Add UI toggle for classic Bootstrap fallback and align form field widths

.dryrunsecurity.yaml

@@ -14,7 +14,8 @@ sensitiveCodepaths:
   - 'dojo/group/*.py'
   - 'dojo/importers/*.py'
   - 'dojo/importers/**/*.py'
-  - 'dojo/jira_link/*.py'
+  - 'dojo/jira/*.py'
+  - 'dojo/jira/**/*.py'
   - 'dojo/metrics/*.py'
   - 'dojo/note_type/*.py'
   - 'dojo/notes/*.py'

.gitattributes

@@ -0,0 +1,14 @@
+# Normalize line endings to LF
+*.sh     text eol=lf
+*.expect text eol=lf
+*.py     text eol=lf
+*.yml    text eol=lf
+*.yaml   text eol=lf
+*.md     text eol=lf
+
+# Binary files — never touch line endings
+*.png    binary
+*.jpg    binary
+*.gif    binary
+*.ico    binary
+*.pdf    binary

.github/dependabot.yml

@@ -3,7 +3,9 @@ updates:
 - package-ecosystem: pip
   directory: "/"
   schedule:
-    interval: daily
+    interval: weekly
+    day: wednesday
+    time: "08:00"
   open-pull-requests-limit: 10
   target-branch: dev
   ignore:
@@ -16,7 +18,9 @@ updates:
 - package-ecosystem: npm
   directory: "/components"
   schedule:
-    interval: daily
+    interval: weekly
+    day: wednesday
+    time: "08:00"
   open-pull-requests-limit: 10
   target-branch: dev
   ignore:

.github/pull_request_template.md

@@ -25,7 +25,7 @@ This checklist is for your information.
 - [ ] Features/Changes should be submitted against the `dev`.
 - [ ] Bugfixes should be submitted against the `bugfix` branch.
 - [ ] Give a meaningful name to your PR, as it may end up being used in the release notes.
-- [ ] Your code is flake8 compliant.
+- [ ] Your code is Ruff compliant (see [ruff.toml](../ruff.toml)).
 - [ ] Your code is python 3.13 compliant.
 - [ ] If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
 - [ ] Model changes must include the necessary migrations in the dojo/db_migrations folder.

.github/renovate.json

@@ -1,7 +1,9 @@
 {
   "extends": [
-    "config:recommended"
+    "config:recommended",
+    "schedule:weekly"
   ],
+  "schedule": ["* * * * 3"],
   "dependencyDashboard": true,
   "dependencyDashboardApproval": false,
   "baseBranchPatterns": ["dev"],
@@ -16,7 +18,7 @@
     "dojo/components/yarn.lock",
     "dojo/components/package.json"
   ],
-  "ignoreDeps": [],
+  "ignoreDeps": ["gohugoio/hugo"],
   "packageRules": [{
     "matchPackageNames": ["*"],
     "commitMessageExtra": "from {{currentVersion}} to {{#if isMajor}}v{{{newMajor}}}{{else}}{{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}{{/if}}",

.github/workflows/build-docker-images-for-testing.yml

@@ -49,11 +49,11 @@ jobs:
         run: echo "IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
 
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
         timeout-minutes: 15
         env:
           DOCKER_BUILD_CHECKS_ANNOTATIONS: false
@@ -67,7 +67,7 @@ jobs:
       # export docker images to be used in next jobs below
       - name: Upload image ${{ matrix.docker-image }} as artifact
         timeout-minutes: 15
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: built-docker-image-${{ matrix.docker-image }}-${{ matrix.os }}-${{ env.PLATFORM }}
           path: ${{ matrix.docker-image }}-${{ matrix.os }}-${{ env.PLATFORM }}_img

.github/workflows/cancel-outdated-workflow-runs.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 3
     steps:
-      - uses: styfle/cancel-workflow-action@3155a141048f8f89c06b4cdae32e7853e97536bc # 0.13.0
+      - uses: styfle/cancel-workflow-action@d07a454dad7609a92316b57b23c9ccfd4f59af66 # 0.13.1
         with:
-          workflow_id: 'integration-tests.yml,k8s-testing.yml,unit-tests.yml'
+          workflow_id: 'integration-tests.yml,k8s-tests.yml,unit-tests.yml,validate_docs_build.yml,test-helm-chart.yml,ruff.yml,shellcheck.yml'
           access_token: ${{ github.token }}

.github/workflows/fetch-oas.yml

@@ -55,7 +55,7 @@ jobs:
         run: docker compose down
 
       - name: Upload oas.${{ matrix.file-type }} as artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: oas-${{ matrix.file-type }}
           path: oas.${{ matrix.file-type }}

