From 65d3bc2642b4d73c80b5cafd46995b6c49bbd156 Mon Sep 17 00:00:00 2001 From: Paul Osinski <42211303+paulOsinski@users.noreply.github.com> Date: Tue, 14 Jan 2025 14:48:28 -0500 Subject: [PATCH] update Pro changelog 2.42.0 (#11518) * update Pro changelog 2.42.0 * qa 'share your Findings' * changelog 2.42.2 * fix typo working_with_generated_reports.md --------- Co-authored-by: Paul Osinski --- docs/content/en/changelog/changelog.md | 20 ++- docs/content/en/open_source/integrations | 129 ------------------ .../jira_integration/_index.md | 2 +- .../pro_reports/using_the_report_builder.md | 51 +++---- .../working_with_generated_reports.md | 38 ++---- 5 files changed, 54 insertions(+), 186 deletions(-) delete mode 100644 docs/content/en/open_source/integrations diff --git a/docs/content/en/changelog/changelog.md b/docs/content/en/changelog/changelog.md index be48f1b4c1b..c386bdb6c03 100644 --- a/docs/content/en/changelog/changelog.md +++ b/docs/content/en/changelog/changelog.md @@ -7,12 +7,26 @@ Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](../../open_source/upgrading/upgrading_guide). +## Jan 13, 2025: v2.42.1 + +- **(API)** Pro users can now specify the fields they want to return in a given API payload. For example, this request will only return the title, severity and description fields for each Finding. (Pro) +``` +curl -X 'GET' \ + 'https://localhost/api/v2/findings/?response_fields=title,severity,description' \ + -H 'accept: application/json' +``` + +## Jan 6, 2025: v2.42.0 + +- **(API)** `/test_reimport` results can now be ordered via id, created, modified, version, branch_tag, build_id, and commit_hash. +- **(Jira)** When a Risk Acceptance expires, linked Jira Group issues will now be updated to reflect the status change. + ## Dec 31, 2024: v2.41.4 - **(API)** 'Force To Active / Verified' flag is no longer required when calling `/import-scan`, `/reimport-scan` endponts: a value of True now forces to Active, False now forces to Inactive, while setting a value of none (or not using the flag) will use the tool's status. -- **(Beta UI)** Added ability to regenerate / copy your API token -- **(Beta UI)** Fixed bug preventing date / planned remediation dates from being added via Bulk Edit -- **(Import)** Added fields for EPSS score and percentile to Generic Findings Import parser +- **(Beta UI)** Added ability to regenerate / copy your API token. +- **(Beta UI)** Fixed bug preventing date / planned remediation dates from being added via Bulk Edit. +- **(Import)** Added fields for EPSS score and percentile to Generic Findings Import parser. ## Dec 24, 2024: v2.41.3 diff --git a/docs/content/en/open_source/integrations b/docs/content/en/open_source/integrations deleted file mode 100644 index 307f1029a0a..00000000000 --- a/docs/content/en/open_source/integrations +++ /dev/null @@ -1,129 +0,0 @@ ---- -title: "Authentication via LDAP" -description: "Authenticate users using LDAP" -draft: false -weight: 4 ---- - -## LDAP Authentication - -Out of the box Defect Dojo does not support LDAP authentication. - -*However*, since Defect Dojo is built using Django, it isn't too difficult to add support for LDAP. -So long as you don't mind building your own Docker images... - -We will need to modify a grand total of 4-5 files, depending on how you want to pass Dojo your LDAP secrets. - - - Dockerfile.django-* - - Dockerfile.nginx-* - - requirements.txt - - settings.dist.py - - docker-compose.yml *(Optional)* - - -#### Dockerfile modifications - -In both Dockerfile.django and Dockerfile.nginx, you want to add the following lines to the apt-get install layers: - -```bash -libldap2-dev \ -libsasl2-dev \ -ldap-utils \ -``` - - -#### requirements.txt - -Please check for the latest version of these requirements at the time of implementation on pypi.org and use those if you can. - -- [https://pypi.org/project/python-ldap/](python-ldap) -- [https://pypi.org/project/django-auth-ldap/](django-auth-ldap) - -Otherwise add the following to requirements.txt: - -```python -python-ldap==3.4.2 -django-auth-ldap==4.1.0 -``` - - -#### settings.dist.py - -Find the settings file (hint: `/dojo/settings/settings.dist.py`) and add the following: - -At the top of the file: -```python -import ldap -from django_auth_ldap.config import LDAPSearch, GroupOfNamesType -``` - -Then further down add LDAP settings to the env dict: -```python -# LDAP -DD_LDAP_SERVER_URI=(str, 'ldap://ldap.example.com'), -DD_LDAP_BIND_DN=(str, ''), -DD_LDAP_BIND_PASSWORD=(str, ''), -``` - -Then under the env dict add: -```python -AUTH_LDAP_SERVER_URI = env('DD_LDAP_SERVER_URI') -AUTH_LDAP_BIND_DN = env('DD_LDAP_BIND_DN') -AUTH_LDAP_BIND_PASSWORD = env('DD_LDAP_BIND_PASSWORD') -AUTH_LDAP_USER_SEARCH = LDAPSearch( - "ou=Groups,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)" -) - -AUTH_LDAP_USER_ATTR_MAP = { - "first_name": "givenName", - "last_name": "sn", - "email": "mail", -} -``` -Please make sure to customise all of the LDAP search variables to match your company's configuration. - - -For