Release: Merge release into master from: release/2.41.3

[github-actions]

Release triggered by rossops

[dryrunsecurity]

DryRun Security Summary

The GitHub Pull Request for DefectDojo focuses on improving the application's security features, authentication integrations, notification system, and finding processing through version updates, documentation enhancements, and code refinements across multiple files.

Expand for full summary

Summary:

This GitHub Pull Request contains several changes to the DefectDojo application, primarily focused on improving the application's security features and functionality. The changes include:

1. Version Updates: The application version has been updated from 2.41.2 to 2.41.3 in the package.json and dojo/__init__.py files. Version updates often include security patches and bug fixes, which is a positive step for maintaining the application's security.

2. Authentication and Authorization: The documentation for integrating various authentication providers, such as Auth0, Google, OKTA, Azure Active Directory, GitLab, Keycloak, GitHub Enterprise, and SAML 2.0, has been updated. The documentation emphasizes the importance of secure configuration to ensure the integrity of the authentication process.

3. Notification System Improvements: The code changes focus on improving the notification system, including the way notifications are created, processed, and dispatched. The changes introduce a more modular and extensible design, better error handling, and improved handling of webhook notifications.

4. Deduplication and Findings Processing: The code changes in the default_importer.py, default_reimporter.py, and settings.dist.py files focus on improving the deduplication algorithm and the processing of findings, which is crucial for effective vulnerability management.

5. Asynchronous Processing: The introduction of asynchronous processing for finding imports and object deletions can improve the performance of the application, but it also requires careful consideration of potential concurrency issues.

From an application security perspective, the changes in this Pull Request generally appear to be positive, as they focus on improving the security features, functionality, and maintainability of the DefectDojo application. However, it is important to thoroughly review the changes, test the new functionality, and monitor the application for any unintended security implications.

Files Changed:

1. components/package.json: Version update from 2.41.2 to 2.41.3.
2. dojo/__init__.py: Version update from 2.41.2 to 2.41.3.
3. docs/content/en/open_source/archived_docs/integrations/social-authentication.md: Updated documentation for various authentication providers.
4. dojo/engagement/views.py: Changes to the test creation and notification workflow.
5. dojo/importers/default_importer.py: Improvements to the notification system and asynchronous finding processing.
6. dojo/importers/base_importer.py: Addition of the notify_scan_added() method for creating notifications.
7. dojo/importers/default_reimporter.py: Changes to the reimport functionality, including deduplication and findings group processing.
8. dojo/notifications/helper.py: Refactoring of the notification system to use a more modular and extensible design.
9. dojo/notifications/views.py: Improvements to the notification webhook functionality.
10. dojo/settings/settings.dist.py: Updates to the application settings, including support for new scanners and deduplication algorithms.
11. helm/defectdojo/Chart.yaml: Version update for the Helm chart and the underlying DefectDojo application.
12. unittests/test_notifications.py: Improvements to the notification system tests.

Code Analysis

We ran 9 analyzers against 12 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.