Merge pull request #8774 from DefectDojo/master-into-bugfix/2.27.0-2.…

…28.0-dev

Release: Merge back 2.27.0 into bugfix from: master-into-bugfix/2.27.0-2.28.0-dev

.github/workflows/build-docker-images-for-testing.yml

@@ -28,14 +28,14 @@ jobs:
         run: echo "IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
         with:
           buildkitd-flags: --debug
           driver-opts: image=moby/buildkit:master # needed to get the fix for https://github.com/moby/buildkit/issues/2426
 
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: false

.github/workflows/k8s-tests.yml

@@ -78,7 +78,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Minikube
-        uses: manusa/actions-setup-minikube@v2.7.2
+        uses: manusa/actions-setup-minikube@v2.9.0
         with:
           minikube version: 'v1.24.0'
           kubernetes version: ${{ matrix.k8s }}

.github/workflows/release-x-manual-docker-containers.yml

@@ -32,7 +32,7 @@ jobs:
           platform: [amd64]
     steps:
       - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -47,7 +47,7 @@ jobs:
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Cache Docker layers
         uses: actions/cache@v3
@@ -63,7 +63,7 @@ jobs:
 
       - name: Build and push images with debian
         if: ${{ matrix.os  == 'debian' }}
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         env:
           REPO_ORG: ${{ env.repoorg }}
           docker-image: ${{ matrix.docker-image }}
@@ -77,7 +77,7 @@ jobs:
 
       - name: Build and push images with alpine
         if: ${{ matrix.os  == 'alpine' }}
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         env:
           REPO_ORG: ${{ env.repoorg }}
           docker-image: ${{ matrix.docker-image }}

Dockerfile.integration-tests-debian

@@ -1,7 +1,7 @@
 
 # code: language=Dockerfile
 
-FROM openapitools/openapi-generator-cli:v7.0.0@sha256:469376dae86c38cb4152b9b820a93d2e74d27a442ea99014f8c7f4a6f2848b9f as openapitools
+FROM openapitools/openapi-generator-cli:v7.0.1@sha256:26e3add1a66473bdac63cd3eeec9363d776c343eb50e5e66e97b9ad0d34beaf4 as openapitools
 FROM python:3.11.4-slim-bullseye@sha256:40319d0a897896e746edf877783ef39685d44e90e1e6de8d964d0382df0d4952 as build
 WORKDIR /app
 RUN \

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.27.0-dev",
+  "version": "2.28.0-dev",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {

docker-compose.yml

@@ -138,8 +138,8 @@ services:
     volumes:
       - defectdojo_data:/var/lib/mysql
   postgres:
-    image: postgres:15.4-alpine@sha256:8bc3c893342c766481df5fde58fab6f1a1115b94eb56778126163305243e9709
-    profiles:
+    image: postgres:16.0-alpine@sha256:2ccd6655060d7b06c71f86094e8c7a28bdcc8a80b43baca4b1dabb29cff138a2
+    profiles: 
       - postgres-rabbitmq
       - postgres-redis
     environment:
@@ -149,15 +149,15 @@ services:
     volumes:
       - defectdojo_postgres:/var/lib/postgresql/data
   rabbitmq:
-    image: rabbitmq:3.12.4-alpine@sha256:1db3f856e6628e2ac512a91959437ca5bab5112c856fe730b6b5ff5087e5e3d0
-    profiles:
+    image: rabbitmq:3.12.6-alpine@sha256:a21880dc5e2b4581c0dd762337c7112475a2d8daba697e1c6192923ebad91739
+    profiles: 
       - mysql-rabbitmq
       - postgres-rabbitmq
     volumes:
        - defectdojo_rabbitmq:/var/lib/rabbitmq
   redis:
-    image: redis:7.2.0-alpine@sha256:fd5de2340bc46cbc2241975ab027797c350dec6fd86349e3ac384e3a41be6fee
-    profiles:
+    image: redis:7.2.1-alpine@sha256:9150d86fe2a9d03bbdb15bb9758fa5e3d24632386af8f6eb4d675ee4c976f499
+    profiles: 
       - mysql-redis
       - postgres-redis
     volumes:

