[docs] add Connectors documentation, 2.55.4 changelog (#14381)

* add new connectors to docs

* update changelog for 2.55.4

* update Jfrog with token scopes

Author: paulOsinski

docs/content/import_data/import_intro/comparison.md

@@ -28,7 +28,7 @@ There are two main ways that DefectDojo can upload Finding reports.
 
 |  | **UI Import** | **API** | **Connectors** <span style="background-color:rgba(242, 86, 29, 0.3)">(Pro)</span> | **Smart Upload**  <span style="background-color:rgba(242, 86, 29, 0.3)">(Pro)</span>|
 | --- | --- | --- | --- | --- |
-| **Supported Scan Types** | All: see [Supported Tools](/supported_tools/) | All: see [Supported Tools](/supported_tools/) | Anchore, AWS Security Hub, BurpSuite, Checkmarx ONE, Dependency-Track, Probely, Semgrep, SonarQube, Snyk, Tenable, Wiz | Nexpose, NMap, OpenVas, Qualys, Tenable |
+| **Supported Scan Types** | All: see [Supported Tools](/supported_tools/) | All: see [Supported Tools](/supported_tools/) | Akamai API Security, Anchore, AWS Security Hub, BurpSuite, Checkmarx ONE, Dependency-Track, JFrog Xray, Probely, Semgrep, SonarQube, Snyk, Tenable, Wiz | Nexpose, NMap, OpenVas, Qualys, Tenable |
 | **Automation?** | Available via API: `/reimport` `/import` endpoints | Triggered from [CLI Tools](/import_data/pro/specialized_import/external_tools/) or external code | Connectors is an inherently automated feature | Available via API: `/smart_upload_import` endpoint |
 
 ### Product Hierarchy and organization

docs/content/import_data/pro/connectors/about_connectors.md

@@ -26,11 +26,13 @@ But everyone needs a starting point, and that's where Connectors come in. Connec
 
 We currently support Connectors for the following tools, with more on the way:
 
+* **Akamai API Security**
 * **Anchore**
 * **AWS Security Hub**
 * **BurpSuite**
 * **Checkmarx ONE**
 * **Dependency\-Track**
+* **JFrog Xray**
 * **Probely**
 * **Semgrep**
 * **SonarQube**

docs/content/import_data/pro/connectors/connectors_tool_reference.md

@@ -21,6 +21,21 @@ Whenever possible, we recommend creating a new 'DefectDojo Bot' account within y
 
 # **Supported Connectors**
 
+## **Akamai API Security**
+
+The Akamai API Security connector uses an API key to pull security findings from the Akamai API. DefectDojo will discover your Akamai environment and create separate Records for each **Application** and **Host** configured in your account.
+
+#### Prerequisites
+
+You will need an API key with access to the Akamai API. We recommend creating a dedicated service account for DefectDojo to clearly distinguish automated activity from manual team actions.
+
+#### Connector Mappings
+
+1. Enter your Akamai API base URL in the **Location** field. This URL is specific to your Akamai instance: for example
+2. Enter a valid **API Key** in the **Secret** field.
+
+DefectDojo will map **Applications** and **Hosts** as separate Records. Each Application will appear as `{name} (application)` and each Host as `{name} (host)` in your Records list.
+
 ## **Anchore**
 
 The Anchore connector uses a user's API token to pull data from Anchore Enterprise.  Products will be mapped and discovered based on "Applications", which are composed of multiple Images in Anchore - see [Anchore Enterprise Documentation](https://docs.anchore.com/current/docs/sbom_management/application_groups/application_management_anchorectl/) for more information.
@@ -133,6 +148,32 @@ To generate a Dependency\-Track API key:
 
 For more information, see **[Dependency\-Track Documentation](https://docs.dependencytrack.org/integrations/rest-api/)**.
 
+## **JFrog Xray**
+
+The JFrog Xray connector uses the JFrog Xray REST API to fetch vulnerability data from your Artifactory repositories. DefectDojo will discover all repositories in your JFrog instance and generate vulnerability reports via Xray, importing findings on a scheduled basis.
+
+#### Prerequisites
+
+You will need an API token with access to both Artifactory and Xray APIs. We recommend creating a dedicated service account for DefectDojo. The account requires:
+
+* Read access to Artifactory repositories
+* Permission to generate and view Xray vulnerability reports (`Apply on Watches` permission in Xray, or equivalent)
+
+#### Connector Mappings
+
+1. Enter your JFrog instance base URL in the **Location** field. This should be the root URL of your JFrog instance, for example `https://your-instance.jfrog.io`. Do not include a trailing path — DefectDojo will construct the appropriate API paths automatically.
+2. Enter a valid **Reference Token** in the **Secret** field. Tokens can be generated under **User Management \> Access Tokens** in the JFrog Platform UI.
+You'll need to generate a **Reference Token** and use that value.
+
+Required token scopes for JFrog Xray:
+
+- **All Services**, as DefectDojo needs access to both access to both XRay and Artifactory services
+- **Manage Reports + Manage Resources** at a minimum.
+
+DefectDojo maps each Artifactory **repository** as a separate Record. On first Sync, DefectDojo generates a full historical vulnerability report; subsequent Syncs generate incremental (delta) reports covering new findings since the last Sync.
+
+See the [JFrog Xray REST API documentation](https://jfrog.com/help/r/jfrog-rest-apis/xray-rest-apis) for more information.
+
 ## Probely
 
 This connector uses the Probely REST API to fetch data.

docs/content/releases/pro/changelog.md

@@ -12,6 +12,12 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 ## Feb 2026: v2.55
 
+### Feb 24, 2026: v2.55.4
+
+* **(Connectors)** Added Akamai API Security, JFrog Xray to Connectors.
+* **(Surveys)** Anonymous surveys: users can now access surveys without logging in when anonymous surveys are enabled.
+* **(Pro UI)** The Pro UI editor now uses Markdown-based editing for text fields.  This resolves issues with HTML-string encoding, especially when Findings were manually entered or edited.
+
 ### Feb 17, 2026: v2.55.3
 
 * **(Pro UI)** Added “Scheduled” status to Engagements to enhances the tracking and management of Engagements.