Merge pull request #14471 from DefectDojo/release/2.56.1

Release: Merge release into master from: release/2.56.1

Author: rossops

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.56.0",
+  "version": "2.56.1",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docs/assets/images/OSC_ss1.png

@@ -98,6 +98,30 @@ h1, h2, h3, h4, h5, h6,
   visibility: hidden; // Hide sidebar until version is resolved
 }
 
+@media (min-width: 992px) {
+  @supports ((position: -webkit-sticky) or (position: sticky)) {
+    .docs-sidebar {
+      display: flex !important; // Override Bootstrap d-lg-block { display: block !important }
+      flex-direction: column;
+    }
+
+    .docs-version-toggle {
+      flex-shrink: 0;
+    }
+
+    .version-menu-wrapper {
+      flex: 1;
+      min-height: 0; // Required: allows flex child to shrink below content size
+      overflow-y: auto;
+    }
+
+    .docs-links {
+      max-height: none; // Parent flex container now handles height/scroll
+      overflow: visible;
+    }
+  }
+}
+
 .doks-sidebar .section-nav a {
   color: #333333; // Dojo Hue 04
   transition: color 0.15s ease, background-color 0.15s ease;

docs/assets/images/OSC_ss2.png

@@ -0,0 +1,36 @@
+---
+title: "Auth0"
+description: "Configure Auth0 SSO in Open-Source DefectDojo"
+weight: 4
+audience: opensource
+---
+
+Open-Source DefectDojo supports login via Auth0. DefectDojo Pro users should refer to the [Pro Auth0 guide](../PRO__auth0/).
+
+## Prerequisites
+
+Complete the following steps in your Auth0 dashboard before configuring DefectDojo:
+
+1. Create a new application: **Applications > Create Application > Single Page Web Application**.
+
+2. Configure the application:
+   - **Name:** `DefectDojo`
+   - **Allowed Callback URLs:** `https://your-instance.cloud.defectdojo.com/complete/auth0/`
+
+3. Note the following values — you will need them in DefectDojo:
+   - **Domain**
+   - **Client ID**
+   - **Client Secret**
+
+## Configuration
+
+Set the following as environment variables, or without the `DD_` prefix in your `local_settings.py` file (see [Configuration](/get_started/open_source/configuration/)):
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_AUTH0_OAUTH2_ENABLED=True
+DD_SOCIAL_AUTH_AUTH0_KEY=(str, 'YOUR_CLIENT_ID'),
+DD_SOCIAL_AUTH_AUTH0_SECRET=(str, 'YOUR_CLIENT_SECRET'),
+DD_SOCIAL_AUTH_AUTH0_DOMAIN=(str, 'YOUR_AUTH0_DOMAIN'),
+{{< /highlight >}}
+
+Restart DefectDojo. A **Login with Auth0** button will appear on the login page.

docs/assets/images/OSC_ss3.png

@@ -0,0 +1,72 @@
+---
+title: "Azure Active Directory"
+description: "Configure Azure AD SSO and group mapping in Open-Source DefectDojo"
+weight: 6
+audience: opensource
+---
+
+Open-Source DefectDojo supports login via Azure Active Directory (Azure AD), including automatic User Group synchronization. DefectDojo Pro users should refer to the [Pro Azure AD guide](../PRO__azure_ad/).
+
+## Prerequisites
+
+Complete the following steps in the Azure portal before configuring DefectDojo:
+
+1. [Register a new app](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) in Azure Active Directory.
+
+2. Note the following values from the registered app:
+   - **Application (client) ID**
+   - **Directory (tenant) ID**
+   - Under **Certificates & Secrets**, create a new **Client Secret** and note its value
+
+3. Under **Authentication > Redirect URIs**, add a **Web** type URI:
+   `https://your-instance.cloud.defectdojo.com/complete/azuread-tenant-oauth2/`
+
+## Configuration
+
+Set the following as environment variables, or without the `DD_` prefix in your `local_settings.py` file (see [Configuration](/get_started/open_source/configuration/)):
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY=(str, 'YOUR_APPLICATION_ID'),
+DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET=(str, 'YOUR_CLIENT_SECRET'),
+DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID=(str, 'YOUR_DIRECTORY_ID'),
+DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_ENABLED=True
+{{< /highlight >}}
+
+Restart DefectDojo. A **Login with Azure AD** button will appear on the login page.
+
+## Group Mapping
+
+To import User Group membership from Azure AD, set the following variable:
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GET_GROUPS=True
+{{< /highlight >}}
+
+On login, DefectDojo will assign the user to all groups found in the Azure AD token. Any groups not found in DefectDojo will be created automatically. This allows product access to be governed via groups.
+
+### Configuring Azure AD to send groups
+
+The Azure AD token must be configured to include group IDs. Without this, no group information will be present in the token.
+
+To configure this:
+1. Add a [Group Claim](https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-fed-group-claims) to the token. If unsure which group type to select, choose **All Groups**.
+2. Do **not** enable **Emit groups as role claims**.
+3. Update the application's API permissions to include `GroupMember.Read.All` or `Group.Read.All`. `GroupMember.Read.All` is recommended as it grants fewer permissions.
+
+### Filtering groups
+
+To limit which groups are imported, use a regex filter:
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GROUPS_FILTER='^team-.*'  # or 'teamA|teamB|groupC'
+{{< /highlight >}}
+
+### Automatic Group Cleanup
+
+To remove stale groups when users are removed from them in Azure AD:
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_CLEANUP_GROUPS=True
+{{< /highlight >}}
+
+When a user is removed from a group in Azure AD, they are also removed from the corresponding group in DefectDojo. Empty groups are left in place for record purposes.

