Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: Merge back 2.42.0 into dev from: master-into-dev/2.42.0-2.43.0-dev #11513

Merged
merged 7 commits into from
Jan 6, 2025
Merged

Release: Merge back 2.42.0 into dev from: master-into-dev/2.42.0-2.43.0-dev #11513

merged 7 commits into from
Jan 6, 2025

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Jan 6, 2025

Release triggered by Maffooch

paulOsinski and others added 7 commits January 2, 2025 09:54
@paulOsinski
Add pro release notes for 2.41.4 (#11483)
abd1e7f 
* add release notes for 2.41.4

* Update changelog.md

---------

Co-authored-by: Paul Osinski <[email protected]>
@paulOsinski @cneill
Docs maintenance - v2.41.4 (#11484)
a99f02d 
* update docs 'jira'

* rename finding_status_definitions

* update docs 'working with Findings'

* update docs 'dashboard-notifications'

* reorganize sidebar

* add emoji logos to headers

* fix broken links

* rm 'upgrading' pages from search results

* rm aws ami reference

* Update docs/content/en/customize_dojo/dashboard_notifications/about_custom_dashboard_tiles.md

Co-authored-by: Charles Neill <[email protected]>

* Update docs/content/en/customize_dojo/dashboard_notifications/about_custom_dashboard_tiles.md

Co-authored-by: Charles Neill <[email protected]>

* Update about_notifications.md

* update dashboard tiles article

* finish notifications QA

---------

Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: Charles Neill <[email protected]>
@paulOsinski
Update README.md (#11491)
16c0ae3
Update versions in application files
848aa5e
@Maffooch
Merge pull request #11512 from DefectDojo/release/2.42.0
5f69079 
Release: Merge release into master from: release/2.42.0
@Maffooch
Helm Release: Downgrade GH-Release action
4d2bc4f
Update versions in application files
6d1ae70
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 6, 2025
edited
Loading

DryRun Security Summary

The pull request focuses on updating DefectDojo's documentation across various areas, including API documentation, cloud management, and tool integrations, with minor changes to titles, metadata, and documentation organization that do not introduce immediate security concerns.

Expand for full summary

Summary:

The changes in this pull request are primarily focused on updating the documentation for the DefectDojo application. The changes cover a wide range of topics, including API documentation, Helm chart releases, cloud management, connectivity troubleshooting, import methods, and dashboard customization.

From an application security perspective, the changes do not introduce any immediate security concerns. The majority of the changes are related to updating metadata, titles, and the organization of the documentation, which should not have a direct impact on the security of the application.

However, there are a few areas that warrant closer attention:

  1. API Changes: The changes to the /import-scan and /reimport-scan API endpoints, which allow controlling the initial status of imported findings, should be reviewed to ensure that the default behavior does not introduce any security risks.
  2. Deduplication Logic: The changes to the deduplication logic for the Qualys HackerGuardian and Horusec tools should be reviewed to ensure that the new algorithms do not result in missing or incorrectly categorized security vulnerabilities.
  3. Hardcoded Values and Sensitive Information: The documentation should be reviewed for any hardcoded values, API keys, or other sensitive information that could potentially be exposed.
  4. External Service Integration: The documentation mentions the ability to integrate with external services like GitHub and Jira. These integrations should be reviewed to ensure that they are properly secured and do not introduce any vulnerabilities.
  5. Input Validation and Sanitization: While the changes are primarily documentation-focused, it's important to ensure that any user-generated content or external inputs are properly validated and sanitized to prevent potential injection vulnerabilities.

Overall, the changes in this pull request appear to be focused on improving the documentation and usability of the DefectDojo application, and they do not raise any immediate security concerns. However, it's important to maintain vigilance and continue to review any future changes to the documentation and the application's codebase to ensure the ongoing security and integrity of the system.

Files Changed:

  1. docs/content/en/api/_index.md: The title of the API documentation has been updated to include an emoji.
  2. README.md: The screenshot image URL has been updated.
  3. components/package.json: The application version and dependencies have been updated.
  4. docs/content/en/changelog/_index.md: The title of the changelog has been updated to include an emoji.
  5. .github/workflows/release-x-manual-helm-chart.yml: The Helm chart release workflow has been updated.
  6. docs/content/en/cloud_management/additional-cloud-instance.md: The documentation for adding an additional cloud instance has been expanded.
  7. docs/content/en/cloud_management/_index.md: The title and weight of the "DefectDojo Cloud" section have been updated.
  8. docs/content/en/changelog/changelog.md: The changelog has been updated with details on API changes, beta UI changes, and deduplication changes.
  9. docs/content/en/connecting_your_tools/_index.md: The title of the "Connect Your Tools" section has been updated.
  10. docs/content/en/cloud_management/connectivity-troubleshooting.md: The documentation for connectivity troubleshooting has been expanded.
  11. docs/content/en/connecting_your_tools/connectors/_index.md: The weight of the "Connectors" page has been updated.
  12. docs/content/en/connecting_your_tools/import_scan_files/_index.md: The title and weight of the "Import Data" page have been updated.
  13. docs/content/en/connecting_your_tools/import_intro.md: The title of the "Import Methods" section has been updated.
  14. docs/content/en/connecting_your_tools/parsers/_index.md: The title of the "Supported Reports" section has been updated.
  15. docs/content/en/connecting_your_tools/parsers/file/_index.md: The weight of the "File" parsers section has been updated.
  16. docs/content/en/customize_dojo/_index.md: A new "Management & Customization" section has been added.
  17. docs/content/en/connecting_your_tools/parsers/api/_index.md: The weight of the "API Pull" parsers section has been updated.
  18. `docs/content/en/customize_dojo

Code Analysis

We ran 9 analyzers against 30 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

View PR in the DryRun Dashboard.

@Maffooch Maffooch closed this Jan 6, 2025
@Maffooch Maffooch reopened this Jan 6, 2025
@Maffooch Maffooch merged commit 6fd4bf2 into dev Jan 6, 2025
71 checks passed
@Maffooch Maffooch deleted the master-into-dev/2.42.0-2.43.0-dev branch January 6, 2025 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
docs helm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Maffooch @paulOsinski