Merge branch 'staging-new-docs' into metrics-draft

Author: dangoelz

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.55.0-dev",
+  "version": "2.54.1",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docs/assets/images/import_scan_ui.png

@@ -1 +1,60 @@
-// Put your custom JS code here
+// custom js
+
+
+// version toggler
+(() => {
+    "use strict";
+
+    console.log("[VersionToggle] custom.js loaded");
+
+    const setVersion = (version) => {
+        console.log("[VersionToggle] Setting version to:", version);
+
+        document.querySelectorAll(".version-opensource, .version-pro").forEach(el => {
+            el.style.display = el.classList.contains(`version-${version}`) ? "" : "none";
+        });
+
+        localStorage.setItem("version", version);
+        console.log("[VersionToggle] localStorage updated:", localStorage.getItem("version"));
+
+        // Update dropdown
+        const selects = document.querySelectorAll("#version-select");
+        selects.forEach(sel => {
+            sel.value = version;
+            sel.dataset.version = version;
+            sel.style.visibility = "visible";
+        });
+
+        // unhide sidebar after version is applied
+        const sidebar = document.querySelector(".docs-sidebar");
+        if (sidebar) {
+            sidebar.style.visibility = "visible";
+            console.log("[VersionToggle] Sidebar revealed");
+        }
+    };
+
+    const initVersionToggle = () => {
+        const storedVersion = localStorage.getItem("version") || "opensource";
+        console.log("[VersionToggle] Stored version:", storedVersion);
+        setVersion(storedVersion);
+    };
+
+    // Delegated listener on body
+    document.body.addEventListener("change", (e) => {
+        if (e.target && e.target.id === "version-select") {
+            console.log("[VersionToggle] Dropdown changed to:", e.target.value);
+            setVersion(e.target.value);
+        }
+    });
+
+    // Run on DOM ready
+    window.addEventListener("DOMContentLoaded", initVersionToggle);
+
+    // MutationObserver to detect dynamically replaced sidebar
+    const observer = new MutationObserver(() => {
+        // Re-run init to make sure menus match stored version
+        initVersionToggle();
+    });
+    observer.observe(document.body, { childList: true, subtree: true });
+
+})();

docs/assets/js/custom.js

@@ -59,4 +59,22 @@
 
 html {
   font-size: 85%; /* scales all rem/em fonts */
+}
+
+/* Hide sidebar until version is resolved */
+.docs-sidebar {
+  visibility: hidden;
+}
+
+
+#version-select[data-version="opensource"] {
+  background-color: #003964b7;
+  border: 2px solid #003864;
+  color: white;
+}
+
+#version-select[data-version="pro"] {
+  background-color: #a84e32b7;
+  border: 2px solid #a84e32;
+  color: white;
 }

docs/assets/scss/common/_custom.scss

@@ -5,7 +5,7 @@
 
 [[main]]
   name = "Import data ⏷"
-  url = "/import_data/"
+  url = "/import_data/import_intro/comparison/"
   weight = 12
 
 [[main]]

docs/config/_default/menus/menus.en.toml

@@ -3,20 +3,12 @@ title: "☑️ New User Checklist"
 description: "Get Started With DefectDojo"
 draft: "false"
 weight: 3
-chapter: true
+audience: opensource
 ---
 
-Here's a quick reference you can use to ensure successful implementation, from a blank canvas to a fully functional app.
+Here's a quick reference you can use to ensure successful implementation, from a blank canvas to a fully functional app.  This article assumes you have **DefectDojo Community Edition** installed and running in your environment.
 
