DefectDojo
diff --git a/‎.github/workflows/close-stale.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/close-stale.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/integration-tests.yml‎
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/integration-tests.yml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/workflows/release-x-manual-helm-chart.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release-x-manual-helm-chart.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/rest-framework-tests.yml‎
Lines changed: 5 additions & 0 deletions b/‎.github/workflows/rest-framework-tests.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/workflows/unit-tests.yml‎
Lines changed: 8 additions & 0 deletions b/‎.github/workflows/unit-tests.yml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎docker-compose.yml‎
Lines changed: 2 additions & 2 deletions b/‎docker-compose.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docker/entrypoint-initializer.sh‎
Lines changed: 13 additions & 1 deletion b/‎docker/entrypoint-initializer.sh‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎docs/content/en/connecting_your_tools/parsers/file/snyk_issue_api.md‎
Lines changed: 5 additions & 1 deletion b/‎docs/content/en/connecting_your_tools/parsers/file/snyk_issue_api.md‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎docs/package-lock.json‎
Lines changed: 11 additions & 9 deletions b/‎docs/package-lock.json‎
Lines changed: 11 additions & 9 deletions
diff --git a/‎docs/package.json‎
Lines changed: 1 addition & 1 deletion b/‎docs/package.json‎
Lines changed: 1 addition & 1 deletion
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Close stale issues and PRs
-        uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
+        uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
         with:
           # Disable automatic stale marking - only close manually labeled items
           days-before-stale: -1
 
@@ -2,12 +2,18 @@ name: Integration tests
 
 on:
   workflow_call:
+    inputs:
+        auditlog_type:
+          type: string
+          default: "django-auditlog"
 
 jobs:
   integration_tests:
     # run tests with docker compose
     name: User Interface Tests
     runs-on: ubuntu-latest
+    env:
+      AUDITLOG_TYPE: ${{ inputs.auditlog_type }}
     strategy:
       matrix:
         test-case: [
 
@@ -87,7 +87,7 @@ jobs:
           echo "chart_version=$(ls build | cut -d '-' -f 2,3 | sed 's|\.tgz||')" >> $GITHUB_ENV
 
       - name: Create release ${{ inputs.release_number }}
-        uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2.3.3
+        uses: softprops/action-gh-release@62c96d0c4e8a889135c1f3a25910db8dbe0e85f7 # v2.3.4
         with:
           name: '${{ inputs.release_number }} 🌈'
           tag_name: ${{ inputs.release_number }}
 
@@ -6,11 +6,16 @@ on:
         platform:
           type: string
           default: "linux/amd64"
+        auditlog_type:
+          type: string
+          default: "django-auditlog"
 
 jobs:
   unit_tests:
     name: Rest Framework Unit Tests
     runs-on: ${{ inputs.platform ==  'linux/arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    env:
+      AUDITLOG_TYPE: ${{ inputs.auditlog_type }}
 
     strategy:
       matrix:
 
@@ -25,18 +25,26 @@ jobs:
     strategy:
         matrix:
             platform: ['linux/amd64', 'linux/arm64']
+            auditlog_type: ['django-auditlog', 'django-pghistory']
         fail-fast: false
     needs: build-docker-containers
     uses: ./.github/workflows/rest-framework-tests.yml
     secrets: inherit
     with:
       platform: ${{ matrix.platform}}
+      auditlog_type: ${{ matrix.auditlog_type }}
 
   # only run integration tests for linux/amd64 (default)
   test-user-interface:
     needs: build-docker-containers
     uses: ./.github/workflows/integration-tests.yml
     secrets: inherit
+    strategy:
+      matrix:
+        auditlog_type: ['django-auditlog', 'django-pghistory']
+      fail-fast: false
+    with:
+      auditlog_type: ${{ matrix.auditlog_type }}
 
   # only run k8s tests for linux/amd64 (default)
   test-k8s:
 
@@ -120,7 +120,7 @@ services:
           source: ./docker/extra_settings
           target: /app/docker/extra_settings
   postgres:
-    image: postgres:18.0-alpine@sha256:9636ae7feacd8d630303eede7f95cd0f472d514e7864422c6aa8ea07b2171df8
+    image: postgres:18.0-alpine@sha256:70b32afe0c274b4d93098fd724fcdaab3aba47270a4f1e63cbf9cc69d7bf1be4
     environment:
       POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo}
       POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo}
@@ -129,7 +129,7 @@ services:
       - defectdojo_postgres:/var/lib/postgresql/data
   redis:
     # Pinning to this version due to licensing constraints
-    image: redis:7.2.10-alpine@sha256:395ccd7ee4db0867de0d0410f4712a9e0331cff9fdbd864f71ec0f7982d3ffe6
+    image: redis:7.2.11-alpine@sha256:7632e82373929f39cdbead93f2e45d8b3cd295072c4755e00e7e6b19d56cc512
     volumes:
       - defectdojo_redis:/data
 volumes:
 
@@ -110,6 +110,8 @@ python3 manage.py makemigrations --no-input --check --dry-run --verbosity 3 || {
     cat <<-EOF
 
 ********************************************************************************
+WARNING: Missing Database Migrations Detected
+********************************************************************************
 
 You made changes to the models without creating a DB migration for them.
 
@@ -119,15 +121,25 @@ If you're not familiar with migrations in Django, please read the
 great documentation thoroughly:
 https://docs.djangoproject.com/en/5.0/topics/migrations/
 
+This is now a WARNING and the container will continue to start.
+However, you should create the necessary migrations as soon as possible using:
+docker compose exec uwsgi bash -c 'python manage.py makemigrations -v2'
+
 ********************************************************************************
 
 EOF
-    exit 1
+    echo "WARNING: Continuing startup despite missing migrations..."
 }
 
 echo "Migrating"
 python3 manage.py migrate
 
+echo "Configuring pghistory triggers based on audit settings"
+cat <<EOD | python3 manage.py shell
+from dojo.auditlog import configure_pghistory_triggers
+configure_pghistory_triggers()
+EOD
+
 echo "Admin user: ${DD_ADMIN_USER}"
 ADMIN_EXISTS=$(echo "SELECT * from auth_user;" | python manage.py dbshell | grep "${DD_ADMIN_USER}" || true)
 # Abort if the admin user already exists, instead of giving a new fake password that won't work
 
@@ -2,7 +2,11 @@
 title: "Snyk Issue API"
 toc_hide: true
 ---
-The Snyk Issue API parser supports importing vulnerability data from the Snyk Issue API in JSON format. Currently only parsing issues of type `code` is supported. Samples of ther issue types are welcome.
+The Snyk Issue API parser supports importing vulnerability data from the Snyk Issue API in JSON format.
+
+Currently parsing issues of type `code` (SAST) and `package_vulnerability` (SCA) are supported.
+
+Samples of ther issue types are welcome.
 
 For more information about the Snyk Issue API, refer to the [official Snyk API documentation](https://docs.snyk.io/snyk-api/reference/issues#get-orgs-org_id-issues).
 
 
@@ -23,7 +23,7 @@
   },
   "devDependencies": {
     "prettier": "3.6.2",
-    "vite": "7.1.7"
+    "vite": "7.1.9"
   },
   "engines": {
     "node": "22.20.0"