[doc] various updates (#14484)

* implement lychee

* pass unit tests

* update contribution guidelines for docs

* [doc] close_old_findings diff between import types

* remove usage docs from open_source/archive

* move docs archive up a folder

* rules engine is pro only

* create a single notification_webhooks article

* mv remaining open_source articles

* chore: normalize line endings to LF per .gitattributes

* fix links

* remove redundant upgrade file

Author: paulOsinski

docs/content/admin/notifications/about_notifications.md

@@ -75,4 +75,4 @@ For more information about this behavior see the [related pull request #9699](ht
 
 ### Webhooks (experimental)
 
-DefectDojo also supports webhooks that follow the same events as other notifications (you can be notified in the same situations). Details about setup are described in [related page](/open_source/notification_webhooks/how_to).
+DefectDojo also supports webhooks that follow the same events as other notifications (you can be notified in the same situations). Details about setup are described in [the related page](/automation/api/notification_webhooks/).

docs/content/admin/sso/OS__ldap.md

@@ -0,0 +1,135 @@
+---
+title: "LDAP Authentication"
+description: "Authenticate users via LDAP by building custom Docker images"
+weight: 20
+audience: opensource
+aliases:
+  - /en/open_source/ldap-authentication
+---
+
+**This feature is experimental, and is not implemented in DefectDojo Pro**.
+
+DefectDojo does not support LDAP authentication out of the box. However, since DefectDojo is built on Django, LDAP can be added by building your own Docker images and modifying a small number of configuration files.
+
+## Files to Modify
+
+- `Dockerfile.django-*`
+- `Dockerfile.nginx-*`
+- `requirements.txt`
+- `local_settings.py`
+- `docker-compose.yml` *(optional — for passing secrets via environment variables)*
+
+## Dockerfile Modifications
+
+In both `Dockerfile.django-alpine` and `Dockerfile.nginx-alpine`, add the following to the `apk add` layer:
+
+```bash
+openldap-dev \
+cyrus-sasl-dev \
+```
+
+In `Dockerfile.django-debian`, add the following to the `apt-get install` layer:
+
+```bash
+libldap2-dev \
+libsasl2-dev \
+ldap-utils \
+```
+
+## requirements.txt
+
+Check [pypi.org](https://pypi.org) for the latest versions at the time of implementation, then add:
+
+```
+python-ldap==3.4.5
+django-auth-ldap==5.2.0
+```
+
+- [python-ldap](https://pypi.org/project/python-ldap/)
+- [django-auth-ldap](https://pypi.org/project/django-auth-ldap/)
+
+## local_settings.py
+
+Find the settings file (see `/dojo/settings/settings.py` for instructions on using `local_settings.py`) and make the following additions.
+
+At the top of the file:
+
+```python
+import ldap
+from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
+import environ
+```
+
+Add LDAP variables to the `env` dict:
+
+```python
+# LDAP
+env = environ.FileAwareEnv(
+    DD_LDAP_SERVER_URI=(str, 'ldap://ldap.example.com'),
+    DD_LDAP_BIND_DN=(str, ''),
+    DD_LDAP_BIND_PASSWORD=(str, ''),
+)
+```
+
+Then add the LDAP settings beneath the `env` dict:
+
+```python
+AUTH_LDAP_SERVER_URI = env('DD_LDAP_SERVER_URI')
+AUTH_LDAP_BIND_DN = env('DD_LDAP_BIND_DN')
+AUTH_LDAP_BIND_PASSWORD = env('DD_LDAP_BIND_PASSWORD')
+
+AUTH_LDAP_USER_SEARCH = LDAPSearch(
+    "ou=Groups,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
+)
+
+AUTH_LDAP_USER_ATTR_MAP = {
+    "first_name": "givenName",
+    "last_name": "sn",
+    "email": "mail",
+}
+```
+
+Customise all search variables to match your organisation's LDAP configuration.
+
+### Optional: Group Controls
+
+```python
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+    "dc=example,dc=com",
+    ldap.SCOPE_SUBTREE,
+    "(objectClass=groupOfNames)",
+)
+AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
+
+AUTH_LDAP_REQUIRE_GROUP = "cn=DD_USER_ACTIVE,ou=Groups,dc=example,dc=com"
+
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_active": "cn=DD_USER_ACTIVE,ou=Groups,dc=example,dc=com",
+    "is_staff": "cn=DD_USER_STAFF,ou=Groups,dc=example,dc=com",
+    "is_superuser": "cn=DD_USER_ADMIN,ou=Groups,dc=example,dc=com",
+}
+```
+
+Finally, add `django_auth_ldap.backend.LDAPBackend` to `AUTHENTICATION_BACKENDS`:
+
+```python
+AUTHENTICATION_BACKENDS = (
+    'django_auth_ldap.backend.LDAPBackend',
+    'django.contrib.auth.backends.RemoteUserBackend',
+    'django.contrib.auth.backends.ModelBackend',
+)
+```
+
+Full documentation: [Django Authentication with LDAP](https://django-auth-ldap.readthedocs.io/en/latest/)
+
+## docker-compose.yml
+
+To pass LDAP credentials to the container via environment variables, add these to the `uwsgi` service environment section:
+
+```yaml
+DD_LDAP_SERVER_URI: "${DD_LDAP_SERVER_URI:-ldap://ldap.example.com}"
+DD_LDAP_BIND_DN: "${DD_LDAP_BIND_DN:-}"
+DD_LDAP_BIND_PASSWORD: "${DD_LDAP_BIND_PASSWORD:-}"
+```
+
+Alternatively, set these values directly in `local_settings.py`.

