Merge pull request #11980 from DefectDojo/release/2.44.1

Release: Merge release into master from: release/2.44.1

Author: rossops

README.md

@@ -95,10 +95,10 @@ Navigate to `http://localhost:8080` to see your new instance!
 
 ## Community, Getting Involved, and Updates
 
-[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/slack-logo-icon.png" alt="Slack" height="50"/>](https://owasp.org/slack/invite)
-[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/Linkedin-logo-icon-png.png" alt="LinkedIn" height="50"/>](https://www.linkedin.com/company/defectdojo)
-[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/Twitter_Logo.png" alt="Twitter" height="50"/>](https://twitter.com/defectdojo)
-[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/static/images/YouTube-Emblem.png" alt="Youtube" height="50"/>](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ)
+[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/slack-logo-icon.png" alt="Slack" height="50"/>](https://owasp.org/slack/invite)
+[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/Linkedin-logo-icon-png.png" alt="LinkedIn" height="50"/>](https://www.linkedin.com/company/defectdojo)
+[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/Twitter_Logo.png" alt="Twitter" height="50"/>](https://twitter.com/defectdojo)
+[<img src="https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/dev/docs/assets/images/YouTube-Emblem.png" alt="Youtube" height="50"/>](https://www.youtube.com/channel/UCWw9qzqptiIvTqSqhOFuCuQ)
 
 [Join the OWASP Slack community](https://owasp.org/slack/invite) and participate in the discussion! You can find us in
 our channel there, [#defectdojo](https://owasp.slack.com/channels/defectdojo). Follow DefectDojo on

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.44.0",
+  "version": "2.44.1",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docs/assets/scss/common/_custom.scss

@@ -4,7 +4,7 @@
     font-family: 'Worksans';
     font-style: normal;
     font-weight: 400;
-    src: url('/fonts/workssans/work-sans-v19-latin-regular.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
+    src: url('/fonts/worksans/work-sans-v19-latin-regular.woff2') format('woff2'); /* Chrome 36+, Opera 23+, Firefox 39+, Safari 12+, iOS 10+ */
   }
   /* work-sans-500 - latin */
   @font-face {

docs/config/_default/menus/menus.en.toml

@@ -1,22 +1,33 @@
 [[main]]
-  name = "Docs"
+  name = "Docs Home"
   url = "/en/about_defectdojo/about_docs/"
   weight = 10
 
 [[main]]
-  name = "Changelog"
-  url = "/en/changelog/changelog/"
+  name = "Supported Tools"
+  url = "/en/connecting_your_tools/parsers/"
   weight = 11
 
 [[main]]
   name = "Pro Features"
   url = "/en/about_defectdojo/pro_features"
-  weight = 11
+  weight = 12
+
+[[main]]
+  name = "Changelog"
+  url = "/en/changelog/changelog/"
+  weight = 13
 
 [[main]]
   name = "Support"
   url = "/en/about_defectdojo/contact_defectdojo_support"
-  weight = 11
+  weight = 14
+
+[[social]]
+  name = "YouTube"
+  pre = '<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-youtube" viewBox="0 0 16 16"><path d="M8.051 1.999h.089c.822.003 4.987.033 6.11.335a2.01 2.01 0 0 1 1.415 1.42c.101.38.172.883.22 1.402l.01.104.022.26.008.104c.065.914.073 1.77.074 1.957v.075c-.001.194-.01 1.108-.082 2.06l-.008.105-.009.104c-.05.572-.124 1.14-.235 1.558a2.01 2.01 0 0 1-1.415 1.42c-1.16.312-5.569.334-6.18.335h-.142c-.309 0-1.587-.006-2.927-.052l-.17-.006-.087-.004-.171-.007-.171-.007c-1.11-.049-2.167-.128-2.654-.26a2.01 2.01 0 0 1-1.415-1.419c-.111-.417-.185-.986-.235-1.558L.09 9.82l-.008-.104A31 31 0 0 1 0 7.68v-.123c.002-.215.01-.958.064-1.778l.007-.103.003-.052.008-.104.022-.26.01-.104c.048-.519.119-1.023.22-1.402a2.01 2.01 0 0 1 1.415-1.42c.487-.13 1.544-.21 2.654-.26l.17-.007.172-.006.086-.003.171-.007A100 100 0 0 1 7.858 2zM6.4 5.209v4.818l4.157-2.408z"/></svg>'
+  url = "https://www.youtube.com/@defectdojo"
+  weight = 9
 
 [[social]]
   name = "X"

docs/content/en/about_defectdojo/about_docs.md

@@ -3,60 +3,92 @@ title: "About Our Documentation"
 date: 2021-02-02T20:46:29+01:00
 draft: false
 type: docs
-
 weight: 1
-
-cascade:
-- type: "blog"
-  # set to false to include a blog section in the section nav along with docs
-  toc_root: true
-  _target:
-    path: "/blog/**"
-- type: "docs"
-  _target:
-    path: "/**"
 ---
 
 ![image](images/dashboard.png)
 
+
 <span style="background-color:rgba(242, 86, 29, 0.3)">DefectDojo Inc. and open-source contributors maintain this documentation to support both the Community and Pro editions of DefectDojo.</span>
 
-### What is DefectDojo?
+## What is DefectDojo?
+
+DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools.
 
-DefectDojo is a DevSecOps platform. DefectDojo streamlines DevSecOps by serving as an aggregator and single pane of glass for your security tools. DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates. DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management.
+DefectDojo has smart features to enhance and tune the results from your security tools including the ability to merge findings, remember false positives, and distill duplicates. 
+
+DefectDojo also integrates with JIRA, provides metrics / reports, and can also be used for traditional pen test management.
 
 ### What does DefectDojo do?
 
-While automation and efficiency are the ultimate end goals, DefectDojo is
-a bug tracker at its core for vulnerabilities. Taking advantage of DefectDojo's
-Product:Engagement model, enables traceability among multiple projects
-/ test cycles, and allows for fine-grained reporting.
+Whether you're a one-person security team for a small organization, or a CISO overseeing a large amount of software projects, DefectDojo allows you to organize your security work, and easily report your organization's security posture to other stakeholders.
+
+While security process automation and integrated development pipelines are the ultimate end goals of DefectDojo, this software is a bug tracker at its core for security vulnerabilities, which is meant to ingest, organize and standardize reports from many security tools. 
+
+DefectDojo's Product:Engagement model enables allows you to take inventory of your development environment and immediately place new security Findings in context.
+
+- Track and report on vulnerabilities and test results across repositories and development branches, using CI/CD integration
+- Ingest Pen tester reports and capture point-in-time snapshots of your security profile
+- Create and track Risk Acceptances for security vulnerabilities
+- Set and enforce SLAs to reflect your organization's policies for vulnerability remediation
+- Filter out redundant data using DefectDojo's deduplication algorithm
+
+---
+Here are some examples of ways DefectDojo can be implemented, with DefectDojo co-founder and CTO Matt Tesauro:
+<iframe width="560" height="315" src="https://www.youtube.com/embed/44vv-KspHBs?si=OwfGHs2VTQ886-FB" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+
+---
+
 
 ### How does DefectDojo work?
 
-1. [Installation](../../open_source/installation/) covers how to install and configure DefectDojo.
-2. [New User Checklist](../new_user_checklist) covers how to use DefectDojo to manage vulnerabilities.
-3. We support a large amount of [integrations](../../connecting_your_tools/parsers/) to help fit DefectDojo in your DevSecOps program.
+Whether you're a Pro or an Open-Source user, we have many resources that can help you get started with DefectDojo.
+
+- Our [New User Checklist](../new_user_checklist) covers the fundamentals of setting up your DefectDojo environment and setting up your import, triage and reporting workflows.
 
-### Where to find DefectDojo?
+- We support a large amount of [security tool integrations](/en/connecting_your_tools/parsers/) to help fit DefectDojo in your DevSecOps program.
 
-The open-source edition is [available on
-GitHub](https://github.com/DefectDojo/django-DefectDojo).
+- Our team maintains a [YouTube Channel](https://www.youtube.com/@defectdojo) which hosts tutorials, archived Office Hours events and other content. New subscribers are always welcome!
 
-A running example is available on [our demo server](https://demo.defectdojo.org),
-using the credentials `admin` / `1Defectdojo@demo#appsec`. Note: The demo
-server is refreshed regularly and provisioned with some sample data.
+## Open-Source DefectDojo
 
-### DefectDojo Pro
+The Open-Source edition of DefectDojo is [available on GitHub](https://github.com/DefectDojo/django-DefectDojo).
 
