api/v2/risks/vulnerabilities?show_negligible=true&image_name_exact_match=true&registry_name=<registryName>&image_name=<imageName> > report.json
+```
+
+Those JSON files will only list vulnerabilities. Thus, DefectDojo parser will not retrieve findings such as sensitive datas.
 
 ### Sample Scan Data
-Sample Aqua scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aqua).
+Sample Aqua scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aqua).
@@ -141,9 +141,9 @@ When a user is removed from a given group in Azure AD, they will also be removed
 
 ### Open-Source
 
-Open-Source users will need to set these variables as an environment variable, or in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
 
-1.  Add the following information to the settings file:
+1.  Set the following environment variables
 
     {{< highlight python >}}
     DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY=(str, 'YOUR_APPLICATION_ID_FROM_STEP_ABOVE'),
@@ -213,9 +213,9 @@ Both <span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Pro</span>
 
 ### Open-Source
 
-Open-Source users will need to set these fields as Docker environment variables, or add them to the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
 
-1. Add the following variables to Docker, or to local_settings.py:
+1.  Set the following environment variables
     {{< highlight python >}}
     DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY=(str, 'GitHub Enterprise OAuth App Client ID'),
     DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET=(str, 'GitHub Enterprise OAuth App Client Secret'),
@@ -259,9 +259,9 @@ Follow along below.
 
 ### Open-Source
 
-Open-Source users will need to set these fields as Docker environment variables, or add them to the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
 
-1. Add the following variables to Docker, or to the `local_settings.py` file:
+1.  Set the following environment variables
     {{< highlight python >}}
     DD_SOCIAL_AUTH_GITLAB_KEY=(str, 'YOUR_APPLICATION_ID_FROM_STEP_ABOVE'),
     DD_SOCIAL_AUTH_GITLAB_SECRET=(str, 'YOUR_SECRET_FROM_STEP_ABOVE'),
@@ -320,9 +320,9 @@ In order to use Google Authentication, a Google Authentication Server will need
 
 ### Open-Source
 
-Open-Source users will need to set these fields as Docker environment variables, or add them to the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
 
-1. Add the following variables to Docker, or to the `local_settings.py` file:
+1.  Set the following environment variables
 
     {{< highlight python >}}
     DD_SOCIAL_AUTH_GOOGLE_OAUTH2_ENABLED=True,
@@ -404,9 +404,11 @@ This guide assumes you already have a KeyCloak Realm set up.  If not, you will n
 ### Open-Source
 
 
-Open-Source users will need to set these fields as Docker environment variables, or add them to the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
 
-1.    {{< highlight python >}}
+1.  Set the following environment variables
+
+{{< highlight python >}}
    DD_SESSION_COOKIE_SECURE=True,
    DD_CSRF_COOKIE_SECURE=True,
    DD_SECURE_SSL_REDIRECT=True,
@@ -490,7 +492,9 @@ Both <span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Pro</span>
 
 ### Open-Source
 
-1. Open-Source users will need to set these fields as Docker environment variables, or add them to the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+Open-Source users will need to set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+
+1.  Set the following environment variables
 
     {{< highlight python >}}
     DD_SOCIAL_AUTH_OKTA_OAUTH2_ENABLED=True,
@@ -504,7 +508,7 @@ If during the login process you get the following error: *The
 in the client app settings.* and the `redirect_uri` HTTP
 GET parameter starts with `http://` instead of
 `https://` you need to add
-`SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` to Docker environment variables, or to your local_settings.py file.
+`SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` to Docker environment variables, or to your `local_settings.py` file.
 
 2. Restart DefectDojo, and 'Login With Okta' should appear on the login screen.
 
@@ -559,7 +563,7 @@ The left side of the ‘=’ sign represents the attribute you want to map from
 ### Open-Source SAML
 
 1.  Navigate to your SAML IdP and find your metadata.
-2.  Set these fields as Docker environment variables, or add them to the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
+2.  Set these variables as an environment variable, or without the `DD_` prefix in the `local_settings.py` file. (see [Configuration](/en/open_source/installation/configuration)).
 
     {{< highlight python >}}
     DD_SAML2_ENABLED=(bool, **True**),