additional group controls you can add: -```python -# Set up the basic group parameters. -AUTH_LDAP_GROUP_SEARCH = LDAPSearch( - "dc=example,dc=com", - ldap.SCOPE_SUBTREE, - "(objectClass=groupOfNames)", -) -AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn") - -# Simple group restrictions -AUTH_LDAP_REQUIRE_GROUP = "cn=DD_USER_ACTIVE,ou=Groups,dc=example,dc=com" - -AUTH_LDAP_USER_FLAGS_BY_GROUP = { - "is_active": "cn=DD_USER_ACTIVE,ou=Groups,dc=example,dc=com", - "is_staff": "cn=DD_USER_STAFF,ou=Groups,dc=example,dc=com", - "is_superuser": "cn=DD_USER_ADMIN,ou=Groups,dc=example,dc=com", -} -``` - -Then also add `'django_auth_ldap.backend.LDAPBackend'` to the `AUTHENTICATION_BACKENDS` variable, for example: -```python -AUTHENTICATION_BACKENDS = ( - 'django_auth_ldap.backend.LDAPBackend', - 'django.contrib.auth.backends.RemoteUserBackend', - 'django.contrib.auth.backends.ModelBackend', -) -``` - -Read the docs for Django Authentication with LDAP here: https://django-auth-ldap.readthedocs.io/en/latest/ - -#### docker-compose.yml - -In order to pass the variables to the settings.dist.py file via docker, it's a good idea to add these to the docker compose file. - -You can do this by adding the following variables to the environment section for the uwsgi image: -```yaml -DD_LDAP_SERVER_URI: "${DD_LDAP_SERVER_URI:-ldap://ldap.example.com}" -DD_LDAP_BIND_DN: "${DD_LDAP_BIND_DN:-}" -DD_LDAP_BIND_PASSWORD: "${DD_LDAP_BIND_PASSWORD:-}" -``` - -Alternatively you can set these values in a local_settings.py file. - diff --git a/docs/content/en/share_your_findings/jira_integration/_index.md b/docs/content/en/share_your_findings/jira_integration/_index.md index c9cc3b07e3d..fc88e4fa784 100644 --- a/docs/content/en/share_your_findings/jira_integration/_index.md +++ b/docs/content/en/share_your_findings/jira_integration/_index.md @@ -1,5 +1,5 @@ --- -title: "Connect To Jira" +title: "Send Findings To Jira" description: "Send DefectDojo Findings to one or more Jira Projects" summary: "" date: 2023-09-07T16:06:50+02:00 diff --git a/docs/content/en/share_your_findings/pro_reports/using_the_report_builder.md b/docs/content/en/share_your_findings/pro_reports/using_the_report_builder.md index 524183a1c26..70982a0dafb 100644 --- a/docs/content/en/share_your_findings/pro_reports/using_the_report_builder.md +++ b/docs/content/en/share_your_findings/pro_reports/using_the_report_builder.md @@ -1,6 +1,7 @@ --- title: "Using the Report Builder" description: "Build and publish custom reports for external audiences, or your own records" +weight: 1 --- DefectDojo allows you to create Custom Reports for external audiences, which summarize the Findings or Endpoints that you wish to report on. Custom Reports can include branding and boilerplate text, and can also be used as **[Templates](https://docs.defectdojo.com/en/pro_reports/working-with-generated-reports/)** for future reports. @@ -45,6 +46,32 @@ Widgets are content elements of a report which can be added by dragging and drop * Widgets can also be collapsed by clicking on the grey header, for ease in navigation through a report builder. * The Findings Widget, WYSIWYG Widget and the Endpoints widget can be used more than once. +For more information about Report Widgets, see our [Report Widget index](./#report-widget-index). + +## Step 3: Publish and view your Report + +Once you have finished building your report, you can generate it by clicking the green ‘**Run’** button at the bottom of the **Report Format** section. + +This will automatically take you to the Generated Reports page, and your report will begin to generate in the background. You can check on the Status of your report by reading the Status column next to it, and refreshing the page periodically. + +Once your report has generated, you can view it by either clicking on the **Status** (which will be set to ‘Complete: View Report’), or by opening the **⋮** menu next to your report and selecting **View Report**. + +![image](images/Using_the_Report_Builder_14.png) + +## Step 4: Exporting a Report + +Only DefectDojo users will have access to Reports stored in the software, but Reports are set up in a way where they can be exported or printed easily. + +The easiest method to use is to Print To PDF \- with an HTML Report open, open a **Print** dialog in your browser and set **Save To PDF** as the **Print Destination**. + +![image](images/Using_the_Report_Builder_15.png) + +## Report formatting suggestions + +* WYSIWYG sections can be used to contextualize or summarize Finding lists. We recommend using this widget throughout your report in between Findings or Vulnerable Endpoints widgets. + +## Report Widget Index + ### Cover Page Widget The Cover Page Widget allows you to set a Heading, Sub heading and additional metadata for your report. You can only have a single Cover Page for a given Report. @@ -124,26 +151,4 @@ Select the parameters for the Endpoints you wish to include here and click the * This Widget will render a light grey horizontal line to