Release: Merge back 2.43.4 into dev from: master-into-dev/2.43.4-2.44…

….0-dev (#11888)

* Update versions in application files

* Return Feedback about wrong File Format in ZAP (#11772)

* Return Feedback about wrong File Format in ZAP

* ruff

* Surveys: Correct Question 404 (#11862)

* Surveys: Correct Question 404

When editing a survey question, a 404 is presented for a valid object. At some point, the content type for Questions changed to `Defect Dojo` (the verbose name of the app) rather than `dojo` (the common name)

There is only one place where the name of the content type is accessed, so adding some backward compatible checks corrected the issue

[sc-10195]

* Update views.py

* API Tags: Add filter for `AND` expressions (#11743)

* API Tags: Add filter for `AND` expressions

* Fix some ruff stuff

* Small corrections

* Update dojo/filters.py

* Release Notes: 2.43.3 (#11857)

* add 2.43.0 changelog

* add 2.43.1

* v2.43.2

* 2.43.3

---------

Co-authored-by: Paul Osinski <[email protected]>

* Docs Updates: Feb (#11791)

* exclude archived docs from search

* rm index files from search results

* fix typo - CWE to CVE

* update external_tools.md with additional windows options

* remove outdated github.io links

* specify that EPSS sync is pro-only

* add universal parser documentation

* add beta notice to Universal Parser

* Update universal_parser.md

* add back defectdojo.com/pricing links

* add scss change to fix 'central column' issue

* add rules engine Pro documentation

* change casing for screenshots

* create pro features list, add to header

* Rename Enabling_Deduplication_within_an_Engagement.png to enabling_deduplication_within_an_engagement.png

* Rename Enabling_Deduplication_within_an_Engagement_2.png to enabling_deduplication_within_an_engagement_2.png

* Rename Enabling_Deduplication_within_an_Engagement_3.png to enabling_deduplication_within_an_engagement_3.png

* Rename Enabling_Deduplication_within_an_Engagement_4.png to enabling_deduplication_within_an_engagement_4.png

---------

Co-authored-by: Paul Osinski <[email protected]>

* Feb docs hotfix (#11870)

* Rename Enabling_Product-Level_Deduplication.png to enabling_product-level_deduplication.png

* Rename Enabling_Product-Level_Deduplication_2.png to enabling_product-level_ceduplication_2.png

* Rename enabling_product-level_ceduplication_2.png to enabling_product-level_deduplication_2.png

* Update versions in application files

* Update versions in application files

* Fixing flake 8

---------

Co-authored-by: DefectDojo release bot <[email protected]>
Co-authored-by: Cody Maffucci <[email protected]>
Co-authored-by: manuelsommer <[email protected]>
Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: Ross E Esposito <[email protected]>

docs/assets/scss/common/_custom.scss

@@ -14,4 +14,6 @@
     font-weight: 500;
     src: url('/fonts/worksans/work-sans-v19-latin-500.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
   }
-
+  .container-lg {
+    max-width: 100%;
+  }

docs/config/_default/menus/menus.en.toml

@@ -3,11 +3,16 @@
   url = "/en/about_defectdojo/about_docs/"
   weight = 10
 
-  [[main]]
+[[main]]
   name = "Changelog"
   url = "/en/changelog/changelog/"
   weight = 11
 
+[[main]]
+  name = "Pro Features"
+  url = "/en/about_defectdojo/pro_features"
+  weight = 11
+
 [[social]]
   name = "X"
   pre = '<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-brand-x" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"></path><path d="M4 4l11.733 16h4.267l-11.733 -16z"></path><path d="M4 20l6.768 -6.768m2.46 -2.46l6.772 -6.772"></path></svg>'

docs/content/en/_index.md

@@ -13,4 +13,5 @@ cascade:
 - type: "docs"
   _target:
     path: "/**"
+exclude_search: true
 ---

docs/content/en/about_defectdojo/_index.md

@@ -14,4 +14,5 @@ cascade:
 - type: "docs"
   _target:
     path: "/**"
+exclude_search: true
 ---

docs/content/en/about_defectdojo/about_docs.md

@@ -54,7 +54,7 @@ DefectDojo Inc. hosts a commercial edition of this software, which includes:
 - cloud hosting, with regular backups, updates and maintenance
 - premium support and implementation guidance
 
-For more information, please visit [defectdojo.com](https://www.defectdojo.com/).
+For more information, please visit [defectdojo.com](https://defectdojo.com/pricing).
 
