Merge pull request #9097 from DefectDojo/release/2.29.0

Release: Merge release into master from: release/2.29.0

Author: Maffooch

.github/workflows/release-1-create-pr.yml

@@ -88,7 +88,7 @@ jobs:
       - name: Create Pull Request
         env:
           REPO_ORG: ${{ env.repoorg }}
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.github/workflows/release-3-master-into-dev.yml

@@ -55,7 +55,23 @@ jobs:
           grep version dojo/__init__.py
           grep appVersion helm/defectdojo/Chart.yaml
           grep version components/package.json
-      
+
+      - name: Create upgrade notes to documentation
+        run: |
+          minorv=$(echo ${{ github.event.inputs.release_number_dev }} | cut -d '.' -f -2)
+          patchv=$(echo ${{ github.event.inputs.release_number_dev }} | cut -d '-' -f -1)
+          weight=$(date +%Y%m%d)
+          echo -n "---
+          title: 'Upgrading to DefectDojo Version $minorv.x'
+          toc_hide: true
+          weight: -$weight
+          description: No special instructions.
+          ---
+          There are no special instructions for upgrading to $minorv.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/$patchv) for the contents of the release.
+          " > docs/content/en/getting_started/upgrading/$minorv.md
+          git add docs/content/en/getting_started/upgrading/$minorv.md
+        if: endsWith(github.event.inputs.release_number_dev, '.0-dev')
+
       - name: Push version changes
         uses: stefanzweifel/git-auto-commit-action@v5.0.0
         with:
@@ -70,7 +86,7 @@ jobs:
       - name: Create Pull Request
         env:
           REPO_ORG: ${{ env.repoorg }}
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
@@ -136,7 +152,7 @@ jobs:
       - name: Create Pull Request
         env:
           REPO_ORG: ${{ env.repoorg }}
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.github/workflows/submodule-update.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
       - name: Trigger workflow in Documentation Repo
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           github-token: ${{ secrets.DOCUMENTATION_TOKEN }}
           script: |

Dockerfile.integration-tests-debian

@@ -1,7 +1,7 @@
 
 # code: language=Dockerfile
 
-FROM openapitools/openapi-generator-cli:v7.0.1@sha256:26e3add1a66473bdac63cd3eeec9363d776c343eb50e5e66e97b9ad0d34beaf4 as openapitools
+FROM openapitools/openapi-generator-cli:v7.1.0@sha256:6e6da58bad0078a5f79f666a8b09e9b512528d92526a0f611dda3963f9672115 as openapitools
 FROM python:3.11.4-slim-bullseye@sha256:40319d0a897896e746edf877783ef39685d44e90e1e6de8d964d0382df0d4952 as build
 WORKDIR /app
 RUN \