docs/content/en/getting_started/running-in-production.md

@@ -1,6 +1,6 @@
 ---
 title: "Running in production"
-description: "For use in Produciton environments, performance tweaks and backups are recommended."
+description: "For use in Production environments, performance tweaks and backups are recommended."
 draft: false
 weight: 4
 ---
@@ -79,7 +79,9 @@ You can execute the following command to see the configuration:
 `docker-compose exec celerybeat bash -c "celery -A dojo inspect stats"`
 and see what is in effect.
 
-###### Asynchronous Imports
+#### Asynchronous Import
+
+**Please note: Asynchronous Import is currently an experimental feature.  Please exercise caution with this method as results may be inconsistent.**
 
 Import and Re-Import can also be configured to handle uploads asynchronously to aid in 
 processing especially large scans. It works by batching Findings and Endpoints by a 

docs/content/en/integrations/parsers/file/anchore_engine.md

@@ -2,5 +2,39 @@
 title: "Anchore-Engine"
 toc_hide: true
 ---
-JSON vulnerability report generated by anchore-cli tool, using a command
-like `anchore-cli --json image vuln <image:tag> all`
+
+### File Types
+DefectDojo parser accepts a .json file.
+
+Using the [Anchore CLI](https://docs.anchore.com/current/docs/using/cli_usage/images/inspecting_image_content/) is the most reliable way to generate an Anchore report which DefectDojo can parse. When generating a report with the Anchore CLI, please use the following command to ensure complete data: `anchore-cli --json image vuln <image:tag> all`
+
+### Acceptable JSON Format
+All properties are strings and are required by the parser.
+
+~~~
+
+{
+    "imageDigest": "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+    "vulnerabilities": [
+        {
+            "feed": "example-feed",
+            "feed_group": "example-feed-group",
+            "fix": "1.2.4",
+            "package": "example-package",
+            "package_cpe": "cpe:2.3:a:*:example:1.2.3:*:*:*:*:*:*:*",
+            "package_name": "example-package-name",
+            "package_path": "path/to/package",
+            "package_type": "dpkg",
+            "package_version": "1.2.3",
+            "severity": "Medium",
+            "url": "https://example.com/cve/CVE-2011-3389",
+            "vuln": "CVE-2011-3389"
+        },
+      ...
+    ],
+    "vulnerability_type": "os"
+}
+~~~
+
+### Sample Scan Data
+Sample Anchore-Engine scans can be found at https://github.com/DefectDojo/sample-scan-files/tree/master/anchore_engine .

docs/content/en/integrations/parsers/file/kubehunter.md

@@ -0,0 +1,5 @@
+---
+title: "kubeHunter Scanner"
+toc_hide: true
+---
+Import JSON reports of kube-hunter scans. Use "kube-hunter --report json" to produce the report in json format.

docs/package.json

@@ -1,7 +1,7 @@
 {
   "devDependencies": {
-    "postcss": "8.4.29",
-    "autoprefixer": "10.4.15",
+    "postcss": "8.4.31",
+    "autoprefixer": "10.4.16",
     "postcss-cli": "10.1.0"
   }
 }

dojo/__init__.py

@@ -4,6 +4,6 @@
 # Django starts so that shared_task will use this app.
 from .celery import app as celery_app  # noqa
 
-__version__ = '2.27.0-dev'
+__version__ = '2.28.0-dev'
 __url__ = 'https://github.com/DefectDojo/django-DefectDojo'
 __docs__ = 'https://documentation.defectdojo.com'

dojo/api_v2/views.py

@@ -3978,6 +3978,7 @@ class SLAConfigurationViewset(
     mixins.DestroyModelMixin,
     mixins.CreateModelMixin,
     viewsets.GenericViewSet,
+    dojo_mixins.DeletePreviewModelMixin,
 ):
     serializer_class = serializers.SLAConfigurationSerializer
     queryset = SLA_Configuration.objects.all()