-The essence of DefectDojo is to import security data, organize it, and present it to the folks who need to know.  Here are ways to achieve those things in DefectDojo Pro and Open-Source:
-
-### DefectDojo Pro
-
-1. Start by [importing a file](/en/connecting_your_tools/import_scan_files/import_scan_ui) using the UI.  This is generally the quickest way to see how your data fits into the DefectDojo model.
-
-2. Now that you have data in DefectDojo, learn more about how to organize it with the [Product Hierarchy Overview](/en/working_with_findings/organizing_engagements_tests/product_hierarchy). The Product Hierarchy creates a working inventory of your apps, which helps you divide your data into logical categories, apply access control rules, sort Findings by [Priority and Risk](/en/working_with_findings/finding_priority/) or to segment your reports to the correct team.
-
-3. Check out your [Metrics pages](/en/customize_dojo/dashboards/pro_dashboards/) which can be used to quickly share Finding reports with key stakeholders.
+The essence of DefectDojo is to import security data, organize it, and present it to the folks who need to know.  Here are ways to achieve those things in DefectDojo Open-Source:
 
 ### DefectDojo Open-Source
 
@@ -30,13 +22,6 @@ This is the essence of DefectDojo - import security data, organize it, and prese
 
 All of these features can be automated, and because DefectDojo can handle over 200 tools (at time of writing) you should be all set to create a functional security inventory of your entire organizational output.
 
-## Other guides
-
-### Pro Features
-- If your organization uses ServiceNow, AzureDevops, GitHub or GitLab for issue tracking, check out our [documentation](/en/share_your_findings/integrations/) on those integrations.
-- Customize your [main Dashboard](/en/customize_dojo/dashboards/introduction_dashboard/) with filtered tiles to view your environment at a glance.
-- Learn how to rapidly import data and mirror your team's existing security environment with [Connectors](/en/connecting_your_tools/connectors/about_connectors/).
-
 ### Open-Source Features
 - Does your organization use Jira? Learn how to use our [Jira integration](/en/share_your_findings/jira_guide/) to create Jira tickets from the data you ingest.
 - Are you expecting to share DefectDojo with many users in your organization? Check out our guides to [user management](/en/customize_dojo/user_management/about_perms_and_roles/) and set up role-based access control (RBAC).

…/get_started/about/new_user_checklist.md …_started/about/OS__new_user_checklist.mddocs/content/get_started/about/new_user_checklist.md renamed to docs/content/get_started/about/OS__new_user_checklist.md docs/content/get_started/about/new_user_checklist.md renamed to docs/content/get_started/about/OS__new_user_checklist.md

@@ -0,0 +1,26 @@
+---
+title: "☑️ New User Checklist"
+description: "Get Started With DefectDojo"
+draft: "false"
+weight: 3
+audience: pro
+---
+
+The essence of DefectDojo is to import security data, organize it, and present it to the folks who need to know.  Here's a quick reference you can use to ensure successful implementation, from a blank canvas to a fully functional app.
+
+### Discover DefectDojo
+
+1. Start by [importing a file](/en/connecting_your_tools/import_scan_files/import_scan_ui) using the UI.  This is generally the quickest way to see how your data fits into the DefectDojo model.
+
+2. Now that you have data in DefectDojo, learn more about how to organize it with the [Product Hierarchy Overview](/en/working_with_findings/organizing_engagements_tests/product_hierarchy). The Product Hierarchy creates a working inventory of your apps, which helps you divide your data into logical categories, apply access control rules, sort Findings by [Priority and Risk](/en/working_with_findings/finding_priority/) or to segment your reports to the correct team.
+
+3. Check out your [Metrics pages](/en/customize_dojo/dashboards/pro_dashboards/) which can be used to quickly share Finding reports with key stakeholders.
+
+This is the essence of DefectDojo - import security data, organize it, and present it to the folks who need to know.
+
+All of these features can be automated, and because DefectDojo can handle over 200 tools (at time of writing) you should be all set to create a functional security inventory of your entire organizational output.
+
+### Pro Features
+- If your organization uses Jira, ServiceNow, AzureDevops, GitHub or GitLab for issue tracking, check out our [documentation](/en/share_your_findings/integrations/) on those integrations.
+- Customize your [main Dashboard](/en/customize_dojo/dashboards/introduction_dashboard/) with filtered tiles to view your environment at a glance.
+- Learn how to rapidly import data and mirror your team's existing security environment with [Connectors](/en/connecting_your_tools/connectors/about_connectors/).