docs/assets/scss/common/_custom.scss

@@ -0,0 +1,35 @@
+---
+title: "GitHub Enterprise"
+description: "Configure GitHub Enterprise SSO in Open-Source DefectDojo"
+weight: 8
+audience: opensource
+---
+
+Open-Source DefectDojo supports login via GitHub Enterprise. DefectDojo Pro users should refer to the [Pro GitHub Enterprise guide](../PRO__github_enterprise/).
+
+## Prerequisites
+
+Complete the following steps in GitHub Enterprise before configuring DefectDojo:
+
+1. [Create a new OAuth App](https://docs.github.com/en/enterprise-server/developers/apps/building-oauth-apps/creating-an-oauth-app) in your GitHub Enterprise Server.
+
+2. Choose a name for the application, e.g. `DefectDojo`.
+
+3. Set the **Redirect URI**:
+   `https://your-dojo-host:your-port/complete/github-enterprise/`
+
+4. Note the **Client ID** and **Client Secret** from the app.
+
+## Configuration
+
+Set the following as environment variables, or without the `DD_` prefix in your `local_settings.py` file (see [Configuration](/get_started/open_source/configuration/)):
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY=(str, 'YOUR_CLIENT_ID'),
+DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET=(str, 'YOUR_CLIENT_SECRET'),
+DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_URL=(str, 'https://github.yourcompany.com/'),
+DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL=(str, 'https://github.yourcompany.com/api/v3/'),
+DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_OAUTH2_ENABLED=True,
+{{< /highlight >}}
+
+Restart DefectDojo. A **Login with GitHub Enterprise** button will appear on the login page.

docs/content/admin/sso/OS__auth0.md

@@ -0,0 +1,45 @@
+---
+title: "GitLab"
+description: "Configure GitLab SSO in Open-Source DefectDojo"
+weight: 10
+audience: opensource
+---
+
+Open-Source DefectDojo supports login via GitLab. DefectDojo Pro users should refer to the [Pro GitLab guide](../PRO__gitlab/).
+
+## Prerequisites
+
+Complete the following steps in GitLab before configuring DefectDojo:
+
+1. Navigate to your GitLab profile's Applications page:
+   - GitLab.com: `https://gitlab.com/profile/applications`
+   - Self-hosted: `https://your-gitlab-host/profile/applications`
+
+2. Create a new application:
+   - **Name:** `DefectDojo`
+   - **Redirect URI:** `https://your-dojo-host/complete/gitlab/`
+
+3. Note the **Application ID** and **Secret** from the application.
+
+## Configuration
+
+Set the following as environment variables, or without the `DD_` prefix in your `local_settings.py` file (see [Configuration](/get_started/open_source/configuration/)):
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_GITLAB_KEY=(str, 'YOUR_APPLICATION_ID'),
+DD_SOCIAL_AUTH_GITLAB_SECRET=(str, 'YOUR_SECRET'),
+DD_SOCIAL_AUTH_GITLAB_API_URL=(str, 'https://gitlab.com'),
+DD_SOCIAL_AUTH_GITLAB_OAUTH2_ENABLED=True
+{{< /highlight >}}
+
+Restart DefectDojo. A **Login with GitLab** button will appear on the login page.
+
+### Auto-importing GitLab projects
+
+To automatically import your GitLab projects as DefectDojo Products, add the following variable:
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_GITLAB_PROJECT_AUTO_IMPORT=True
+{{< /highlight >}}
+
+**Note:** Enabling this on an existing instance with a GitLab integration will require users to re-grant the `read_repository` permission.

docs/content/admin/sso/OS__azure_ad.md

@@ -0,0 +1,59 @@
+---
+title: "Google Auth"
+description: "Configure Google OAuth in Open-Source DefectDojo"
+weight: 12
+audience: opensource
+---
+
+Open-Source DefectDojo supports login via Google accounts. New users are created automatically on first login if they don't already exist. Existing DefectDojo users are matched to Google accounts by username (the portion before the `@` in their Google email). DefectDojo Pro users should refer to the [Pro Google guide](../PRO__google/).
+
+## Prerequisites
+
+Complete the following steps in the Google Cloud Console before configuring DefectDojo:
+
+1. Sign in to the [Google Developers Console](https://console.developers.google.com).
+
+2. Go to **Credentials > Create Credentials > OAuth Client ID**.
+
+3. Select **Web Application** and give it a descriptive name (e.g. `DefectDojo`).
+
+4. Under **Authorized Redirect URIs**, add:
+   `https://your-dojo-host/complete/google-oauth2/`
+
+5. Note the **Client ID** and **Client Secret Key**.
+
+## Configuration
+
+Set the following as environment variables, or without the `DD_` prefix in your `local_settings.py` file (see [Configuration](/get_started/open_source/configuration/)):
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_GOOGLE_OAUTH2_ENABLED=True,
+DD_SOCIAL_AUTH_GOOGLE_OAUTH2_KEY=(str, 'YOUR_CLIENT_ID'),
+DD_SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET=(str, 'YOUR_CLIENT_SECRET'),
+{{< /highlight >}}
+
+You must also authorize which users can log in. You can whitelist by domain:
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS=['example.com', 'example.org']
+{{< /highlight >}}
+
+Or as an environment variable (comma-separated):
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS=example.com,example.org
+{{< /highlight >}}
+
+Alternatively, whitelist specific email addresses:
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS=['user@example.com']
+{{< /highlight >}}
+
+Or as an environment variable:
+
+{{< highlight python >}}
+DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS=user@example.com,user2@example.com
+{{< /highlight >}}
+
+Restart DefectDojo. A **Login With Google** button will appear on the login page.