Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs Updates: CLI Tools / misc #11691

Merged
merged 5 commits into from
Jan 31, 2025
Merged

Docs Updates: CLI Tools / misc #11691

merged 5 commits into from
Jan 31, 2025

Conversation

paulOsinski
Copy link
Contributor

@paulOsinski paulOsinski commented Jan 29, 2025
edited
Loading

Docs updates:

[sc-9975]

@github-actions github-actions bot added the docs label Jan 29, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 29, 2025
edited
Loading

DryRun Security Summary

The pull request focuses on enhancing documentation and user experience for DefectDojo Pro features (Universal Importer and DefectDojo-CLI tools) by updating installation guides, configuration instructions, and troubleshooting information across multiple documentation files, while also improving Jira integration documentation and search functionality.

Expand for full summary

Summary:

The changes in this pull request are focused on improving the documentation and user experience for the "Universal Importer" and "DefectDojo-CLI" tools, which are part of the DefectDojo Pro features. The key changes include:

  1. Updating the documentation to clarify that these are Pro-only features and require a DefectDojo Pro license.
  2. Expanding the descriptions of the tools, their functionality, and the differences between them.
  3. Providing clear step-by-step instructions for installing, configuring, and using the tools, including details on various commands and options.
  4. Adding a troubleshooting section to address common issues.

From an application security perspective, these changes are aimed at enhancing the integration and management of security findings within the DefectDojo platform. The ability to import, reimport, and export findings can be valuable for maintaining a comprehensive view of an organization's security posture and tracking remediation efforts.

The key security considerations include ensuring the proper handling and protection of the API token, verifying the integrity of the downloaded binaries, reviewing the supported scan types and report formats, and monitoring the use of these tools to identify any potential anomalies or suspicious activity.

Files Changed:

  1. docs/content/en/share_your_findings/jira_integration/connect_to_jira.md: This file provides detailed and comprehensive instructions on how to connect a Jira instance to DefectDojo, covering various authentication methods, permissions, and Jira-specific configurations. The changes aim to improve the security and reliability of the Jira integration.

  2. docs/content/en/share_your_findings/jira_integration/troubleshooting_jira.md: This file addresses common issues and troubleshooting steps related to the Jira integration in DefectDojo, such as findings not appearing in Jira, Jira configuration errors, and issues with Jira Epics creation. The changes focus on improving the overall integration experience.

  3. docs/assets/js/flexsearch.js: This file implements the search functionality for the Thulite website using the FlexSearch library. The changes do not introduce any immediate security concerns, but it's important to ensure proper input validation, sensitive data exposure, caching, and accessibility considerations.

  4. docs/content/en/connecting_your_tools/external_tools.md: This file has been updated to improve the documentation and user experience for the "Universal Importer" and "DefectDojo-CLI" tools, which are part of the DefectDojo Pro features. The changes focus on providing clear installation, configuration, and usage instructions, as well as addressing common troubleshooting issues.

Code Analysis

We ran 9 analyzers against 5 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The documentation updates enhance the Jira integration troubleshooting guide and expand information about External Tools (Universal Importer & DefectDojo-CLI) in the DefectDojo application, improving user experience and integration capabilities without introducing security concerns.

Expand for full summary

Summary:

The provided code changes are updates to the documentation for the DefectDojo application, focusing on the Jira integration and the External Tools (Universal Importer & DefectDojo-CLI) features.

The Jira integration documentation update covers troubleshooting common issues, such as Jira Epics not being created due to changes in the Jira custom field configuration. The documentation provides steps to resolve these issues, which is important for security teams to effectively manage and track security vulnerabilities across the software development lifecycle.

The External Tools documentation update enhances the information on the Universal Importer and DefectDojo-CLI tools, which are DefectDojo Pro-only features. The changes include more detailed descriptions of the tools' capabilities, installation and configuration instructions, and guidance on common troubleshooting steps.

Overall, these documentation updates are focused on improving the user experience and the integration capabilities of the DefectDojo application, which is an open-source tool for managing and tracking security vulnerabilities. The changes do not introduce any direct security concerns, as they are primarily documentation updates.

Files Changed:

  1. docs/content/en/share_your_findings/jira_integration/troubleshooting_jira.md:

    • Provides guidance on troubleshooting issues with Jira Epics not being created due to changes in Jira custom field configuration.
    • Covers other common issues with the Jira integration, such as findings not appearing in Jira and Jira changes not updating findings in DefectDojo.

  2. docs/content/en/connecting_your_tools/external_tools.md:

    • Updates the title and description to better reflect the content on the Universal Importer and DefectDojo-CLI tools.
    • Expands the "About External Tools" section to provide more details on the capabilities of each tool.
    • Adds detailed installation, configuration, and usage instructions for both the Universal Importer and DefectDojo-CLI.
    • Includes a new "Export" section for the DefectDojo-CLI tool, explaining how to export findings from DefectDojo.
    • Adds a "Troubleshooting" section to provide guidance on common issues users may encounter.

Code Analysis

We ran 9 analyzers against 3 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

@paulOsinski paulOsinski changed the title Docsupdates 3 Docs Updates: CLI Tools / misc Jan 29, 2025
@Maffooch Maffooch merged commit bd2b3f1 into DefectDojo:master Jan 31, 2025
72 of 73 checks passed
runderwoodcr14 pushed a commit to runderwoodcr14/django-DefectDojo that referenced this pull request Feb 2, 2025
@paulOsinski
Docs Updates: CLI Tools / misc (DefectDojo#11691)
8c02e5a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grendel513 grendel513 grendel513 approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees
No one assigned
Labels
docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@paulOsinski @grendel513 @hblankenship @Maffooch @blakeaowens