 DefectDojo Inc. maintains this documentation to support both the Community and Pro editions of DefectDojo.
 

docs/content/en/about_defectdojo/new_user_checklist.md

@@ -1,5 +1,5 @@
 ---
-title: "New User Checklist"
+title: "☑️ New User Checklist"
 description: "Get Started With DefectDojo"
 draft: "false"
 weight: 2

docs/content/en/about_defectdojo/pro_features.md

@@ -0,0 +1,52 @@
+---
+title: "Pro Features List"
+description: "List of Pro Features in DefectDojo"
+draft: "false"
+weight: 2
+chapter: true
+exclude_search: true
+---
+
+DefectDojo Pro comes with many additional features.  Here is list of those features, along with links to documentation to see them in action:
+
+## Improved UX
+
+### Pro UI
+DefectDojo's UI has been reworked in DefectDojo Pro to be faster, more functional and to be better at navigating through enterprise-level data volume.  See our [Beta UI Guide](../ui_pro_vs_os) for more information.
+
+![image](images/enabling_deduplication_within_an_engagement_2.png)
+
+### Rules Engine
+DefectDojo Pro's Rules Engine allows you to set up a script of automated bulk actions - no programming experience required.
+Build custom workflows and bulk actions to handle Findings and other objects.  See our [Rules Engine Guide](/en/customize_dojo/rules_engine) for more info.
+
+![image](images/rules_engine_4.png)
+
+## Streamlined import
+
+### CLI Tools
+Quickly build a command-line pipeline to import, reimport and export data to your DefectDojo Pro instance using our Universal Importer and DefectDojo CLI apps.  These tools are maintained by the DefectDojo Pro team and can be run in Windows, Macintosh or Linux environments.  See our [External Tools Guide](/en/connecting_your_tools/external_tools/) for more information.
+
+### Connectors
+DefectDojo can instantly connect to supported tools to import new Finding data - get an automated Import pipeline working out-of-the-box, without the need to set up any API calls or cron jobs.  See our [Connectors Guide](/en/connecting_your_tools/connectors/about_connectors/) for more information.
+
+![image](images/add_edit_connectors_2.png)
+
+Supported tools for Connectors include:
+
+* AWS Security Hub
+* BurpSuite
+* Checkmarx ONE
+* Dependency-Track
+* Probely
+* Semgrep
+* SonarQube
+* Snyk
+* Tenable
+
+### Universal Parser
+Are you using an unsupported or customized scanning tool?  Or do you just wish DefectDojo handled a report slightly differently?
+
+Use DefectDojo Pro's Universal Parser to turn any .json or .csv report into an actionable set of Findings, and have DefectDojo parse the data however you like.  See our [Universal Parser Guide](/en/connecting_your_tools/universal_parser/)
+
+![image](images/universal_parser_3.png)

docs/content/en/about_defectdojo/request_a_trial.md

@@ -14,7 +14,7 @@ At the end of this process, you'll be put in touch with our Sales team, who will
 
 # **Requesting your Trial**
 
-In order to sign up for a trial, you'll need to create an account on our Cloud Portal, and then click the New Subscription menu option from the sidebar.
+In order to sign up for a trial, you'll need to create an account on our [Cloud Portal](https://defectdojo.com/pricing), and then click the New Subscription menu option from the sidebar.
 
 ![image](images/request_a_trial_mg.png)
 

docs/content/en/about_defectdojo/ui_pro_vs_os.md

@@ -41,6 +41,11 @@ The Enterprise settings section contains the System Settings, Jira Instances, De
 
 6. The table also has a **"Toggle Columns"** menu which can add or remove columns from the table.
 
+## Filtering the Table
+In this screenshot we are filtering for all Findings that are in 'Product One'.  Once we apply this filter (by clicking outside of the Filters menu), the contents of this Finding list will automatically update to reflect the filter applied.
+
+![image](images/rules_engine_3.png)
+
 ## New Dashboards
 
 New metrics visualizations are included in the Beta UI.  All of these reports can be filtered and exported as PDF to share them with a wider audience.

docs/content/en/api/_index.md

@@ -12,4 +12,5 @@ seo:
   description: "" # custom description (recommended)
   canonical: "" # custom canonical URL (optional)
   robots: "" # custom robot tags (optional)
+exclude_search: true
 ---

docs/content/en/changelog/_index.md

@@ -12,4 +12,5 @@ seo:
   description: "" # custom description (recommended)
   canonical: "" # custom canonical URL (optional)
   robots: "" # custom robot tags (optional)
+exclude_search: true
 ---

docs/content/en/changelog/changelog.md

@@ -1,12 +1,47 @@
 ---
 title: "DefectDojo Pro Changelog"
 description: "DefectDojo Changelog"
+exclude_search: true
 ---
 
 Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release notes are focused on UX, so will not include all code changes.
 
 For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](../../open_source/upgrading/upgrading_guide).
 