.github/workflows/gh-pages.yml

@@ -18,16 +18,16 @@ jobs:
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
         with:
-          hugo-version: '0.153.4' # renovate: datasource=github-releases depName=gohugoio/hugo
+          hugo-version: '0.153.4'
           extended: true
 
       - name: Setup Node
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
         with:
-          node-version: '24.13.1' # TODO: Renovate helper might not be needed here - needs to be fully tested
+          node-version: '24.15.0' # TODO: Renovate helper might not be needed here - needs to be fully tested
 
       - name: Cache dependencies
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
         with:
           path: ~/.npm
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -42,7 +42,7 @@ jobs:
 
       - name: Setup Pages
         id: pages
-        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
+        uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0
 
       - name: Install dependencies
         run: cd docs && npm ci

.github/workflows/integration-tests.yml

@@ -11,38 +11,72 @@ jobs:
     strategy:
       matrix:
         test-case: [
-          "tests/finding_test.py",
-          "tests/report_builder_test.py",
-          "tests/notes_test.py",
-          "tests/regulations_test.py",
-          "tests/product_type_test.py",
-          "tests/product_test.py",
+          "openapi-validatator",
+          "tests/action_history_test.py",
+          "tests/alerts_test.py",
+          "tests/announcement_banner_test.py",
+          "tests/banner_test.py",
+          "tests/base_test_class.py",
+          "tests/benchmark_test.py",
+          "tests/calendar_test.py",
+          "tests/check_various_pages.py",
+          "tests/close_old_findings_dedupe_test.py",
+          "tests/close_old_findings_test.py",
+          "tests/credential_test.py",
+          "tests/dashboard_test.py",
+          "tests/dedupe_test.py",
+          "tests/endpoint_extended_test.py",
           "tests/endpoint_test.py",
+          "tests/engagement_checklist_test.py",
+          "tests/engagement_export_test.py",
+          "tests/engagement_extended_test.py",
+          "tests/engagement_presets_test.py",
           "tests/engagement_test.py",
           "tests/environment_test.py",
-          "tests/test_test.py",
-          "tests/user_test.py",
+          "tests/false_positive_history_test.py",
+          "tests/file_test.py",
+          "tests/finding_extended_test.py",
+          "tests/finding_group_test.py",
+          "tests/finding_test.py",
           "tests/group_test.py",
+          "tests/login_test.py",
+          "tests/metrics_extended_test.py",
+          "tests/note_type_test.py",
+          "tests/notes_test.py",
+          "tests/notification_webhook_test.py",
+          "tests/notifications_test.py",
+          "tests/object_test.py",
+          "tests/product_credential_test.py",
           "tests/product_group_test.py",
-          "tests/product_type_group_test.py",
           "tests/product_member_test.py",
+          "tests/product_metadata_test.py",
+          "tests/product_tag_metrics_test.py",
+          "tests/product_test.py",
+          "tests/product_type_group_test.py",
           "tests/product_type_member_test.py",
-          "tests/ibm_appscan_test.py",
+          "tests/product_type_test.py",
+          "tests/questionnaire_advanced_test.py",
+          "tests/questionnaire_test.py",
+          "tests/regulations_test.py",
+          "tests/reimport_scan_test.py",
+          "tests/report_builder_test.py",
+          "tests/risk_acceptance_test.py",
           "tests/search_test.py",
-          "tests/file_test.py",
-          "tests/dedupe_test.py",
-          "tests/announcement_banner_test.py",
-          "tests/close_old_findings_dedupe_test.py",
-          "tests/close_old_findings_test.py",
-          "tests/false_positive_history_test.py",
-          "tests/check_various_pages.py",
+          "tests/sla_configuration_test.py",
+          "tests/system_settings_test.py",
+          "tests/test_copy_test.py",
+          "tests/test_test.py",
+          "tests/test_type_test.py",
+          "tests/threat_model_test.py",
+          "tests/tool_config.py",
+          "tests/tool_product_test.py",
+          "tests/tool_type_test.py",
+          "tests/user_profile_test.py",
+          "tests/user_test.py",
           # "tests/import_scanner_test.py",
           # "tests/zap.py",
-          "tests/notifications_test.py",
-          "tests/tool_config.py",
-          "openapi-validatator",
         ]
-        os: [alpine, debian]
+        os: [debian]
         v3_feature_locations: [true, false]
         exclude:
           # standalone create endpoint page is gone in v3
@@ -58,7 +92,7 @@ jobs:
 
       # load docker images from build jobs
       - name: Load images from artifacts
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           path: built-docker-image
           pattern: built-docker-image-*