-DefectDojo Inc. hosts a commercial edition of this software, which includes: 
-- additional features, smart features and UI improvements 
+### Installation Guides
+
+There are a few supported ways to install DefectDojo's Open Source edition:
+
+- [Docker Compose](https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/DOCKER.md) is the easiest method to install the core program and services required to run DefectDojo.
+- [Kubernetes](https://github.com/DefectDojo/django-DefectDojo/blob/dev/readme-docs/KUBERNETES.md) is not fully supported at the Open-Source level, but this guide can be referenced and used as a **starting point** to integrate DefectDojo into Kubernetes architecture.
+
+Other guides for working with an Open-Source install:
+- [Architecture](/en/open_source/installation/architecture/) gives you an overview of each service and component used by DefectDojo.
+- [Running In Production](/en/open_source/installation/running-in-production/) provides system requirements, performance tweaks and maintenance processes for running DefectDojo on a production server.  Note that this guide strictly covers Docker Compose installs, not Kubernetes.
+
+If you run into trouble with an Open Source install, we highly recommend asking questions on the [OWASP Slack](https://owasp.org/slack/invite). Our community members are active on the **# defectdojo** channel and can help you with issues you’re facing.
+
+### Online Demo
+
+A running example of DefectDojo (Open-Source Edition) is available on [our demo server](https://demo.defectdojo.org), using the credentials `admin` / `1Defectdojo@demo#appsec`. The demo server is refreshed regularly and provisioned with some sample data.
+
+## 🟧 DefectDojo Pro Edition
+
+<iframe width="560" height="315" src="https://www.youtube.com/embed/XUES0mCCGOI?si=2GEnd1iHlLcQE0R3" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+
+---
+
+DefectDojo Inc. hosts a commercial edition of this software, which includes:
+
+- [additional features](../pro_features), smart features and UI improvements 
 - cloud hosting, with regular backups, updates and maintenance
 - premium support and implementation guidance
 
-For more information, please visit [defectdojo.com](https://defectdojo.com/pricing).
+For more information, check out our Pricing page at [defectdojo.com](https://defectdojo.com/pricing).  After filling out a quick survey to assess your organization's needs we'll provide you with a custom quote for DefectDojo.
+
+DefectDojo Pro edition is available as a cloud-hosted SaaS offering but is also available for installation on-premises.
 
-DefectDojo Inc. maintains this documentation to support both the Community and Pro editions of DefectDojo.
+### Connect With Us
 
-Follow DefectDojo Inc. on [LinkedIn](https://www.linkedin.com/company/33245534) for updates.
-To get in touch with us, please reach out to info@defectdojo.com
+* To get in touch with our team, you can always reach out to **info@defectdojo.com**.
+* Follow DefectDojo Inc. on [LinkedIn](https://www.linkedin.com/company/33245534) for company updates.
+* DefectDojo hosts online presentations for AppSec professionals that can be accessed live or on demand - check us out on our [Events page](https://defectdojo.com/events). Many of these are also available on our [YouTube Channel](https://www.youtube.com/@defectdojo).

docs/content/en/about_defectdojo/new_user_checklist.md

@@ -14,14 +14,14 @@ Here's a quick reference you can use to ensure successful implementation - from
 
 2. Now that you have data in DefectDojo, learn more about how to organize it with the [Product Hierarchy Overview](/en/working_with_findings/organizing_engagements_tests/product_hierarchy). The Product Hierarchy creates a working inventory of your apps, which helps you divide your data up into logical categories. These categories can be used to apply access control rules, or to segement your reports to the correct team.
 
-3. Try [creating a Report](/en/pro_reports/using_the_report_builder/) to summarize the data you've imported.  Reports can be used to quickly share Findings with stakeholders such as Product Owners.
+3. Try [creating a Report](/en/share_your_findings/pro_reports/using_the_report_builder/) to summarize the data you've imported.  Reports can be used to quickly share Findings with stakeholders such as Product Owners.
 
 This is the essence of DefectDojo - import security data, organize it, and present it to the folks who need to know. 
 
 All of these features can be automated, and because DefectDojo can handle over 190 tools (at time of writing) you should be all set to create a functional security inventory of your entire organizational output.
 
