helm charts: merge master into helm-charts branch

.dryrunsecurity.yaml

@@ -0,0 +1,71 @@
+---
+sensitiveCodepaths:
+  - 'dojo/object/urls.py'
+  - 'dojo/object/views.py'
+  - 'dojo/announcement/*.py'
+  - 'dojo/api_v2/*.py'
+  - 'dojo/api_v2/**/*.py'
+  - 'dojo/authorization/*.py'
+  - 'dojo/db_migrations/*.py'
+  - 'dojo/endpoint/*.py'
+  - 'dojo/engagement/*.py'
+  - 'dojo/finding/*.py'
+  - 'dojo/finding_group/*.py'
+  - 'dojo/group/*.py'
+  - 'dojo/importers/*.py'
+  - 'dojo/importers/**/*.py'
+  - 'dojo/jira_link/*.py'
+  - 'dojo/metrics/*.py'
+  - 'dojo/note_type/*.py'
+  - 'dojo/notes/*.py'
+  - 'dojo/product/*.py'
+  - 'dojo/product_type/*.py'
+  - 'dojo/reports/*.py'
+  - 'dojo/risk_acceptance/*.py'
+  - 'dojo/search/*.py'
+  - 'dojo/templates/*.html'
+  - 'dojo/templates/**/*.html'
+  - 'dojo/templatetags/*.py'
+  - 'dojo/test/*.py'
+  - 'dojo/tool_config/*.py'
+  - 'dojo/tool_product/*.py'
+  - 'dojo/tool_type/*.py'
+  - 'dojo/user/*.py'
+  - 'dojo/apps.py'
+  - 'dojo/celery.py'
+  - 'dojo/context_processors.py'
+  - 'dojo/decorators.py'
+  - 'dojo/filters.py'
+  - 'dojo/forms.py'
+  - 'dojo/middleware.py'
+  - 'dojo/models.py'
+  - 'dojo/okta.py'
+  - 'dojo/pipeline.py'
+  - 'dojo/remote_user.py'
+  - 'dojo/tasks.py'
+  - 'dojo/urls.py'
+  - 'dojo/utils.py'
+  - 'dojo/views.py'
+  - 'dojo/wsgi.py'
+  - 'docker/environments/*.env'
+  - 'docker/extra_settings'
+  - 'docker/entrypoint-celery-beat.sh'
+  - 'docker/entrypoint-celery-worker.sh'
+  - 'docker/entrypoint-initializer.sh'
+  - 'docker/entrypoint-nginx.sh'
+  - 'docker/entrypoint-uwsgi.sh'
+  - 'docker/wait-for-it.sh'
+allowedAuthors:
+  usernames:
+    - mtesauro
+    - devGregA
+    - cneill
+    - Maffooch
+    - blakeaowens
+    - kiblik
+    - dsever
+    - dogboat
+    - hblankenship
+    - valentijnscholten
+notificationList:
+  - '@mtesauro'

.github/CODEOWNERS

@@ -0,0 +1,19 @@
+# Any kind of package updates only need 2 approvals,
+# So let's add three folks here
+requirements.txt @cneill @mtesauro @Maffooch
+# Any dockerfile or compose changes will need to be viewed by
+# these people
+Dockerfile.* @mtesauro @Maffooch 
+docker-compose.* @mtesauro @Maffooch 
+/docker/ @mtesauro @Maffooch 
+# Documentation changes 
+/docs/content/ @paulOsinski @valentijnscholten @Maffooch
+# Kubernetes should be reviewed by reviewed first by those that know it
+/helm/ @cneill @kiblik @Maffooch
+# Anything UI related needs to be checked out by those with the eye for it
+/dojo/static/ @blakeaowens @Maffooch
+/dojo/templates/ @blakeaowens @Maffooch
+# Any model changes should be closely looked at
+/dojo/models.py @Maffooch
+# All other code changes should be reviewed by someone
+* @Maffooch @mtesauro

.github/ISSUE_TEMPLATE/bug_report.md

@@ -7,7 +7,7 @@ assignees: ''
 
 ---
 **Slack us first!**
-The easiest and fastest way to help you is via Slack. There's a free and easy signup to join our #defectdojo channel in the OWASP Slack workspace: [Get Access.](https://owasp-slack.herokuapp.com/)
+The easiest and fastest way to help you is via Slack. There's a free and easy signup to join our #defectdojo channel in the OWASP Slack workspace: [Get Access.](https://owasp.org/slack/invite)
 If you're confident you've found a bug, or are allergic to Slack, you can submit an issue anyway.
 