README.md

@@ -1,64 +1,70 @@
 # DefectDojo
 
 <table>
-   <tr styl="margin: 0; position: absolute; top: 50%; -ms-transform: translateY(-50%); transform: translateY(-50%);">
-     <th><a href="https://opensourcesecurityindex.io/" target="_blank" rel="noopener">
-         <img style="width: 282px; height: 56px" src="https://opensourcesecurityindex.io/badge.svg"
-           alt="Open Source Security Index - Fastest Growing Open Source Security Projects" width="282" height="56" />
-       </a></th>
-     <th>
-       <p><a href="https://www.owasp.org/index.php/OWASP_DefectDojo_Project"><img
-             src="https://img.shields.io/badge/owasp-flagship%20project-orange.svg" alt="OWASP Flagship"></a> <a
-           href="https://github.com/DefectDojo/django-DefectDojo"><img
-             src="https://img.shields.io/github/release/DefectDojo/django-DefectDojo.svg" alt="GitHub release"></a> <a
-           href="https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ"><img
-             src="https://img.shields.io/badge/youtube-subscribe-%23c4302b.svg" alt="YouTube Subscribe"></a> <img
-           src="https://img.shields.io/twitter/follow/defectdojo.svg?style=social&amp;label=Follow" alt="Twitter Follow">
-       </p>
-       <p><a href="https://github.com/DefectDojo/django-DefectDojo/actions"><img
-             src="https://github.com/DefectDojo/django-DefectDojo/actions/workflows/unit-tests.yml/badge.svg?branch=master"
-             alt="Unit Tests"></a><a href="https://github.com/DefectDojo/django-DefectDojo/actions"><img
-             src="https://github.com/DefectDojo/django-DefectDojo/actions/workflows/integration-tests.yml/badge.svg?branch=master"
-             alt="Integration Tests"></a> <a href="https://bestpractices.coreinfrastructure.org/projects/2098"><img
-             src="https://bestpractices.coreinfrastructure.org/projects/2098/badge" alt="CII Best Practices"></a></p>
-     </th>
-   </tr>
+    <tr styl="margin: 0; position: absolute; top: 50%; -ms-transform: translateY(-50%); transform: translateY(-50%);">
+        <th>
+            <a href="https://opensourcesecurityindex.io/" target="_blank" rel="noopener">
+                <img style="width: 282px; height: 56px" src="https://opensourcesecurityindex.io/badge.svg"
+                alt="Open Source Security Index - Fastest Growing Open Source Security Projects" width="282" height="56" />
+            </a>
+        </th>
+        <th>
+            <p>
+                <a href="https://www.owasp.org/index.php/OWASP_DefectDojo_Project"><img src="https://img.shields.io/badge/owasp-flagship%20project-orange.svg" alt="OWASP Flagship"></a>
+                <a href="https://github.com/DefectDojo/django-DefectDojo/releases/latest"><img src="https://img.shields.io/github/release/DefectDojo/django-DefectDojo.svg" alt="GitHub release"></a>
+                <a href="https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ"><img src="https://img.shields.io/badge/youtube-subscribe-%23c4302b.svg" alt="YouTube Subscribe"></a>
+                <a href="https://twitter.com/defectdojo/"><img src="https://img.shields.io/twitter/follow/defectdojo.svg?style=social&amp;label=Follow" alt="Twitter Follow"></a>
+            </p>
+            <p>
+                <a href="https://github.com/DefectDojo/django-DefectDojo/actions"><img src="https://github.com/DefectDojo/django-DefectDojo/actions/workflows/unit-tests.yml/badge.svg?branch=master" alt="Unit Tests"></a>
+                <a href="https://github.com/DefectDojo/django-DefectDojo/actions"><img src="https://github.com/DefectDojo/django-DefectDojo/actions/workflows/integration-tests.yml/badge.svg?branch=master" alt="Integration Tests"></a>
+                <a href="https://bestpractices.coreinfrastructure.org/projects/2098"><img src="https://bestpractices.coreinfrastructure.org/projects/2098/badge" alt="CII Best Practices"></a>
+            </p>
+        </th>
+    </tr>
  </table>
 
 ![Screenshot of DefectDojo](https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/screenshot1.png)
 
-[DefectDojo](https://www.defectdojo.com/) is a security orchestration and
-vulnerability management platform.
-DefectDojo allows you to manage your application security program, maintain
-product and application information, triage vulnerabilities and
-push findings to systems like JIRA and Slack. DefectDojo enriches and
-refines vulnerability data using a number of heuristic algorithms that
-improve with the more you use the platform.
+[DefectDojo](https://www.defectdojo.com/) is a DevSecOps, ASPM (application security posture management), and
+vulnerability management tool.  DefectDojo orchestrates end-to-end security testing, vulnerability tracking,
+deduplication, remediation, and reporting.
 
 ## Demo
 
-Try out the demo server at [demo.defectdojo.org](https://demo.defectdojo.org)
+Try out DefectDojo on our demo server at [demo.defectdojo.org](https://demo.defectdojo.org)
 
-Log in with `admin / 1Defectdojo@demo#appsec`. Please note that the demo is publicly accessible and regularly reset. Do not put sensitive data in the demo.
+Log in with username `admin` and password `1Defectdojo@demo#appsec`. Please note that the demo is publicly accessible
+and regularly reset. Do not put sensitive data in the demo.
 
 ## Quick Start for Compose V2
+
 From July 2023 Compose V1 [stopped receiving updates](https://docs.docker.com/compose/reference/).
 
-Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using `docker compose`, instead of `docker-compose`.
+Compose V2 integrates compose functions into the Docker platform, continuing to support most of the previous
+docker-compose features and flags. You can run Compose V2 by replacing the hyphen (-) with a space, using
+`docker compose` instead of `docker-compose`.
 
 ```sh
+# Clone the project
 git clone https://github.com/DefectDojo/django-DefectDojo
 cd django-DefectDojo
-# building
+
+# Building Docker images
 ./dc-build.sh
-# running (for other profiles besides postgres-redis look at https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md)
+
+# Run the application (for other profiles besides postgres-redis see  
+# https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/DOCKER.md)
 ./dc-up.sh postgres-redis
-# obtain admin credentials. the initializer can take up to 3 minutes to run
-# use docker-compose logs -f initializer to track progress
+
+# Obtain admin credentials. The initializer can take up to 3 minutes to run.
+# Use docker compose logs -f initializer to track its progress.
 docker compose logs initializer | grep "Admin password:"
 ```
+
 ## For Docker Compose V1
-You can run Compose V1 by editing the below files to add the hyphen (-) between `docker compose`. 
+
+You can run Compose V1 by editing the files below to add the hyphen (-) between `docker compose`. 
 ```sh
      dc-build.sh
      dc-down.sh
@@ -71,17 +77,18 @@ You can run Compose V1 by editing the below files to add the hyphen (-) between
      docker/setEnv.sh
 ```
 
-
-Navigate to <http://localhost:8080>.
-
+Navigate to `http://localhost:8080` to see your new instance!
 
 ## Documentation
 
-- [Official Docs](https://documentation.defectdojo.com/) ([latest](https://documentation.defectdojo.com/) | [dev](https://documentation.defectdojo.com/dev))
-- [REST APIs](https://documentation.defectdojo.com/integrations/api-v2-docs/)
-- [Client APIs and Wrappers](https://documentation.defectdojo.com/integrations/api-v2-docs/#clients--api-wrappers)
-- [Authentication Options](readme-docs/AVAILABLE-PLUGINS.md)
-- [Parsers](https://documentation.defectdojo.com/integrations/parsers/)
+* [Official Docs](https://documentation.defectdojo.com/)
+    * [Docs for our `dev` branch](https://documentation.defectdojo.com/dev/)
+* [REST APIs](https://documentation.defectdojo.com/integrations/api-v2-docs/)
+* [Client APIs and Wrappers](https://documentation.defectdojo.com/integrations/api-v2-docs/#clients--api-wrappers)
+* Authentication options:
+    * [OAuth2/SAML2](https://documentation.defectdojo.com/integrations/social-authentication/)
+    * [LDAP](https://documentation.defectdojo.com/integrations/ldap-authentication/)
+* [Supported tools](https://documentation.defectdojo.com/integrations/parsers/)
 
 ## Supported Installation Options
 
@@ -91,52 +98,67 @@ Navigate to <http://localhost:8080>.
 
 ## Community, Getting Involved, and Updates
 
-[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/slack-logo-icon.png" alt="Slack" height="50"/>](https://owasp-slack.herokuapp.com/)
+[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/slack-logo-icon.png" alt="Slack" height="50"/>](https://owasp.org/slack/invite)
 [<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/Linkedin-logo-icon-png.png" alt="LinkedIn" height="50"/>](https://www.linkedin.com/company/defectdojo)
 [<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/Twitter_Logo.png" alt="Twitter" height="50"/>](https://twitter.com/defectdojo)
 [<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/YouTube-Emblem.png" alt="Youtube" height="50"/>](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ)
 
-[Join the slack community](https://owasp.org/slack/invite) and discussion! Realtime discussion is done in the OWASP Slack Channel, #defectdojo.
-Follow DefectDojo on [Twitter](https://twitter.com/defectdojo), [Linkedin](https://www.linkedin.com/company/defectdojo), and [YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) for project updates!
+[Join the OWASP Slack community](https://owasp.org/slack/invite) and participate in the discussion! You can find us in
+our channel there, [#defectdojo](https://owasp.slack.com/channels/defectdojo). Follow DefectDojo on
+[Twitter](https://twitter.com/defectdojo), [LinkedIn](https://www.linkedin.com/company/defectdojo), and
+[YouTube](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ) for project updates!
 
