Merge pull request #13904 from DefectDojo/master-into-dev/2.53.2-2.54.0-dev

Release: Merge back 2.53.2 into dev from: master-into-dev/2.53.2-2.54.0-dev

Author: rossops

.github/labeler.yml

@@ -65,3 +65,8 @@ lint:
   - changed-files:
     - any-glob-to-any-file:
       - ruff.toml
+
+gha:
+  - changed-files:
+    - any-glob-to-any-file:
+      - .github/workflows

.github/release-drafter.yml

@@ -43,6 +43,8 @@ categories:
     label: 'localization'
   - title: '🔧 Improved code quality with linters'
     label: 'lint'
+  - title: '⚙️ Improvemets of GitHub Actions'
+    label: 'gha'
   - title: '🧰 Maintenance'
     collapse-after: 3
     labels:

.github/workflows/test-helm-chart.yml

@@ -26,14 +26,17 @@ jobs:
         with:
           python-version: 3.14 # Renovate helper is not needed here
 
-      - name: Configure Helm repos
-        run: |-
-             helm dependency list ./helm/defectdojo
-             helm dependency update ./helm/defectdojo
+      # Running update is not needed for listing - it just triggers errors as soon as one of the subcharts is not in the latest version (`helm dep. update` change content of the chart)
+      # As soon as we would like to run more extensive tests, this can be reenabled, but this will need to be placed after "ct list-changed" command
+      # - name: Configure Helm repos
+      #   run: |-
+      #        helm dependency list ./helm/defectdojo
+      #        helm dependency update ./helm/defectdojo
 
       - name: Set up chart-testing
         uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0
         with:
+          version: 3.14.0 # renovate: datasource=github-releases depName=helm/chart-testing
           yamale_version: 6.1.0 # renovate: datasource=pypi depName=yamale versioning=semver
           yamllint_version: 1.37.1 # renovate: datasource=pypi depName=yamllint versioning=semver
 
@@ -52,6 +55,8 @@ jobs:
           changed=$(ct list-changed --config ct.yaml --target-branch ${{ env.ct-branch}})
           if [[ -n "$changed" ]]; then
             echo "changed=true" >> $GITHUB_OUTPUT
+            echo "Content changed:"
+            echo "$changed" | sed 's/^/  /'
           fi
 
       # run version check only if not dev as in dev we have a `x.y.z-dev` version
@@ -114,12 +119,12 @@ jobs:
       - name: Update values in HELM chart
         if: startsWith(github.head_ref, 'renovate/') || startsWith(github.head_ref, 'dependabot/')
         run: |
-          title=${{ github.event.pull_request.title }}
+          title='${{ github.event.pull_request.title }}'
           chars='{}:[],&*#?|-<>=!%@'
           for c in $(echo "$chars" | grep -o .); do
             title="${title//"$c"/_}"
           done
-          yq -i '.annotations."artifacthub.io/changes" += "- kind: changed\n  description: $title\n"' helm/defectdojo/Chart.yaml
+          yq -i '.annotations."artifacthub.io/changes" += "- kind: changed\n  description: '$title'\n"' helm/defectdojo/Chart.yaml
           git add helm/defectdojo/Chart.yaml
           git commit -m "ci: update Chart annotations from PR #${{ github.event.pull_request.number }}" || echo "No changes to commit"
 

docs/assets/images/asset_hierarchy.png

@@ -18,6 +18,12 @@ See our [Pro UI Guide](../ui_pro_vs_os) for more information.
 
 ![image](images/enabling_deduplication_within_an_engagement_2.png)
 
+### Assets/Organizations
+
+DefectDojo Pro allows for improved organizational visualization for large lists of repositories or other business structures.  See [Assets/Organizations documentation](/en/working_with_findings/organizing_engagements_tests/pro_assets_organizations/) for details.
+
+![image](images/asset_hierarchy_diagram.png)
+
 ### Finding Priority
 
 DefectDojo Pro can pre-triage your Findings by Priority and Risk, allowing your team to identify and fix your most critical issues first.

docs/assets/images/asset_hierarchy_diagram.png

@@ -8,8 +8,57 @@ Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release
 
 For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](/en/open_source/upgrading/upgrading_guide/).
 