+## Feb 2025: v2.43
+
+### Feb 19, 2025: v2.43.3
+
+- **(API)** `/audit_log` has been added as an API endpoint for DefectDojo Pro, which can return a JSON report of all user activity, or filter by object ID. <span style="background-color:rgba(242, 86, 29, 0.5)">(Pro)</span>
+- **(Beta UI)** Vulnerability ID can now be edited for a given Finding, using the Edit Finding page.  This allows users to manually identify duplicates by assigning a matching Vulnerability ID to an additional Finding.
+
+### Feb 12, 2025: v2.43.2
+
+- **(Beta UI)** Tests and Risk Acceptances can now be added directly from the All Tests / All Risk Acceptances lists.
+- **(CLI Tools)** Added a `background-import` flag to allow for asynchronous imports or reimports.
+- **(Connectors)** Users of Burp, SonarQube and Dependency-Track Connectors can now set a minimum Severity level for Findings to limit the amount of data imported via Connector.  Findings below the minimum Severity level will not be imported.  If Minimum Severity is changed, existing Findings below the new Minimum Severity will be Closed (not deleted).
+- **(API)** Fixed issue where Findings created by API with methods other than `/import` / `/reimport` were not being identified as duplicates.
+- **(Findings)** 'Close Old Findings' will now apply 'Unique ID From Tool' deduplication, if this algorithm is in use for a set of Findings.
+
+### Feb 10, 2025: v2.43.1
+
+- **(Beta UI)** Added 'Has Jira' (True/False) as a filter, to filter Findings, Products or Engagements that have associated Jira data.
+- **(Beta UI)** Notes can now be added to Engagement / Findings / Tests from All Engagements / Findings / Tests lists as well as View Engagement / Findings / Tests pages.
+- **(Beta UI)** Added ability to Close Finding from a Finding List, without needing to first open the Edit Finding form.
+- **(CLI Tools)** Improved help text for Universal Importer / DefectDojo CLI. Many guides and examples are now in our [docs](/en/connecting_your_tools/external_tools/) instead of being displayed in the CLI itself.
+- **(Tools)** Updated Burp scan to use Hashcode Deduplication.  Default hashcode forms are `title`, `file_path`, `severity`, and `vuln_id_from_tool`.
+- **(Tools)** Corrected issue with AWS Inspector2 OSS parser related to `mitigated date` being handled incorrectly.
+
+### Feb 3, 2025: v2.43.0
+
+- **(Beta UI)** Users can now upload local SAML metadata when configuring SAML.
+- **(Beta UI)** Added new section on Risk Acceptance Form to allow users to upload 'Proof'; any relevant files that can be used to support a Risk Acceptance (emails, screenshots of communication, policies, etc).
+- **(Connectors)** Users of Semgrep and Tenable Connectors can now set a minimum Severity level for Findings to limit the amount of data imported via Connector.  Findings below the minimum Severity level will not be imported.  If Minimum Severity is changed, existing Findings below the new Minimum Severity will be Closed (not deleted).
+- **(Reimport)** Clarified 'no change' state in Import History with message 'There were no findings created, closed, or modified'.
+- **(Jira)** Next-Gen Epic creation from an Engagement no longer requires an Epic Name to be set, and will instead use an Epic ID value if Epic Name fails.
+- **(Jira)** Removed HTML encoding from strings that are sent to Jira, to prevent escape characters from being added to issue descriptions unnecessarily.
+- **(System Settings)** Split up the 'Disclaimer' function, allowing boilerplate 'Disclaimer' text to be displayed in Notifications, Reports, or Notes.
+
 ## Jan 2025: v2.42
 
 ### Jan 27, 2025: v2.42.3

docs/content/en/cloud_management/_index.md

@@ -12,4 +12,5 @@ seo:
   description: "" # custom description (recommended)
   canonical: "" # custom canonical URL (optional)
   robots: "" # custom robot tags (optional)
+exclude_search: true
 ---

docs/content/en/connecting_your_tools/_index.md

@@ -12,4 +12,5 @@ seo:
   description: "" # custom description (recommended)
   canonical: "" # custom canonical URL (optional)
   robots: "" # custom robot tags (optional)
+exclude_search: true
 ---

docs/content/en/connecting_your_tools/connectors/_index.md

@@ -15,4 +15,5 @@ seo:
   canonical: "" # custom canonical URL (optional)
   robots: "" # custom robot tags (optional)
 pro-feature: true
+exclude_search: true
 ---

docs/content/en/connecting_your_tools/external_tools.md

@@ -26,6 +26,8 @@ Optional: Add the directory containing the extracted binary to your system's $PA
 
 **Note that Macintosh users may be blocked from running DefectDojo-CLI or Universal Importer as they are apps from an unidentified developer.  See [Apple Support](https://support.apple.com/en-ca/guide/mac-help/mh40616/mac) for instructions on how to override the block from Apple.**  
 
+**Windows Users: If you receive the "Couldn't download - virus detected" error, disabling Smartscreen may work. Otherwise, use a different browser to download the tool from the Cloud portal.**
+
 ## Configuration
 
 Universal Importer & DefectDojo-CLI can be configured using flags, environment variables, or a configuration file. The most important configuration is the API token, which must be set as an environment variable:
@@ -51,6 +53,56 @@ in the user dropdown in the top-right corner:
 
 Note: On Windows, use `set` instead of `export`.
 
