Merge pull request #12674 from DefectDojo/release/2.47.3

Release: Merge release into master from: release/2.47.3

Author: Maffooch

.github/pull_request_template.md

@@ -1,12 +1,12 @@
-## :warning: Note on feature completeness :warning:
+## :warning: Pre-Approval check :warning:
 
-We are narrowing the scope of acceptable enhancements to DefectDojo in preparation for v3. Learn more here:
-https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md
+We don't want to waste your time, so if you're unsure whether your hypothetical enhancement meets the criteria for approval, please file an issue to get pre-approval before beginning work on a PR.
+Learn more here: https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md#submission-pre-approval
 
 **Description**
 
 Describe the feature / bug fix implemented by this PR.
-If this is a new parser, [the parser guide](https://documentation.defectdojo.com/contributing/how-to-write-a-parser/) may be worth (re)reading.
+If this is a new parser, [the parser guide](https://docs.defectdojo.com/en/open_source/contributing/how-to-write-a-parser/) may be worth (re)reading.
 
 **Test results**
 

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.47.2",
+  "version": "2.47.3",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docs/assets/images/pro_risk_example.png

@@ -6,7 +6,7 @@ weight: 2
 chapter: true
 ---
 
-This article is based on DefectDojo Inc's February Office Hours: "Tackling Common-Use Cases".
+This article is based on DefectDojo Inc's February 2025 Office Hours: "Tackling Common-Use Cases".
 <iframe width="560" height="315" src="https://www.youtube.com/embed/44vv-KspHBs?si=ilRBlfo-wvX5DPVg" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
 
 ## Examples of Use-Cases

docs/content/en/about_defectdojo/examples_of_use.md

@@ -17,6 +17,10 @@ See our [Pro UI Guide](../ui_pro_vs_os) for more information.
 
 ![image](images/enabling_deduplication_within_an_engagement_2.png)
 
+### Finding Priority
+DefectDojo Pro can pre-triage your Findings by Priority and Risk, allowing your team to identify and fix your most critical issues first.
+See our [Finding Priority Guide](/en/working_with_findings/finding_priority/) for more details.
+
 ### Rules Engine
 DefectDojo Pro's Rules Engine allows you to set up a script of automated bulk actions - no programming experience required.
 Build custom workflows and bulk actions to handle Findings and other objects.  
@@ -28,7 +32,7 @@ See our [Rules Engine Guide](/en/customize_dojo/rules_engine) for more info.
 Generate [instant reports and metrics](../ui_pro_vs_os/#new-dashboards) to share the security posture of your apps and repos.  Evaluate your security tools and your team's performance in addressing security issues.
 
 ### Deduplication Tuning
-Fine-tune how DefectDojo identifies and manages duplicate findings with advanced deduplication settings. Adjust same-tool, cross-tool, and reimport deduplication for precision matching between all your chosen security tools and vulnerability findings.
+Fine-tune how DefectDojo identifies and manages duplicate findings with advanced deduplication settings. Adjust same-tool, **cross-tool**, and reimport deduplication for precision matching between all your chosen security tools and vulnerability findings.
 See our [Deduplication Tuning Guide](/en/working_with_findings/finding_deduplication/tune_deduplication/) for more information.
 
 ![image](images/deduplication_tuning.png)

docs/content/en/about_defectdojo/pro_features.md

@@ -623,11 +623,11 @@ Use the import command to import new findings into DefectDojo.
 #### Usage
 
 ```
-defectdojo-cli [global options] import <required flags> [optional flags]
-	or: defectdojo-cli [global options] import  --config ./config-file-path
-	or: defectdojo-cli import [-h | --help]
-	or: defectdojo-cli import example [subcommand options]
-	or: defectdojo-cli import example [-h | --help]
+universal-importer [global options] import <required flags> [optional flags]
+	or: universal-importer [global options] import  --config ./config-file-path
+	or: universal-importer import [-h | --help]
+	or: universal-importer import example [subcommand options]
+	or: universal-importer import example [-h | --help]
 
 >> The API token must be set in the environment variable `DD_IMPORTER_DOJO_API_TOKEN`.
 ```
@@ -657,13 +657,13 @@ You can use `deduplication-on-engagement` to restrict deduplication for imported
 **Import Basic syntax:**
 
 ```
-defectdojo-cli import [options]
+universal-importer import [options]
 ```
 
 #### **Import Example:**
 
 ```
-defectdojo-cli import \
+universal-importer import \
 --defectdojo-url "https://YOUR_INSTANCE.cloud.defectdojo.com/" \
 --scan-type "burp scan" \
 --report-path "./examples/burp_findings.xml" \
@@ -772,19 +772,19 @@ You can use `deduplication-on-engagement` to restrict deduplication for imported
 #### Usage
 
 ```
-defectdojo-cli [global options] reimport <required flags> [optional flags]
-   or: defectdojo-cli [global options] reimport  --config ./config-file-path
-   or: defectdojo-cli reimport [-h | --help]
-   or: defectdojo-cli reimport example [subcommand options]
-   or: defectdojo-cli reimport example [-h | --help]
+universal-importer [global options] reimport <required flags> [optional flags]
+   or: universal-importer [global options] reimport  --config ./config-file-path
+   or: universal-importer reimport [-h | --help]
+   or: universal-importer reimport example [subcommand options]
+   or: universal-importer reimport example [-h | --help]
 
 >> The API token must be set in the environment variable `DD_IMPORTER_DOJO_API_TOKEN`.
 ```
 
 #### **Reimport Example:**
 