docs/content/get_started/about/PRO__new_user_checklist.md

@@ -1,7 +1,30 @@
 ---
-title: "See all products"
+title: "Feature comparison"
 date: 2021-02-02T20:46:29+01:00
 draft: false
 type: docs
 weight: 1
 ---
+
+**DefectDojo Open-Source** is a powerful, free vulnerability management platform with core importing, deduplication, basic dashboards, API access, and essential reporting — ideal for smaller teams or those wanting to self-host and extend the tool using community resources.
+
+**DefectDojo Pro** builds on that foundation with enterprise-oriented features such as advanced dashboards and reporting, automation and scripting via rules engine, connectors to many security tools, optimized import workflows, unified SOC & AppSec support, improved UI/UX, AI integration, enhanced security (SSO/MFA), and premium support options.
+
+| Feature / Capability | DefectDojo Open-Source | DefectDojo Pro |
+|---------------------|------------------------|----------------|
+| Core vulnerability management | ✔️ Import, track, and manage findings from 200+ security tools | ✔️ Everything in open-source, optimized for scale |
+| Finding deduplication | ✔️ Standard deduplication | ✔️ Advanced, configurable deduplication |
+| REST API | ✔️ Full REST API | ✔️ Full REST API |
+| Authentication & access control | ✔️ Local auth and basic RBAC | ✔️ SSO (SAML/OAuth), MFA, advanced RBAC |
+| User interface | ✔️ Community UI | ✔️ Modern Pro UI with performance improvements |
+| Dashboards & reporting | ✔️ Basic dashboards and reports | ✔️ Advanced, customizable dashboards and executive reporting |
+| Automation & workflows | ❌ Not included | ✔️ Rules Engine and automated workflows |
+| Import enhancements | ❌ Standard imports only | ✔️ Background imports, Smart Upload, Universal Parser, CLI uploads |
+| Tool integrations | ❌ Manual/API-driven | ✔️ Built-in **API Connectors** for popular AppSec and cloud tools |
+| Jira integration | ✔️ Included | ✔️ Included |
+| Project management integrations | ❌ Not included | ✔️ integrate with **Azure Devops**, **GitHub**, **GitLab** and **ServiceNow** |
+| Finding enhancements | ❌ Not included | ✔️ Automatic KEV, EPSS scoring and Ransomware tracking |
+| SOC & AppSec unification | ❌ AppSec-focused only | ✔️ Unified AppSec and SOC findings |
+| AI & next-generation features | ❌ Not included | ✔️ AI-assisted workflows, reporting and MCP support |
+| Support | Community support (GitHub, Slack, forums) | Commercial support with SLAs |
+| Hosting options | Self-hosted | Self-hosted or cloud-hosted |

docs/content/get_started/about/defectdojo_versions.md

@@ -0,0 +1,20 @@
+---
+title: "Online Demo"
+description: "There is DefectDojo demo site running the latest officially released version"
+draft: false
+weight: 6
+---
+
+Two online demos are available for DefectDojo.  Both come pre-loaded with data and are fully functional, running the latest version of DefectDojo.
+
+Demo servers are reset on a daily basis, and are publicly accessible; do not put sensitive data in the demo.
+
+### 🔸 DefectDojo Pro Demo
+DefectDojo Pro can be tested at [pro.demo.defectdojo.org](https://pro.demo.defectdojo.org)
+
+Log in with `admin / 1Defectdojo@demo#appsec`.
+
+### 🔹 DefectDojo Community Edition Demo
+Our community edition can be tested at [demo.defectdojo.org](https://demo.defectdojo.org)
+
+Log in with `admin / 1Defectdojo@demo#appsec`.

docs/content/get_started/about/demo.md

@@ -1,5 +1,6 @@
 ---
-title: "🟦 DefectDojo Community Edition (Open Source)"
+title: "🔹 DefectDojo Community Edition"
 date: 2021-02-02T20:46:29+01:00
 weight: 3
+audience: opensource
 ---