+### Windows: Using PowerShell
+1. Open PowerShell (Windows Key, then search for "PowerShell").
+2. Set the environment variables:
+   - **Temporary:**
+     ```powershell
+     $env:DD_IMPORTER_DOJO_API_TOKEN = "[VALUE_FROM_DEFECTDOJO_API]"
+     $env:DD_IMPORTER_DEFECTDOJO_URL=”[e.g. http://localhost:8080/defectdojo]”
+     ```
+   - **Permanent:**
+     ```powershell
+     [Environment]::SetEnvironmentVariable("DD_IMPORTER_DOJO_API_TOKEN", "[VALUE_FROM_DEFECTDOJO_API]", "Machine")
+     ```
+3. Restart your PowerShell session.
+4. Verify the setting:
+   ```powershell
+   echo $env:DD_IMPORTER_DOJO_API_TOKEN
+   echo $env:DD_IMPORTER_DEFECTDOJO_URL
+   ```
+
+### Windows: Using Command Prompt (Administrative Accounts)
+1. Open Command Prompt (Windows Key, then search for "Command Prompt").
+2. Set the environment variables:
+   - **Temporary:**
+     ```cmd
+     set DD_IMPORTER_DOJO_API_TOKEN = "[VALUE_FROM_DEFECTDOJO_API]"
+     set DD_IMPORTER_DEFECTDOJO_URL=”[e.g. http://localhost:8080/defectdojo]”
+     ```
+   - **Permanent:**
+     ```cmd
+     setx DD_IMPORTER_DOJO_API_TOKEN = "[VALUE_FROM_DEFECTDOJO_API]"
+     setx DD_IMPORTER_DEFECTDOJO_URL=”[e.g. http://localhost:8080/defectdojo]”
+     ```
+
+### Using Windows Settings (Non-Administrative Accounts)
+1. Press `Win + I` to open the system settings dialog.
+2. In the search box, type "environment".
+3. Choose "Edit Environment variables for your account".
+4. Under "User variables for [username]", click the "New…" button.
+5. Set the variable:
+   - **Variable name:** `DD_IMPORTER_DOJO_API_TOKEN`
+   - **Variable value:** `[VALUE_FROM_DEFECTDOJO_API]`
+6. Click "OK".
+7. Repeat steps 4 through 6 for the DD_IMPORTER_DEFECTDOJO_URL variable
+8. Restart any open command windows.
+9. Verify the settings:
+   ```cmd
+   echo %DD_IMPORTER_DOJO_API_TOKEN%
+   echo %DD_IMPORTER_DEFECTDOJO_URL%
+   ```
+
 ## DefectDojo-CLI
 
 `defectdojo-cli` seamlessly integrates scan results into DefectDojo, streamlining the import and reimport processes of Findings and associated objects. Designed for ease of use, the tool supports various endpoints, catering to both initial imports and subsequent reimports — ideal for users requiring robust and flexible interaction with the DefectDojo API. DefectDojo-CLI can perform the same functions as `universal-importer`, and adds export functionality for Findings.

docs/content/en/connecting_your_tools/import_scan_files/_index.md

@@ -14,4 +14,5 @@ seo:
   description: "" # custom description (recommended)
   canonical: "" # custom canonical URL (optional)
   robots: "" # custom robot tags (optional)
+exclude_search: true
 ---

docs/content/en/connecting_your_tools/parsers/_index.md

@@ -5,4 +5,5 @@ draft: false
 weight: 5
 sidebar:
   collapsed: true
+exclude_search: true
 ---

docs/content/en/connecting_your_tools/parsers/api/_index.md

@@ -5,6 +5,7 @@ weight: 3
 chapter: true
 sidebar:
   collapsed: true
+exclude_search: true
 ---
 All parsers that use API pull have common basic configuration steps, but with different values.
 

docs/content/en/connecting_your_tools/parsers/file/_index.md

@@ -5,4 +5,5 @@ weight: 2
 chapter: true
 sidebar:
   collapsed: true
+exclude_search: true
 ---