 ## Contributing
 
-:warning: Please note that DefectDojo will soon stop accepting new features to stabilize the API and data model for a
-forthcoming v3 release. See the contributing guidelines below for more details. :warning:
+:warning: We have instituted a [feature freeze](https://github.com/DefectDojo/django-DefectDojo/discussions/8002) on v2
+of DefectDojo as we begin work on v3. Please see our [contributing guidelines](readme-docs/CONTRIBUTING.md) for more
+information. Check out our latest update on v3 [here](https://github.com/DefectDojo/django-DefectDojo/discussions/8974).
 
-See our [Contributing guidelines](readme-docs/CONTRIBUTING.md)
+## Pro Edition
+[Upgrade to DefectDojo Pro](https://www.defectdojo.com/pricing) today to take your DevSecOps to 11. DefectDojo Pro is
+designed to meet you wherever you are on your security journey and help you scale, with enhanced dashboards, additional
+smart features, tunable deduplication, and support from DevSecOps experts.
 
-## Commercial Support and Training
-[Commercial support and training is availaible.](https://www.defectdojo.com/) For information please email info@defectdojo.com.
+Alternatively, for information please email info@defectdojo.com
 
 ## About Us
 
 DefectDojo is maintained by:
-* Greg Anderson ([@devGregA](https://github.com/devgrega) | [linkedin](https://www.linkedin.com/in/g-anderson/))
-* Matt Tesauro ([@mtesauro](https://github.com/mtesauro) | [linkedin](https://www.linkedin.com/in/matttesauro/) | [@matt_tesauro](https://twitter.com/matt_tesauro))
+* Greg Anderson ([@devGregA](https://github.com/devgrega) | [LinkedIn](https://www.linkedin.com/in/g-anderson/))
+* Matt Tesauro ([@mtesauro](https://github.com/mtesauro) | [LinkedIn](https://www.linkedin.com/in/matttesauro/) |
+  [@matt_tesauro](https://twitter.com/matt_tesauro))
 
 Core Moderators can help you with pull requests or feedback on dev ideas:
-* Cody Maffucci ([@Maffooch](https://github.com/maffooch) | [linkedin](https://www.linkedin.com/in/cody-maffucci))
+* Cody Maffucci ([@Maffooch](https://github.com/maffooch) | [LinkedIn](https://www.linkedin.com/in/cody-maffucci))
 
 Moderators can help you with pull requests or feedback on dev ideas:
-* Damien Carol ([@damnielcarol](https://github.com/damiencarol) | [linkedin](https://www.linkedin.com/in/damien-carol/))
+* Damien Carol ([@damiencarol](https://github.com/damiencarol) | [LinkedIn](https://www.linkedin.com/in/damien-carol/))
 * Jannik Jürgens ([@alles-klar](https://github.com/alles-klar))
 * Dubravko Sever ([@dsever](https://github.com/dsever))
-
+* Charles Neill ([@cneill](https://github.com/cneill) | [@ccneill](https://twitter.com/ccneill))
+* Jay Paz ([@jjpaz](https://twitter.com/jjpaz))
+* Blake Owens ([@blakeaowens](https://github.com/blakeaowens))
 
 ## Hall of Fame
-* Valentijn Scholten ([@valentijnscholten](https://github.com/valentijnscholten) | [sponsor](https://github.com/sponsors/valentijnscholten) | [linkedin](https://www.linkedin.com/in/valentijn-scholten/)) - Valentijn served as a core moderator for 3 years. Valentijn’s contributions were numerous and extensive. He overhauled, improved, and optimized many parts of the codebase. He consistently fielded questions, provided feedback on pull requests, and provided a helping hand wherever it was needed.
-* Fred Blaise ([@madchap](https://github.com/madchap) | [linkedin](https://www.linkedin.com/in/fredblaise/)) - Fred served as a core moderator during a critical time for DefectDojo. He contributed code, helped the team stay organized, and architected important policies and procedures.
-* Charles Neill ([@ccneill](https://twitter.com/ccneill)) – Charles served as a
-    DefectDojo Maintainer for years and wrote some of Dojo's core functionality.
-* Jay Paz ([@jjpaz](https://twitter.com/jjpaz)) – Jay was a DefectDojo
-  maintainer for years. He performed Dojo's first UI overhaul, optimized code structure/features, and added numerous enhancements.
 
