Merge pull request #14577 from DefectDojo/release/2.56.3

Release: Merge release into master from: release/2.56.3

Author: rossops

.github/dependabot.yml

@@ -3,7 +3,8 @@ updates:
 - package-ecosystem: pip
   directory: "/"
   schedule:
-    interval: daily
+    interval: weekly
+    day: wednesday
     time: "08:00"
   open-pull-requests-limit: 10
   target-branch: dev
@@ -17,7 +18,8 @@ updates:
 - package-ecosystem: npm
   directory: "/components"
   schedule:
-    interval: daily
+    interval: weekly
+    day: wednesday
     time: "08:00"
   open-pull-requests-limit: 10
   target-branch: dev

.github/renovate.json

@@ -1,7 +1,9 @@
 {
   "extends": [
-    "config:recommended"
+    "config:recommended",
+    "schedule:weekly"
   ],
+  "schedule": ["* * * * 3"],
   "dependencyDashboard": true,
   "dependencyDashboardApproval": false,
   "baseBranchPatterns": ["dev"],
@@ -16,7 +18,7 @@
     "dojo/components/yarn.lock",
     "dojo/components/package.json"
   ],
-  "ignoreDeps": [],
+  "ignoreDeps": ["gohugoio/hugo"],
   "packageRules": [{
     "matchPackageNames": ["*"],
     "commitMessageExtra": "from {{currentVersion}} to {{#if isMajor}}v{{{newMajor}}}{{else}}{{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}{{/if}}",

.github/workflows/gh-pages.yml

@@ -18,7 +18,7 @@ jobs:
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
         with:
-          hugo-version: '0.153.4' # renovate: datasource=github-releases depName=gohugoio/hugo
+          hugo-version: '0.153.4'
           extended: true
 
       - name: Setup Node

.github/workflows/validate_docs_build.yml

@@ -13,7 +13,7 @@ jobs:
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
         with:
-          hugo-version: '0.153.4' # renovate: datasource=github-releases depName=gohugoio/hugo
+          hugo-version: '0.153.4'
           extended: true
 
       - name: Setup Node

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.56.2",
+  "version": "2.56.3",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docs/content/admin/notifications/about_notifications.md

@@ -75,4 +75,4 @@ For more information about this behavior see the [related pull request #9699](ht
 
 ### Webhooks (experimental)
 
-DefectDojo also supports webhooks that follow the same events as other notifications (you can be notified in the same situations). Details about setup are described in [related page](/open_source/notification_webhooks/how_to).
+DefectDojo also supports webhooks that follow the same events as other notifications (you can be notified in the same situations). Details about setup are described in [the related page](/automation/api/notification_webhooks/).