 ```
-defectdojo-cli reimport \
+universal-importer reimport \
 --defectdojo-url "https://YOUR_INSTANCE.cloud.defectdojo.com/" \
 --scan-type "Nancy Scan" \
 --report-path "./examples/nancy_findings.json" \
@@ -873,9 +873,9 @@ Interactive mode allows you to configure import and reimport process, step-by-st
 #### Usage
 
 ```
-defectdojo-cli interactive
-	or: defectdojo-cli interactive  [--skip-intro] [--no-full-screen] [--log-path]
-	or: defectdojo-cli interactive [-h | --help]
+universal-importer interactive
+	or: universal-importer interactive  [--skip-intro] [--no-full-screen] [--log-path]
+	or: universal-importer interactive [-h | --help]
 ```
 
 #### Options

docs/content/en/connecting_your_tools/external_tools.md

@@ -4,7 +4,7 @@ toc_hide: true
 ---
 ### File Types
 DefectDojo parser accepts Burp Issue data as an .xml file.
-To parse an HTML file instead, use this method: https://documentation.defectdojo.com/integrations/parsers/file/burp_enterprise/
+To parse an HTML file instead, use this method: https://documentation.defectdojo.com/integrations/parsers/file/burp_suite_dast/
 
 When the Burp report is generated, **the recommended option is Base64
 encoding both the request and response fields** - e.g. check the box

docs/content/en/connecting_your_tools/parsers/file/burp.md

@@ -1,8 +1,8 @@
 ---
-title: "Burp GraphQL"
+title: "Burp Suite DAST GraphQL"
 toc_hide: true
 ---
-Import the JSON data returned from the BurpSuite Enterprise GraphQL API. Append all the
+Import the JSON data returned from the BurpSuite DAST GraphQL API. Append all the
 issues returned to a list and save it as the value for the key "Issues". There is no need
 to filter duplicates, the parser will automatically combine issues with the same name.
 

docs/content/en/connecting_your_tools/parsers/file/burp_graphql.md

@@ -1,26 +1,26 @@
 ---
-title: "Burp Enterprise Scan"
+title: "Burp Suite DAST Scan (formerly known as Burp Enterprise)"
 toc_hide: true
 ---
 
 ## Overview
-The Burp Enterprise Scan parser processes HTML reports from Burp Enterprise Edition and imports the findings into DefectDojo. The parser extracts vulnerability details, severity ratings, descriptions, remediation steps, and other metadata from the HTML report.
+The Burp Suite DAST Scan parser processes HTML reports from Burp Suite DAST and imports the findings into DefectDojo. The parser extracts vulnerability details, severity ratings, descriptions, remediation steps, and other metadata from the HTML report.
 
 ## Supported File Types
 The parser accepts a Standard Report as an HTML file. To parse an XML file instead, use the [Burp XML parser](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/burp/).
 
-See the Burp documentation for information on how to export a Standard Report: [PortSwigger Enterprise Edition Downloading reports](https://portswigger.net/burp/documentation/enterprise/work-with-scan-results/generate-reports)
+See the Burp documentation for information on how to export a Standard Report: [Burp Suite DAST Downloading reports](https://portswigger.net/burp/documentation/dast/user-guide/work-with-scan-results/generate-reports)
 
 ## Standard Format HTML (Main Format)
 
 ### Total Fields in HTML
-- Total data fields in Burp Enterprise Scan HTML output: 15
+- Total data fields in Burp Suite DAST Scan HTML output: 15
 - Total data fields parsed into DefectDojo finding: 13
 - Total data fields NOT parsed: 2
 
 ### Standard Format Field Mapping Details
 
-| Data Field # | Burp Enterprise Scan Data Field | DefectDojo Finding Field | Parser Line # | Notes |
+| Data Field # | Burp Suite DAST Scan Data Field | DefectDojo Finding Field | Parser Line # | Notes |
 |-------------|--------------------------------|--------------------------|--------------|-------|
 | 1 | Title | title | 101, 165 | Extracted from issue container h2 element and table rows with "issue-type-row" class |
 | 2 | Severity | severity | 101, 168 | Extracted from table rows, mapped directly (High/Medium/Low/Info) |
@@ -39,7 +39,7 @@ See the Burp documentation for information on how to export a Standard Report: [
 | 15 | Issue ID/Anchor | Not Parsed | - | HTML anchor tags like "#7459896704422157312" are not extracted |
 
 ### Field Mapping Details
-The parser has different handling logic for various sections of the Burp Enterprise report:
+The parser has different handling logic for various sections of the Burp Suite DAST report:
 
 - For table content sections (using `table_contents_xpath`), the parser extracts:
   - Base endpoint from h1 elements (e.g., "https://instance.example.com")
@@ -101,7 +101,7 @@ This parser has special handling for different section types within the HTML rep
 - It extracts CWE numbers and vulnerability classifications from reference sections
 
 ### Sample Scan Data
-Sample Burp Enterprise Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/burp_enterprise).
+Sample Burp Suite DAST Scan scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/burp_suite_dast).
 
 ### Link to Tool
-[Burp Enterprise Edition](https://portswigger.net/burp/enterprise)
+[Burp Suite DAST](https://portswigger.net/burp/dast)

docs/content/en/connecting_your_tools/parsers/file/burp_enterprise.md renamed to docs/content/en/connecting_your_tools/parsers/file/burp_suite_dast.md

@@ -280,12 +280,7 @@ This ensures the file is closed at the end of the with statement, even if an exc
 
 ### Test database
 
-To test your unit tests locally, you first need to grant some rights. Get your MySQL root password from the docker compose logs, login as root and issue the following commands:
-
-{{< highlight mysql >}}
-MYSQL> grant all privileges on test_defectdojo.* to defectdojo@'%';
-MYSQL> flush privileges;
-{{< /highlight >}}
+Django uses a separate test database for running unit tests called `test_defectdojo`. It's automatically created and initialized with a basic set of test data.
 
 ### Run your tests