docs/content/admin/user_management/set_user_permissions.md

@@ -120,7 +120,7 @@ Configuration Permissions are not related to a specific Product or Product Type
 * **Finding Templates:** Access to the Findings \> Finding Templates page
 * **Groups**: Access the 👤Users \> Groups page
 * **Jira Instances:** Access the ⚙️Configuration \> JIRA page
-* **Language Types**:Access the [Language Types](/open_source/languages/) API endpoint
+* **Language Types**:Access the [Language Types](/automation/api/languages/) API endpoint
 * **Login Banner**: Edit the ⚙️Configuration \> Login Banner page
 * **Announcements**: Access ⚙️Configuration \> Announcements
 * **Note Types:** Access the ⚙️Configuration \> Note Types page

…tent/open_source/archived_docs/_index.md docs/content/archived_docs/_index.mddocs/content/open_source/archived_docs/_index.md renamed to docs/content/archived_docs/_index.md docs/content/open_source/archived_docs/_index.md renamed to docs/content/archived_docs/_index.md

@@ -0,0 +1,38 @@
+---
+title: "OWASP ASVS Benchmarks"
+description: "Benchmark a Product against the OWASP Application Security Verification Standard"
+weight: 6
+audience: opensource
+---
+
+DefectDojo supports benchmarking Products against the [OWASP Application Security Verification Standard (ASVS)](https://owasp.org/www-project-application-security-verification-standard/), which provides a basis for testing web application technical security controls.
+
+Benchmarks allow you to measure how well a Product meets your organization's defined security requirements, and to publish a score on the Product page for visibility.
+
+## Accessing Benchmarks
+
+Benchmarks are available from the **Product** page. To open the Benchmarks view, select the dropdown menu in the upper-right area of the Product page and choose **OWASP ASVS v.3.1** near the bottom of the menu.
+
+## Benchmark Levels
+
+OWASP ASVS defines three levels of verification coverage:
+
+- **Level 1** – For all software. Covers the most critical security requirements with the lowest cost to verify. This is the default level in DefectDojo.
+- **Level 2** – For applications that contain sensitive data. Appropriate for most applications.
+- **Level 3** – For the most critical applications, such as those performing high-value transactions or storing sensitive medical, financial, or safety data.
+
+You can switch between levels using the dropdown in the upper-right of the Benchmarks view.
+
+## Benchmark Score
+
+The left side of the Benchmarks view displays the current score for your Product at the selected ASVS level:
+
+- The **desired score** your organization has set as a target
+- The **percentage of benchmarks passed** toward achieving that score
+- The **total number of enabled benchmarks** for the selected level
+
+Enabling the **Publish** checkbox will display the ASVS score directly on the Product page.
+
+## Managing Benchmark Entries
+
+Individual benchmark entries can be marked as passed or failed as your team works through the ASVS controls. Additional benchmark entries, beyond the default ASVS set, can be added or updated through the **Django admin site**.

…open_source/archived_docs/burp-plugin.md docs/content/archived_docs/burp-plugin.mddocs/content/open_source/archived_docs/burp-plugin.md renamed to docs/content/archived_docs/burp-plugin.md docs/content/open_source/archived_docs/burp-plugin.md renamed to docs/content/archived_docs/burp-plugin.md

@@ -0,0 +1,38 @@
+---
+title: "Languages and Lines of Code"
+description: "Import language composition data for a Product using the cloc tool"
+weight: 3
+audience: opensource
+aliases:
+  - /en/open_source/languages
+---
+
+DefectDojo can display a breakdown of programming languages and lines of code for a Product, populated by importing a report from the [cloc](https://github.com/AlDanial/cloc) (Count Lines of Code) tool via the API.
+
+## Generating the cloc Report
+
+Run `cloc` against your codebase using the `--json` flag to produce a JSON file in the correct format:
+
+```bash
+cloc --json /path/to/your/project > cloc-report.json
+```
+
+## Importing via the API
+
+Upload the JSON report to DefectDojo via the API. When importing, all existing language data for the Product is replaced with the contents of the new file.
+
+The import endpoint is documented in the [DefectDojo API v2 docs](../api-v2-docs/).
+
+## Viewing Results
+
+After import, the language breakdown is displayed on the left side of the Product details page, showing each language and its line count. Colors for each language are defined by entries in the `Language_Type` table, pre-populated with data from GitHub.
+
+## Updating Language Colors
+
+GitHub periodically updates language colors as new languages emerge. To pull the latest color data, run the following management command:
+
+```bash
+./manage.py import_github_languages
+```
+
+This reads from [ozh/github-colors](https://github.com/ozh/github-colors) and adds new languages or updates existing colors.