 ### Other guides
 
-- Does your organization use Jira? Learn how to use our [Jira integration](/en/jira_integration/connect_to_jira) to create Jira tickets from the data you ingest.
-- Are you expecting to share DefectDojo with many users in your organization? Check out our guides to [user management](/en/user_management/about_perms_and_roles/) and set up role-based access control (RBAC).
+- Does your organization use Jira? Learn how to use our [Jira integration](/en/share_your_findings/jira_integration/connect_to_jira) to create Jira tickets from the data you ingest.
+- Are you expecting to share DefectDojo with many users in your organization? Check out our guides to [user management](/en/customize_dojo/user_management/about_perms_and_roles/) and set up role-based access control (RBAC).
 - Ready to dive into automation? Learn how to use the [DefectDojo API](/en/connecting_your_tools/import_scan_files/api_pipeline_modelling) to automatically import new data, and build a robust CI / CD pipeline.

docs/content/en/changelog/changelog.md

@@ -6,7 +6,7 @@ exclude_search: true
 
 Here are the release notes for **DefectDojo Pro (Cloud Version)**. These release notes are focused on UX, so will not include all code changes.
 
-For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](../../open_source/upgrading/upgrading_guide).
+For Open Source release notes, please see the [Releases page on GitHub](https://github.com/DefectDojo/django-DefectDojo/releases), or alternatively consult the Open Source [upgrade notes](/en/open_source/upgrading/upgrading_guide/).
 
 ## Mar 2025: v2.44
 
@@ -241,7 +241,7 @@ configuration fields.
 - **(API)**  It is now possible to prefetch a Finding with attached files via API.
 - **(Login)**  A new "Forgot Username" link has been added to the login form.  The link will navigate to a page which requests the user's email address. The username will be sent to that address if it exists.
 - **Risk Acceptances**  Notes are now added to Findings when they are removed from Risk Acceptances.
-- **(Risk Acceptance)**  Risk Acceptance overhaul. Feature has been extended with new functions.  See [Risk Acceptance documentation](../working_with_findings/risk-acceptances) for more details.
+- **(Risk Acceptance)**  Risk Acceptance overhaul. Feature has been extended with new functions.  See [Risk Acceptance documentation](/en/working_with_findings/findings_workflows/risk_acceptances/) for more details.
 - **Tools**  Qualys HackerGuardian parser added.
 - **Tools**  Semgrep Parser updated with new severity mappings. HackerOne parser updated and now supports bug bounty reports.
 - **Tools**  fixed an issue where certain tools would not process asyncronously: Whitehat_Sentinel, SSLyze, SSLscan, Qualys_Webapp, Mend, Intsights, H1, and Blackduck.

docs/content/en/cloud_management/using-cloud-manager.md

@@ -9,7 +9,7 @@ Logging into DefectDojo's Cloud Manager allows you to configure your account set
 ## **New Subscription**
 <https://cloud.defectdojo.com/accounts/onboarding/step_1>
 
-This page allows you to request a [new, or additional Cloud instance](../set-up-an-additional-cloud-instance) from DefectDojo. 
+This page allows you to request a new, [or additional](../additional-cloud-instance/) Cloud instance from DefectDojo. 
 
 ## **Manage Subscriptions**
 <https://cloud.defectdojo.com/accounts/manage_subscriptions>

docs/content/en/connecting_your_tools/connectors/about_connectors.md

@@ -43,7 +43,7 @@ If you're using DefectDojo's **Auto\-Map** settings, you can have your first Con
 
 1. Set up a [Connector](../add_edit_connectors/) from a supported tool.
 2. [Discover](../manage_operations/#discover-operations) your tool's data hierarchy.
-3. [Sync](../operations_sync/#sync-operations) the vulnerabilities found with your tool into DefectDojo.
+3. [Sync](../manage_operations/#sync-operations) the vulnerabilities found with your tool into DefectDojo.
 
 That's all, really! And remember, even if you create your Connector the 'easy' way, you can easily change the way things are set up later, without losing any of your work.
 

docs/content/en/connecting_your_tools/external_tools.md

@@ -9,7 +9,7 @@ weight: 2
 
 ## About External Tools
 
-`defectdojo-cli` and `universal-importer` are command-line tools designed to seamlessly upload scan results into DefectDojo. They streamline both the import and re-import processes of findings and associated objects. These tools are flexible and supports importing and re-importing scan results, making it ideal for users who need robust interaction with the DefectDojo API.
+`defectdojo-cli` and `universal-importer` are command-line tools designed to seamlessly upload scan results into DefectDojo. They streamline both the import and re-import processes of findings and associated objects. These tools are flexible and support importing and re-importing scan results, making it ideal for users who want to quickly set up these interactions with the DefectDojo API.
 
 DefectDojo-CLI has the same functionality as Universal Importer, but also includes the ability to export Findings from DefectDojo to JSON or CSV.