divide between sections. -![image](images/Using_the_Report_Builder_13.png) - -## Step 3: Publishing and viewing your Report - -Once you have finished building your report, you can generate it by clicking the green ‘**Run’** button at the bottom of the **Report Format** section. - -This will automatically take you to the Generated Reports page, and your report will begin to generate in the background. You can check on the Status of your report by reading the Status column next to it, and refreshing the page periodically. - -Once your report has generated, you can view it by either clicking on the **Status** (which will be set to ‘Complete: View Report’), or by opening the **⋮** menu next to your report and selecting **View Report**. - -![image](images/Using_the_Report_Builder_14.png) - -## Step 4: Exporting a Report - -Only DefectDojo users will have access to Reports stored in the software, but Reports are set up in a way where they can be exported or printed easily. - -The easiest method to use is to Print To PDF \- with an HTML Report open, open a **Print** dialog in your browser and set **Save To PDF** as the **Print Destination**. - -![image](images/Using_the_Report_Builder_15.png) - -## Report formatting suggestions - -* WYSIWYG sections can be used to contextualize or summarize Finding lists. We recommend using this widget throughout your report in between Findings or Vulnerable Endpoints widgets. +![image](images/Using_the_Report_Builder_13.png) \ No newline at end of file diff --git a/docs/content/en/share_your_findings/pro_reports/working_with_generated_reports.md b/docs/content/en/share_your_findings/pro_reports/working_with_generated_reports.md index fc49e0c8cd3..f304aa92f76 100644 --- a/docs/content/en/share_your_findings/pro_reports/working_with_generated_reports.md +++ b/docs/content/en/share_your_findings/pro_reports/working_with_generated_reports.md @@ -1,68 +1,46 @@ --- -title: "Working with Generated Reports" +title: "Templates and Historical Reports" description: "Use a report as a template, or re-run an existing report with updated data" +weight: 2 --- Once you have created one or more **Reports** in DefectDojo you can take further actions, including: - * Using a report as a template for subsequent reports -* Re\-running a report with updated data -* Deleting an old or unused reportsa +* Re-running a report with updated data +* Deleting an old or unused report ![image](images/Working_with_Generated_Reports.png) -# Use a report as a Template - +## Use a report as a Template DefectDojo allows you to easily create Report templates with your team logo, boilerplate text and a standardized content order. - - If you want to change the way a report is set up, or create a new one with a similar layout, you can re\-open the Report Builder by selecting **View Template** from the **⋮** menu next to the report you wish to use as a template. - - There are two places where you can find a Report Template to use: - 1. From the **Generated Reports** page, where you can see a list of completed reports 2. From the **Report Templates** page, where you can see a list of previously run reports, including reports which were deleted from the **Generated Reports** page. Both of these pages can be found in the 📄 **Reports** tab on the sidebar. - - ![image](images/Working_with_Generated_Reports_2.png) -To access the **Report Templates** page, open 📄**Reports \> Report Templates** from the sidebar. From that table, you can open the report builder by clicking the **⋮** menu next to the report you wish to use as a template. - +To access the **Report Templates** page, open 📄**Reports \> Report Templates** from the sidebar. From that table, you can open the report builder by clicking the **⋮** menu next to the report you wish to use as a template. Every time you make changes to a template or previous report, the result will be saved as a **new** report under Generated Reports so that you don't lose the older version. If you like, the older version can be deleted. - - - -# Re\-Running a Report - +## Re\-Running a Report DefectDojo Reports are ‘frozen in time’ \- to keep your records consistent, they do not update automatically when DefectDojo experiences data changes. - - However, if you want to create an updated version of a previously created report, you can do so by selecting **Re\-run Report** from the **⋮** menu next to the report you wish to generate. - - Selecting this option will create a new report in the **Generated Reports** list, with a different **Created** timestamp to indicate that the report was run at a separate time. - - ![image](images/Working_with_Generated_Reports_3.png) -# Deleting a Report - +## Deleting a Report If you no longer need a report, you can delete it by selecting **Delete Report** from the **⋮** menu next to the report you wish to delete. Note that this will only remove the report from the **Generated Reports** list \- a record of the report will still exist under **Report Templates** if you want to re\-run it. - -