docs/content/admin/sso/OS__ldap.md

@@ -0,0 +1,135 @@
+---
+title: "LDAP Authentication"
+description: "Authenticate users via LDAP by building custom Docker images"
+weight: 20
+audience: opensource
+aliases:
+  - /en/open_source/ldap-authentication
+---
+
+**This feature is experimental, and is not implemented in DefectDojo Pro**.
+
+DefectDojo does not support LDAP authentication out of the box. However, since DefectDojo is built on Django, LDAP can be added by building your own Docker images and modifying a small number of configuration files.
+
+## Files to Modify
+
+- `Dockerfile.django-*`
+- `Dockerfile.nginx-*`
+- `requirements.txt`
+- `local_settings.py`
+- `docker-compose.yml` *(optional — for passing secrets via environment variables)*
+
+## Dockerfile Modifications
+
+In both `Dockerfile.django-alpine` and `Dockerfile.nginx-alpine`, add the following to the `apk add` layer:
+
+```bash
+openldap-dev \
+cyrus-sasl-dev \
+```
+
+In `Dockerfile.django-debian`, add the following to the `apt-get install` layer:
+
+```bash
+libldap2-dev \
+libsasl2-dev \
+ldap-utils \
+```
+
+## requirements.txt
+
+Check [pypi.org](https://pypi.org) for the latest versions at the time of implementation, then add:
+
+```
+python-ldap==3.4.5
+django-auth-ldap==5.2.0
+```
+
+- [python-ldap](https://pypi.org/project/python-ldap/)
+- [django-auth-ldap](https://pypi.org/project/django-auth-ldap/)
+
+## local_settings.py
+
+Find the settings file (see `/dojo/settings/settings.py` for instructions on using `local_settings.py`) and make the following additions.
+
+At the top of the file:
+
+```python
+import ldap
+from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
+import environ
+```
+
+Add LDAP variables to the `env` dict:
+
+```python
+# LDAP
+env = environ.FileAwareEnv(
+    DD_LDAP_SERVER_URI=(str, 'ldap://ldap.example.com'),
+    DD_LDAP_BIND_DN=(str, ''),
+    DD_LDAP_BIND_PASSWORD=(str, ''),
+)
+```
+
+Then add the LDAP settings beneath the `env` dict:
+
+```python
+AUTH_LDAP_SERVER_URI = env('DD_LDAP_SERVER_URI')
+AUTH_LDAP_BIND_DN = env('DD_LDAP_BIND_DN')
+AUTH_LDAP_BIND_PASSWORD = env('DD_LDAP_BIND_PASSWORD')
+
+AUTH_LDAP_USER_SEARCH = LDAPSearch(
+    "ou=Groups,dc=example,dc=com", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
+)
+
+AUTH_LDAP_USER_ATTR_MAP = {
+    "first_name": "givenName",
+    "last_name": "sn",
+    "email": "mail",
+}
+```
+
+Customise all search variables to match your organisation's LDAP configuration.
+
+### Optional: Group Controls
+
+```python
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+    "dc=example,dc=com",
+    ldap.SCOPE_SUBTREE,
+    "(objectClass=groupOfNames)",
+)
+AUTH_LDAP_GROUP_TYPE = GroupOfNamesType(name_attr="cn")
+
+AUTH_LDAP_REQUIRE_GROUP = "cn=DD_USER_ACTIVE,ou=Groups,dc=example,dc=com"
+
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_active": "cn=DD_USER_ACTIVE,ou=Groups,dc=example,dc=com",
+    "is_staff": "cn=DD_USER_STAFF,ou=Groups,dc=example,dc=com",
+    "is_superuser": "cn=DD_USER_ADMIN,ou=Groups,dc=example,dc=com",
+}
+```
+
+Finally, add `django_auth_ldap.backend.LDAPBackend` to `AUTHENTICATION_BACKENDS`:
+
+```python
+AUTHENTICATION_BACKENDS = (
+    'django_auth_ldap.backend.LDAPBackend',
+    'django.contrib.auth.backends.RemoteUserBackend',
+    'django.contrib.auth.backends.ModelBackend',
+)
+```
+
+Full documentation: [Django Authentication with LDAP](https://django-auth-ldap.readthedocs.io/en/latest/)
+
+## docker-compose.yml
+
+To pass LDAP credentials to the container via environment variables, add these to the `uwsgi` service environment section:
+
+```yaml
+DD_LDAP_SERVER_URI: "${DD_LDAP_SERVER_URI:-ldap://ldap.example.com}"
+DD_LDAP_BIND_DN: "${DD_LDAP_BIND_DN:-}"
+DD_LDAP_BIND_PASSWORD: "${DD_LDAP_BIND_PASSWORD:-}"
+```
+
+Alternatively, set these values directly in `local_settings.py`.

docs/content/admin/user_management/set_user_permissions.md

@@ -120,7 +120,7 @@ Configuration Permissions are not related to a specific Product or Product Type
 * **Finding Templates:** Access to the Findings \> Finding Templates page
 * **Groups**: Access the 👤Users \> Groups page
 * **Jira Instances:** Access the ⚙️Configuration \> JIRA page
-* **Language Types**:Access the [Language Types](/open_source/languages/) API endpoint
+* **Language Types**:Access the [Language Types](/automation/api/languages/) API endpoint
 * **Login Banner**: Edit the ⚙️Configuration \> Login Banner page
 * **Announcements**: Access ⚙️Configuration \> Announcements
 * **Note Types:** Access the ⚙️Configuration \> Note Types page