+## Dec 2025: v2.53
+
+### Dec 8, 2025: v2.53.1
+
+* **(Assets/Organizations)** Introduced overhaul to Products/Product Types, added the ability to create and diagram relationships between Assets.  See [Assets/Organizations documentation](/en/working_with_findings/organizing_engagements_tests/pro_assets_organizations/) for details, and information on opting in to the Beta.
+* **(Findings)** Added new KEV fields for ransomware, exploits, and date handling.
+
+### Dec 1, 2025: v2.53.0
+
+* **(Pro UI)** Added Asset Hierarchy.
+* **(Priority)** Priority and Risk can now be overridden manually, or through Rules Engine.
+
+## Nov 2025: v2.52
+
+### Nov 24, 2025: v2.52.3
+
+* **(Pro UI)** Improved error messaging for failed Imports.
+* **(Pro UI)** Added Engagement Tags column to Finding lists
+
+
+### Nov 17, 2025: v2.52.2
+
+* No significant feature changes.
+
+### Nov 10, 2025: v2.52.1
+
+* **(Pro UI)** Finding view now shows all associated Endpoints, not just Active Endpoints
+
+
+### Nov 3, 2025: v2.52.0
+
+* **(Pro UI)** In-app Contact Support form now requires a valid email address in your user profile.
+* **(Pro UI)** You can now Add Files to Findings through the Pro UI directly from Finding Lists.
+* **(Pro UI)** Unicode letters are now allowed in Tags.
+
 ## Oct 2025: v2.51
 
+### Oct 27, 2025: v2.51.3
+
+* **(Tools)** Added Nuclei scan support for Smart Upload.
+* **(Priority)** Added Prioritization Engine to allow for configurable Priority and Risk calculations for individual Findings under a given Product.
+* **(Metrics)** Updated Metrics table to include Products with zero Findings (as a result of filter parameters, or otherwise).
+* **(Pro UI)** Added Surveys to Pro UI.
+
+
+
+### Oct 20, 2025: v2.51.2
+
+* **(Connectors)** Added Anchore Enterprise Connector.
+
+
 ### Oct 14, 2025: v2.51.1
 
 * **(Pro UI)** Added Finding Quick Report feature.  Quick report allows users to quickly render an HTML report with the currently displayed Findings on a Finding table.

docs/assets/images/asset_hierarchy_node.png

@@ -133,7 +133,7 @@ The Azure AD token need to be configured to include Group IDs. Without this step
 To update the format of the token, add a [Group Claim](https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-fed-group-claims) that applies to whatever Group type you are using.
 If unsure of what type that is, select `All Groups`. Do not activate `Emit groups as role claims` within the Azure AD "Token configuration" page.
 
-Application API permissions need to be updated with the `Group.Read.All` permission so that groups can be read on behalf of the user that has successfully signed in.
+Application API permissions need to be updated with the `GroupMember.Read.All` or `Group.Read.All` permission so that groups can be read on behalf of the user that has successfully signed in.  `GroupMember.Read.All` is recommended as this grants the application fewer permissions.
 
 ##### Group Cleaning
 
@@ -169,7 +169,7 @@ The Azure AD token returned by Azure will also need to be configured to include
 
 If unsure of what type that is, select `All Groups`. Do not activate `Emit groups as role claims` within the Azure AD "Token configuration" page.
 
-Application API permissions need to be updated with the `Group.Read.All` permission so that groups can be read on behalf of the user that has successfully signed in.
+Application API permissions need to be updated with the `GroupMember.Read.All` or `Group.Read.All` permission so that groups can be read on behalf of the user that has successfully signed in.  `GroupMember.Read.All` is recommended as this grants the application fewer permissions.
 
 To limit the amount of groups imported from Azure AD, a regular expression can be used as the following: