Doks overhaul

[paulOsinski]

⚠️ Note on feature completeness ⚠️

We are narrowing the scope of acceptable enhancements to DefectDojo in preparation for v3. Learn more here:
https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md

Description

Describe the feature / bug fix implemented by this PR.
If this is a new parser, the parser guide may be worth (re)reading.

Test results

Ideally you extend the test suite in tests/ and dojo/unittests to cover the changed in this PR.
Alternatively, describe what you have and haven't tested.

Documentation

Please update any documentation when needed in the documentation folder)

Checklist

This checklist is for your information.

• Make sure to rebase your PR against the very latest dev.
• Features/Changes should be submitted against the dev.
• Bugfixes should be submitted against the bugfix branch.
• Give a meaningful name to your PR, as it may end up being used in the release notes.
• Your code is flake8 compliant.
• Your code is python 3.11 compliant.
• If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
• Model changes must include the necessary migrations in the dojo/db_migrations folder.
• Add applicable tests to the unit tests.
• Add the proper label to categorize your PR.

Extra information

Please clear everything below when submitting your pull request, it's here purely for your information.

Moderators: Labels currently accepted for PRs:

• Import Scans (for new scanners/importers)
• enhancement
• performance
• feature
• bugfix
• maintenance (a.k.a chores)
• dependencies
• New Migration (when the PR introduces a DB migration)
• settings_changes (when the PR introduces changes or new settings in settings.dist.py)

Contributors: Git Tips

Rebase on dev branch

If the dev branch has changed since you started working on it, please rebase your work after the current dev.

On your working branch mybranch:

git rebase dev mybranch

In case of conflict:

 git mergetool
 git rebase --continue

When everything's fine on your local branch, force push to your myOrigin remote:

git push myOrigin --force-with-lease

To cancel everything:

git rebase --abort

Squashing commits

git rebase -i origin/dev

• Replace pick by fixup on the commits you want squashed out
• Replace pick by reword on the first commit if you want to change the commit message
• Save the file and quit your editor

Force push to your myOrigin remote:

git push myOrigin --force-with-lease

[dryrunsecurity]

DryRun Security Summary

The pull request includes various updates to the project's configuration files, such as .gitignore, .devcontainer, .gitpod.yml, .prettierignore, .npmignore, .npmrc, and .prettierrc.yaml, primarily focused on improving the development environment, dependency management, and code formatting, with some potential security considerations related to sensitive information exclusion, development environment setup, and dependency management.

Expand for full summary

Summary:

The changes in this pull request cover a variety of updates to the project's configuration files, including .gitignore, .devcontainer, .gitpod.yml, .prettierignore, .npmignore, .npmrc, and .prettierrc.yaml. These changes are primarily focused on improving the development environment, dependency management, and code formatting for the project.

From an application security perspective, the key points to highlight are:

1. Sensitive Information Exclusion: The changes to the .gitignore and .npmignore files help ensure that sensitive information, such as environment variables and deployment-specific configurations, are not accidentally committed to the repository or included in the published package.

2. Development Environment Setup: The changes to the .devcontainer and .gitpod.yml files set up the development environment, including the installation of dependencies and the configuration of the Hugo static site generator. It's important to ensure that the development environment is properly secured and that any dependencies are kept up-to-date.

3. Dependency Management: The changes to the .npmrc file, which controls the behavior of the Node.js package manager, introduce some potential security risks, such as the execution of pre-install and post-install scripts. These changes should be reviewed carefully to ensure that they do not introduce any vulnerabilities.

4. Code Formatting: The changes to the .prettierrc.yaml file, which configures the Prettier code formatter, do not directly introduce any security concerns, but the extremely high value set for the "printWidth" option could potentially lead to performance issues or resource exhaustion.

Overall, the changes in this pull request appear to be routine updates to the project's configuration files and do not raise any immediate security concerns. However, it's important to review the changes carefully, especially those related to dependency management and the development environment setup, to ensure that the application's security posture is not compromised.

Files Changed:

• .gitignore: Adds the docs/hugo_stats.json file to the ignore list, which is a common practice to prevent sensitive or unnecessary files from being accidentally committed to the Git repository.
• docs/.codesandbox/tasks.json: Introduces a new configuration file for a CodeSandbox project, which should be reviewed to ensure that the task configurations and dependencies do not introduce any security vulnerabilities.
• docs/.devcontainer/devcontainer.json: Updates the development environment configuration to reference a Dockerfile, which should be reviewed to ensure that it follows best practices for secure container image construction.
• docs/.devcontainer/Dockerfile: Provides the Dockerfile used to set up the development environment, which installs dependencies and the Hugo static site generator. The Dockerfile should be reviewed to ensure that the dependencies are up-to-date and secure.
• docs/.gitpod.yml: Adds a new configuration block to set up the Gitpod development environment, including the installation and execution of the Hugo server. The configuration should be reviewed to ensure that the Hugo server is properly secured when deployed to a production environment.
• docs/.prettierignore: Adds several file extensions to the Prettier ignore list, which is a common practice to exclude certain file types from the formatting process.
• docs/.npmignore: Adds several files and directories to the npm ignore list, including the .env file, which is a good security practice to prevent the accidental exposure of sensitive information.
• docs/.npmrc: Introduces several changes to the npm configuration, including the execution of pre-install and post-install scripts, which should be reviewed carefully to ensure that they do not introduce any vulnerabilities.
• docs/assets/favicon.svg: Updates the favicon SVG image, which does not raise any security concerns.
• docs/LICENSE: Updates the project's license to the MIT License, which is a standard and well-understood open-source license.
• docs/.prettierrc.yaml: Configures the Prettier code formatter, including setting a very high value for the "printWidth" option, which could potentially lead to performance issues or resource exhaustion.

Code Analysis

We ran 9 analyzers against 30 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[hblankenship]

I assume baseurl set to localhost in docs/config/_default/hugo.toml is what you intended