.github/workflows/k8s-tests.yml

@@ -16,16 +16,16 @@ jobs:
           # databases, broker and k8s are independent, so we don't need to test each combination
           # lastest k8s version (https://kubernetes.io/releases/) and the oldest officially supported version
           # are tested (https://kubernetes.io/releases/)
-          - k8s: 'v1.35.1' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose
+          - k8s: 'v1.35.4' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose
             os: debian
-          - k8s: '1.32.12' # renovate: datasource=custom.endoflife-oldest-maintained depName=kubernetes
+          - k8s: '1.33.11' # renovate: datasource=custom.endoflife-oldest-maintained depName=kubernetes
             os: debian
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Setup Minikube
-        uses: manusa/actions-setup-minikube@8234275e0386fe1cdaf519d28c90f4f03fad89e4 # v2.15.0
+        uses: manusa/actions-setup-minikube@96202dee4ae1c2f46a62fe197273aaf22b83f42d # v2.16.1
         with:
           minikube version: 'v1.38.1' # renovate: datasource=github-releases depName=kubernetes/minikube
           kubernetes version: ${{ matrix.k8s }}
@@ -38,7 +38,7 @@ jobs:
           minikube status
 
       - name: Load images from artifacts
-        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           path: built-docker-image
           pattern: built-docker-image-*

.github/workflows/performance-tests.yml

@@ -0,0 +1,74 @@
+name: Performance Tests
+
+on:
+  workflow_call:
+
+jobs:
+  performance-tests:
+    name: Performance Tests
+    runs-on: ubuntu-latest
+    needs: []
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Set-platform
+        run: |
+          echo "PLATFORM=linux-amd64" >> $GITHUB_ENV
+
+      - name: Load images from artifacts
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          path: built-docker-image
+          pattern: built-docker-image-django-debian-linux-amd64
+          merge-multiple: true
+
+      - name: Load docker images
+        timeout-minutes: 10
+        run: |
+          docker load -i built-docker-image/django-debian-linux-amd64_img
+          docker images
+
+      - name: Set unit-test mode
+        run: docker/setEnv.sh unit_tests_cicd
+
+      - name: Start Postgres and webhook.endpoint
+        run: docker compose up --no-deps -d postgres webhook.endpoint
+
+      - name: Start uwsgi (idle)
+        timeout-minutes: 5
+        run: |
+          docker compose -f docker-compose.yml -f docker-compose.override.unit_tests_cicd.yml \
+            -f docker/docker-compose.override.performance_tests_cicd.yml \
+            up -d --no-deps uwsgi
+        env:
+          DJANGO_VERSION: debian
+
+      - name: Run performance tests (auto-update counts)
+        timeout-minutes: 15
+        run: python3 scripts/update_performance_test_counts.py
+
+      - name: Check counts are up to date
+        run: |
+          if ! git diff --quiet unittests/test_importers_performance.py; then
+            echo "Performance test counts are out of date. Fix them by running locally:"
+            echo ""
+            echo "  python3 scripts/update_performance_test_counts.py"
+            echo ""
+            echo "Diff:"
+            git diff unittests/test_importers_performance.py
+            exit 1
+          else
+            echo "Performance test counts are up to date."
+          fi
+
+      - name: Logs
+        if: failure()
+        run: docker compose logs --tail="2500" uwsgi
+
+      - name: Shutdown
+        if: always()
+        run: docker compose down

.github/workflows/release-1-create-pr.yml

@@ -93,7 +93,7 @@ jobs:
           grep -H version helm/defectdojo/Chart.yaml
 
       - name: Run helm-docs
-        uses: losisin/helm-docs-github-action@6f957579ac122ecc167bf515fe84e828686c9a15 # v1.7.1
+        uses: losisin/helm-docs-github-action@2ccf3e77eb70dc80d62f8cc26f15d0a96b75fef4 # v1.8.0
         with:
           chart-search-root: "helm/defectdojo"
 
@@ -107,15 +107,21 @@ jobs:
           branch: ${{ env.NEW_BRANCH }}
 
       - name: Create Pull Request
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
-            github.rest.pulls.create({
+            const pr = await github.rest.pulls.create({
               owner: '${{ env.GITHUB_ORG }}',
               repo: 'django-DefectDojo',
               title: 'Release: Merge release into master from: ${{ env.NEW_BRANCH }}',
               body: `Release triggered by \`${ process.env.GITHUB_ACTOR }\``,
               head: '${{ env.NEW_BRANCH }}',
               base: 'master'
             })
+            await github.rest.issues.addLabels({
+              owner: '${{ env.GITHUB_ORG }}',
+              repo: 'django-DefectDojo',
+              issue_number: pr.data.number,
+              labels: ['release-management']
+            })

.github/workflows/release-2-tag-docker-push.yml

@@ -71,7 +71,7 @@ jobs:
     secrets: inherit
 
   release-drafter:
-    needs: publish-container-digests
+    needs: [publish-container-digests, release-helm-chart]
     uses: ./.github/workflows/release-drafter.yml
     with:
       version: ${{ inputs.release_number }}