Merge pull request #12087 from DefectDojo/master-into-dev/2.44.3-2.45.0-dev

Release: Merge back 2.44.3 into dev from: master-into-dev/2.44.3-2.45.0-dev

Author: rossops

.github/workflows/validate_docs_build.yml

@@ -0,0 +1,41 @@
+name: "Docs: Dry Run Production Deployment"
+
+on:
+  pull_request:
+    paths:
+      - 'docs/**'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup Hugo
+        uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
+        with:
+          hugo-version: '0.125.3'
+          extended: true
+
+      - name: Setup Node
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        with:
+          node-version: '22.14.0'
+
+      - name: Cache dependencies
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          submodules: recursive
+          fetch-depth: 0
+
+      - name: Test the build process
+        env:
+          HUGO_ENVIRONMENT: production
+          HUGO_ENV: production
+        run: cd docs && npm ci && hugo --minify --gc --config config/production/hugo.toml

docs/assets/images/odic.png renamed to docs/assets/images/oidc.png

@@ -3,7 +3,7 @@ baseurl = "http://localhost/"
 canonifyURLs = false
 disableAliases = true
 disableHugoGeneratorInject = true
-# disableKinds = ["taxonomy", "term"]
+disableKinds = ["taxonomy", "term"]
 enableEmoji = true
 enableGitInfo = false
 enableRobotsTXT = true

docs/assets/images/pro_permissions.png

@@ -14,9 +14,9 @@ For Open Source release notes, please see the [Releases page on GitHub](https://
 
 - **(Beta UI)** Added a field in the View Engagement page which allows a user to navigate to the linked Jira Epic, if one exists.
 - **(Universal Parser)** XML is now a supported file type for Universal Parser.
-- **(SSO)** SSO can now be set up with any kind of [OIDC Configuration](https://auth0.com/docs/authenticate/protocols/openid-connect-protocol).  See ODIC Settings in the Beta UI:
+- **(SSO)** SSO can now be set up with any kind of [OIDC Configuration](https://auth0.com/docs/authenticate/protocols/openid-connect-protocol).  See OIDC Settings in the Beta UI:
 
-![image](images/odic.png)
+![image](images/oidc.png)
 
 ### Mar 3, 2025: v2.44.0
 

docs/assets/images/pro_permissions_2.png

@@ -9,32 +9,7 @@ DefectDojo parser accepts a .json file.
 Using the [Anchore CLI](https://docs.anchore.com/current/docs/using/cli_usage/images/inspecting_image_content/) is the most reliable way to generate an Anchore report which DefectDojo can parse. When generating a report with the Anchore CLI, please use the following command to ensure complete data: `anchore-cli --json image vuln <image:tag> all`
 
 ### Acceptable JSON Format
-All properties are strings and are required by the parser.
-
-~~~
-
-{
-    "imageDigest": "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
-    "vulnerabilities": [
-        {
-            "feed": "example-feed",
-            "feed_group": "example-feed-group",
-            "fix": "1.2.4",
-            "package": "example-package",
-            "package_cpe": "cpe:2.3:a:*:example:1.2.3:*:*:*:*:*:*:*",
-            "package_name": "example-package-name",
-            "package_path": "path/to/package",
-            "package_type": "dpkg",
-            "package_version": "1.2.3",
-            "severity": "Medium",
-            "url": "https://example.com/cve/CVE-2011-3389",
-            "vuln": "CVE-2011-3389"
-        },
-      ...
-    ],
-    "vulnerability_type": "os"
-}
-~~~
+All properties are strings and are required by the parser. As the parser evolved, two anchore engine parser JSON formats are present till now. Both ([old](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_engine/many_vulns.json) / [new](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_engine/new_format_issue_11552.json)) are supported.
 
 ### Sample Scan Data
 Sample Anchore-Engine scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/anchore_engine).

docs/assets/images/view_history_ui.png

@@ -2,7 +2,37 @@
 title: "Aqua"
 toc_hide: true
 ---
-JSON report format.
+
+### File Types
+DefectDojo parser accepts JSON report format.
+
+See Aqua documention: https://docs.aquasec.com
+
+### CI/CD Scans
+Aqua scanning can be integrated with several types of third-party CI/CD systems. 
+
+If there is no plugin available for a particular development tool, Aqua can be integrated with the CI/CD pipeline using Scanner CLI.
+
+CI/CD scans produces JSON scan reports that are supported by the parser. With this kind of report, the parser is able to retrieve vulnerabilities as well as sensitive datas.
+
+### REST API
+
+You can also retrieve the JSON directly from Aqua if you use one of the following endpoint:
+
+-	`/api/v1/scanner/registry/<registryName>/image/<imageName>/scan_result`
+
+-	`/api/v2/risks/vulnerabilities`
+
+Example
+```
+curl -X GET <aquaseceurl>/api/v1/scanner/registry/<registryName>/image/<imageName>/scan_result > report.json
+```
+
+```
+curl -X GET <aquaseceurl>/api/v2/risks/vulnerabilities?show_negligible=true&image_name_exact_match=true&registry_name=<registryName>&image_name=<imageName> > report.json
+```
+
+Those JSON files will only list vulnerabilities. Thus, DefectDojo parser will not retrieve findings such as sensitive datas.
 
 ### Sample Scan Data
-Sample Aqua scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aqua).
+Sample Aqua scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/aqua).

docs/config/_default/hugo.toml

@@ -1,11 +1,13 @@
 ---
-title: "User permissions & Roles"
+title: "Permissions in DefectDojo"
 description: "Summary of all DefectDojo permission options, in detail"
-weight: 1
+weight: 2
 ---
 
 If you have a team of users working in DefectDojo, it's important to set up Role\-Based Access Control (RBAC) appropriately so that users can only access specific data. Security data is highly sensitive, and DefectDojo's options for access control allow you to be specific about each team member’s access to information.
 
+This article is an overview of how permissions in DefectDojo work.  If you would prefer to see a detailed breakdown of **each action** that can be controlled by Permissions, see our **[Permissions Chart](../user_permission_chart/)** article.
+
 ## Types of Permissions
 
 DefectDojo manages four different kinds of permissions: