Skip to content

docs maintenance#12455

Merged
Maffooch merged 8 commits into
DefectDojo:bugfixfrom
paulOsinski:sso-changes
May 19, 2025
Merged

docs maintenance#12455
Maffooch merged 8 commits into
DefectDojo:bugfixfrom
paulOsinski:sso-changes

Conversation

@paulOsinski

@paulOsinski paulOsinski commented May 15, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

This PR makes a few minor tweaks to documentation:

  • Removes redundant articles from the Open-Source archive, where the information has already been merged / accounted for in other articles 4cbcfb8
  • Moves content on source-code links to another dir 2ad779f
  • moves information on triageless scanning to import scan article 3268318
  • adds note on whitelisting SSO services (pro SaaS firewall) 6ad3ad5
  • Removes reference to depricated OS Async Import 712f3b2
  • adds OIDC documentation 625b6a7

@github-actions github-actions Bot added the docs label May 15, 2025
@dryrunsecurity

dryrunsecurity Bot commented May 15, 2025
edited
Loading

Copy link
Copy Markdown

DryRun Security

This pull request contains documentation updates that include potential risks such as placeholder credentials in OIDC configuration, hardcoded environment variable examples, and the removal of documentation for an experimental import feature, which could lead to user confusion or misconfiguration.

💭 Unconfirmed Findings (3)
Vulnerability Potential Sensitive Information Exposure in OIDC Configuration
Description Example configurations in OIDC authentication documentation contain placeholder credentials that could be accidentally used, risking unintended credential exposure if users copy-paste without replacing sensitive placeholders.
Vulnerability Hardcoded Environment Variable Examples
Description Documentation contains placeholder environment variables that might lead to misconfigurations if users do not properly sanitize or replace the default values.
Vulnerability Removal of Experimental Feature Documentation
Description Documentation for an experimental asynchronous import feature has been removed, potentially leaving users uninformed about import process limitations and experimental features.

All finding details can be found in the DryRun Security Dashboard.

@paulOsinski paulOsinski changed the base branch from master to bugfix May 15, 2025 14:54
hblankenship
hblankenship suggested changes May 15, 2025
View reviewed changes
Comment thread docs/content/en/connecting_your_tools/import_scan_files/import_scan_ui.md Outdated
@paulOsinski paulOsinski requested a review from hblankenship May 15, 2025 16:13
valentijnscholten
valentijnscholten requested changes May 15, 2025
View reviewed changes

@valentijnscholten valentijnscholten left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed that the docs changes from #10614 are not present in the "new" docs/content/en/customize_dojo/user_management/configure_sso.md page.
Could you double check?

@paulOsinski

paulOsinski commented May 15, 2025

Copy link
Copy Markdown
Contributor Author

thanks @valentijnscholten, good catch. I will update the article with this content.

mtesauro
mtesauro approved these changes May 15, 2025
View reviewed changes

@mtesauro mtesauro left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch added this to the 2.46.3 milestone May 16, 2025
@Maffooch Maffooch merged commit 4f83b84 into DefectDojo:bugfix May 19, 2025
78 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@Maffooch Maffooch Maffooch approved these changes

+1 more reviewer

@hblankenship hblankenship hblankenship approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

docs

Projects

None yet

Milestone

2.46.3

Development

Successfully merging this pull request may close these issues.

5 participants

@paulOsinski @mtesauro @valentijnscholten @hblankenship @Maffooch