 **Be informative**
@@ -33,10 +33,11 @@ A clear and concise description of what you expected to happen.
 
 **Environment information**
  - Operating System: [e.g. Ubuntu 18.04]
+ - Docker Compose or Helm version (Output of `docker compose version` or `helm version`)
  - DefectDojo version (see footer) or commit message: [use `git show -s --format="[%ci] %h: %s [%d]"`]
 
 **Logs** 
-Use `docker-compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
+Use `docker compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
 
 **Sample scan files**
 If applicable, add sample scan files to help reproduce your problem.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -6,6 +6,10 @@ labels: enhancement
 assignees: ''
 
 ---
+## :warning: Note on feature completeness :warning:
+
+We are narrowing the scope of acceptable enhancements to DefectDojo. Learn more here:
+https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md
 
 **Is your feature request related to a problem? Please describe**
 A clear and concise description of what the problem is.

.github/ISSUE_TEMPLATE/support_request.md

@@ -7,7 +7,7 @@ assignees: ''
 
 ---
 **Slack us first!**
-The easiest and fastest way to help you is via Slack. There's a free and easy signup to join our #defectdojo channel in the OWASP Slack workspace: [Get Access.](https://owasp-slack.herokuapp.com/)
+The easiest and fastest way to help you is via Slack. There's a free and easy signup to join our #defectdojo channel in the OWASP Slack workspace: [Get Access.](https://owasp.org/slack/invite)
 If you're confident you've found a bug, or are allergic to Slack, you can submit an issue anyway.
 
 **Be informative**
@@ -33,10 +33,11 @@ A clear and concise description of what you expected to happen.
 
 **Environment information**
  - Operating System: [e.g. Ubuntu 18.04]
+ - Docker Compose or Helm version (Output of `docker compose version` or `helm version`)
  - DefectDojo version (see footer) or commit message: [use `git show -s --format="[%ci] %h: %s [%d]"`]
 
 **Logs** 
-Use `docker-compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
+Use `docker compose logs` (or similar, depending on your deployment method) to get the logs and add the relevant sections here showing the error occurring (if applicable).
 
 **Sample scan files**
 If applicable, add sample scan files to help reproduce your problem.

.github/dependabot.yml

@@ -11,6 +11,8 @@ updates:
     versions:
     - ">= 5.a"
     - "< 6"
+  - dependency-name: boto3
+    update-types: ["version-update:semver-minor"]
 - package-ecosystem: npm
   directory: "/components"
   schedule:
@@ -62,10 +64,3 @@ updates:
     versions:
     - ">= 4.a"
     - "< 5"
-- package-ecosystem: docker
-  directory: "/"
-  schedule:
-    interval: weekly
-  open-pull-requests-limit: 10
-  target-branch: dev
-

.github/labeler.yml

@@ -1,35 +1,72 @@
+---
 docs:
-- docs/**/*
-- readme-docs/**/*
+  - changed-files:
+    - any-glob-to-any-file:
+      - docs/**/*
+      - readme-docs/**/*
 
 docker:
-- docker/**/*
-- docker**
-- Docker*
+  - changed-files:
+    - any-glob-to-any-file:
+      - docker/**/*
+      - docker**
+      - Docker*
 
 helm:
-- helm/defectdojo/*
-- helm/defectdojo/**/*
+  - changed-files:
+    - any-glob-to-any-file:
+      - helm/defectdojo/*
+      - helm/defectdojo/**/*
 
 "New Migration":
-- dojo/db_migrations/*
+  - changed-files:
+    - any-glob-to-any-file:
+      - dojo/db_migrations/*
 
 unittests:
-- unittests/**/*
+  - changed-files:
+    - any-glob-to-any-file:
+      - unittests/**/*
 
 integration_tests:
-- tests/**/*
+  - changed-files:
+    - any-glob-to-any-file:
+      - tests/**/*
 
 settings_changes:
-- dojo/settings/settings.dist.py
+  - changed-files:
+    - any-glob-to-any-file:
+      - dojo/settings/settings.dist.py
 
 apiv2:
-- dojo/api_v2/**/*
+  - changed-files:
+    - any-glob-to-any-file:
+      - dojo/api_v2/**/*
 
 ui:
-  - dojo/static/**/*
-  - dojo/templates/**/*
-  - dojo/templatetags/**/*
+  - changed-files:
+    - any-glob-to-any-file:
+      - dojo/static/**/*
+      - dojo/templates/**/*
+      - dojo/templatetags/**/*
 
 parser:
-  - dojo/tools/**/*
+  - changed-files:
+    - any-glob-to-any-file:
+      - dojo/tools/**/*
+
+localization:
+  - changed-files:
+    - any-glob-to-any-file:
+      - dojo/locale/*
+      - dojo/locale/**/*
+
+lint:
+  - changed-files:
+    - any-glob-to-any-file:
+      - ruff.toml
+
+gha:
+  - changed-files:
+    - any-glob-to-any-file:
+      - .github/workflows