+* Valentijn Scholten ([@valentijnscholten](https://github.com/valentijnscholten) |
+  [Sponsor](https://github.com/sponsors/valentijnscholten) |
+  [LinkedIn](https://www.linkedin.com/in/valentijn-scholten/)) - Valentijn served as a core moderator for 3 years.
+  Valentijn’s contributions were numerous and extensive. He overhauled, improved, and optimized many parts of the
+  codebase. He consistently fielded questions, provided feedback on pull requests, and provided a helping hand wherever
+  it was needed.
+* Fred Blaise ([@madchap](https://github.com/madchap) | [LinkedIn](https://www.linkedin.com/in/fredblaise/)) - Fred
+  served as a core moderator during a critical time for DefectDojo. He contributed code, helped the team stay organized,
+  and architected important policies and procedures.
+* Aaron Weaver ([@aaronweaver](https://github.com/aaronweaver) | [LinkedIn](https://www.linkedin.com/in/aweaver/)) -
+  Aaron has been a long time contributor and user of DefectDojo. He did the second major UI overhaul and his
+  contributions include automation enhancements, CI/CD engagements, increased metadata at the product level, and many
+  more.
 
 ## Security
 
 Please report Security issues via our [disclosure policy](readme-docs/SECURITY.md).
 
 ## License
 
-DefectDojo is licensed under the [BSD-3-Clause License](LICENSE.md)
+DefectDojo is licensed under the [BSD 3-Clause License](LICENSE.md)

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.28.3",
+  "version": "2.29.0",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docker-compose.yml

@@ -125,7 +125,7 @@ services:
           source: ./docker/extra_settings
           target: /app/docker/extra_settings
   mysql:
-    image: mysql:5.7.44@sha256:880063e8acda81825f0b946eff47c45235840480da03e71a22113ebafe166a3d
+    image: mysql:5.7.44@sha256:f566819f2eee3a60cf5ea6c8b7d1bfc9de62e34268bf62dc34870c4fca8a85d1
     profiles:
       - mysql-rabbitmq
       - mysql-redis
@@ -138,7 +138,7 @@ services:
     volumes:
       - defectdojo_data:/var/lib/mysql
   postgres:
-    image: postgres:16.0-alpine@sha256:acf5271bbecd4b8733f4e93959a8d2b536a57aeee6cc4b6a71890aaf646425b8
+    image: postgres:16.1-alpine@sha256:b218fa67aa721648d3da64351bc9c779074cc17d4e3105dd3acb476627cb3746
     profiles: 
       - postgres-rabbitmq
       - postgres-redis
@@ -149,14 +149,14 @@ services:
     volumes:
       - defectdojo_postgres:/var/lib/postgresql/data
   rabbitmq:
-    image: rabbitmq:3.12.8-alpine@sha256:f1a169ec5763caccdd05c35499c1441a7eacf0c8f442618ca15df4c2da96a735
+    image: rabbitmq:3.12.10-alpine@sha256:d3e61b5e0abb91c088482dc969b8ce2d611f718fcc751a3f8cb8fa2df69da200
     profiles: 
       - mysql-rabbitmq
       - postgres-rabbitmq
     volumes:
        - defectdojo_rabbitmq:/var/lib/rabbitmq
   redis:
-    image: redis:7.2.3-alpine@sha256:5482672695b73780afeddb2ee84d58f393f16f34718d76b246c76afe27465d4c
+    image: redis:7.2.3-alpine@sha256:3ce533b2b057f74b235d1d8697ae08b1b6ff0a5e16827ea6a377b6365693c7ed
     profiles: 
       - mysql-redis
       - postgres-redis