.github/pull_request_template.md

@@ -0,0 +1,86 @@
+## :warning: Pre-Approval check :warning:
+
+We don't want to waste your time, so if you're unsure whether your hypothetical enhancement meets the criteria for approval, please file an issue to get pre-approval before beginning work on a PR.
+Learn more here: https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md#submission-pre-approval
+
+**Description**
+
+Describe the feature / bug fix implemented by this PR.
+If this is a new parser, [the parser guide](https://docs.defectdojo.com/en/open_source/contributing/how-to-write-a-parser/) may be worth (re)reading.
+
+**Test results**
+
+Ideally you extend the test suite in `tests/` and `dojo/unittests` to cover the changed in this PR.
+Alternatively, describe what you have and haven't tested.
+
+**Documentation**
+
+Please update any documentation when needed in the [documentation folder](https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs))
+
+**Checklist**
+
+This checklist is for your information.
+
+- [ ] Make sure to rebase your PR against the very latest `dev`.
+- [ ] Features/Changes should be submitted against the `dev`.
+- [ ] Bugfixes should be submitted against the `bugfix` branch.
+- [ ] Give a meaningful name to your PR, as it may end up being used in the release notes.
+- [ ] Your code is flake8 compliant.
+- [ ] Your code is python 3.13 compliant.
+- [ ] If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
+- [ ] Model changes must include the necessary migrations in the dojo/db_migrations folder.
+- [ ] Add applicable tests to the unit tests.
+- [ ] Add the proper label to categorize your PR.
+
+**Extra information**
+
+Please clear everything below when submitting your pull request, it's here purely for your information.
+
+Moderators: Labels currently accepted for PRs:
+- Import Scans (for new scanners/importers)
+- enhancement
+- performance
+- feature
+- bugfix
+- maintenance (a.k.a chores)
+- dependencies
+- New Migration (when the PR introduces a DB migration)
+- settings_changes (when the PR introduces changes or new settings in settings.dist.py)
+
+# Contributors: Git Tips
+## Rebase on dev branch
+If the dev branch has changed since you started working on it, please rebase your work after the current dev.
+
+On your working branch `mybranch`:
+```
+git rebase dev mybranch
+```
+In case of conflict:
+```
+ git mergetool
+ git rebase --continue
+ ```
+
+When everything's fine on your local branch, force push to your `myOrigin` remote:
+```
+git push myOrigin --force-with-lease
+```
+
+To cancel everything:
+```
+git rebase --abort
+```
+
+
+## Squashing commits
+```
+git rebase -i origin/dev
+```
+- Replace `pick` by `fixup` on the commits you want squashed out
+- Replace `pick` by `reword` on the first commit if you want to change the commit message
+- Save the file and quit your editor
+
+Force push to your `myOrigin` remote:
+```
+git push myOrigin --force-with-lease
+```

.github/release-drafter.yml

@@ -1,7 +1,9 @@
-name-template: '$NEXT_MINOR_VERSION 🌈'
-tag-template: '$NEXT_MINOR_VERSION'
+name-template: '$RESOLVED_VERSION 🌈'
+tag-template: '$RESOLVED_VERSION'
+
 branches:
   - master
+
 categories:
   - title: '💣 Breaking changes'
     labels:
@@ -35,17 +37,37 @@ categories:
       - 'bug'
   - title: 📝 Documentation updates
     label: 'documentation'
+  - title: '🖌 Updates in UI'
+    label: 'ui'
+  - title: '🗣 Updates in localization'
+    label: 'localization'
+  - title: '🔧 Improved code quality with linters'
+    label: 'lint'
+  - title: '⚙️ Improvemets of GitHub Actions'
+    label: 'gha'
   - title: '🧰 Maintenance'
+    collapse-after: 3
     labels:
       - 'dependencies'
       - 'maintenance'
-  - title: '🖌 Updates in UI'
-    label: 'ui'
 exclude-labels:
-  - 'skip-changelog'      
+  - 'skip-changelog'
+
 change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
 template: |
-  Please consult the [Upgrade notes in the documentation ](https://defectdojo.github.io/django-DefectDojo/getting_started/upgrading/) for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
-  
+  Please consult the [Upgrade notes in the documentation ](https://docs.defectdojo.com/en/open_source/upgrading/upgrading_guide/) for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
+
   ## Changes since $PREVIOUS_TAG
   $CHANGES
+
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+  patch:
+    labels:
+      - 'patch'
+  default: patch