merge changes from forked repo (#1)

* adapted the helm chart of initializer-job.yaml to allow for metadata … (#6730)

* adapted the helm chart of initializer-job.yaml to allow for metadata annotations

* adapted the helm chart of initializer-job.yaml to run after install or upgrade

* fixed typo initializerKeepSeconds to initializer.keepSeconds

* renamed to jobAnnotations and moved helm hook to template values

* indent fix

* indent fix

* Design fixes to footer, tags input, and filters snippet (#6751)

* Design fixes to footer, tags input, and filters

* Update dojo.css

* Update base.html

* Bump google-api-python-client from 2.57.0 to 2.58.0 (#6757)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.57.0 to 2.58.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.57.0...v2.58.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6755)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Fix assignee bug in JIRA view (#6741)

* Fix assignee bug in JIRA view

* Update dojo/jira_link/views.py

Co-authored-by: Cody Maffucci <[email protected]>

Co-authored-by: Cody Maffucci <[email protected]>

* Bump google-auth from 2.10.0 to 2.11.0 (#6745)

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.10.0 to 2.11.0.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.10.0...v2.11.0)

---
updated-dependencies:
- dependency-name: google-auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update local_settings.py description

* Update configuration.md

* Corrected deduplication settings for Twistlock Reports (#6777)

* Update versions in application files

* Update Chart.yaml

* Update version files

* Forgot a number

* Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.31.2 to v1.32.0 (helm/defectdojo/values.yaml) (#6823)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump cryptography from 37.0.4 to 38.0.1 (#6822)

Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.4 to 38.0.1.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/37.0.4...38.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update rabbitmq:3.10.7-alpine Docker digest from 3.10.7 to 3.10.7-alpine (docker-compose.yml) (#6821)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6820)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update nginx/nginx-prometheus-exporter Docker tag from 0.10.0 to v0.11.0 (helm/defectdojo/values.yaml) (#6818)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump sqlalchemy from 1.4.40 to 1.4.41 (#6813)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.40 to 1.4.41.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump google-api-python-client from 2.58.0 to 2.60.0 (#6812)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.58.0 to 2.60.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.58.0...v2.60.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update actions/checkout action from v2 to v3 (.github/workflows/submodule-update.yml) (#6805)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump jira from 3.4.0 to 3.4.1 (#6800)

Bumps [jira](https://github.com/pycontribs/jira) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/pycontribs/jira/releases)
- [Commits](https://github.com/pycontribs/jira/compare/3.4.0...3.4.1)

---
updated-dependencies:
- dependency-name: jira
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump djangosaml2 from 1.5.1 to 1.5.2 (#6799)

Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/IdentityPython/djangosaml2/releases)
- [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES)
- [Commits](https://github.com/IdentityPython/djangosaml2/compare/v1.5.1...v1.5.2)

---
updated-dependencies:
- dependency-name: djangosaml2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-slack from 5.17.8 to 5.18.0 (#6789)

Bumps [django-slack](https://github.com/lamby/django-slack) from 5.17.8 to 5.18.0.
- [Release notes](https://github.com/lamby/django-slack/releases)
- [Commits](https://github.com/lamby/django-slack/compare/5.17.8...5.18.0)

---
updated-dependencies:
- dependency-name: django-slack
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump vcrpy from 4.2.0 to 4.2.1 (#6785)

Bumps [vcrpy](https://github.com/kevin1024/vcrpy) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/kevin1024/vcrpy/releases)
- [Changelog](https://github.com/kevin1024/vcrpy/blob/master/docs/changelog.rst)
- [Commits](https://github.com/kevin1024/vcrpy/compare/v4.2.0...v4.2.1)

---
updated-dependencies:
- dependency-name: vcrpy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump jquery from 3.6.0 to 3.6.1 in /components (#6766)

Bumps [jquery](https://github.com/jquery/jquery) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/jquery/jquery/releases)
- [Commits](https://github.com/jquery/jquery/compare/3.6.0...3.6.1)

---
updated-dependencies:
- dependency-name: jquery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump python-gitlab from 3.8.1 to 3.9.0 (#6765)

Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 3.8.1 to 3.9.0.
- [Release notes](https://github.com/python-gitlab/python-gitlab/releases)
- [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md)
- [Commits](https://github.com/python-gitlab/python-gitlab/compare/v3.8.1...v3.9.0)

---
updated-dependencies:
- dependency-name: python-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Corrected deduplication settings for anchore enterprise policy checks (#6770)

* Set finding to inactivate after creation of risk acceptance (#6780)

* Auth: Add RemoteUser implementation (#6782)

* Add RemoteUser implementation

* Add documentation

* Add support also for API

* Fix bug that caused scan imports to fail (#6775)

* Adding Closed Notes to Jira (#6806)

current condition : All notes that we sent through the finding detail are sent to jira. But, the closed notes we sent when we close the finding is not sent to jira even if that notes are saved to the finding notes in the finding detail page.
proposed changes : sent the close finding notes to jira also

* Sort findings in notifications (#6817)

* Sorting by severity after add/update

* Sorting out

* Sorting by severity after add/update

* Sorting out

* Translate metrics (#6819)

* Prepared translate for metrics pages

* Fix flake8 notice

Co-authored-by: Дмитрий Муковкин <[email protected]>

* Update the text that slack notification shows (#6825)

* Update the text that slack notification shows

Currently, when a test is added and slack notification is enable is showed: "New test added for engagement {engament.product}" 
I suggest adding the engament name to this phrase: " New test added for engagement {{engagement.name }} in product {{ engagement.produc}}"

* corrected typo in product

corrected typo in product

* #6620 Create API importer for Bugcrowd (#6621)

* Create API importer for Bugcrowd

* Fix linting

* Documentation update

* Implement URI extraction via regex, pagination fetch loop, switch to unique id from tool deduplication alg

* Update api_client.py

* Various fixes

* Fix dateutil parse and auth header

* Fix linting

* Switch to session

* Implement unit testing - WIP

* Bugcrowd api importer unit tests

* Fix flake8

* Simplify parameterization for bugcrowd JSONAPI format

* Fix urlencoding and loop for pagination

* Implement generator api client

* v3 of fetcher with multithreading

* Linting with Black, test data changed for generator function, fix tests

* fix pep8 and add ignore W503 in flake8

* remove json from test

* Use logger for endpoint parsing errors, without breaking parser

* Strip bug url to improve endpoint parsing

* Remove regex usage

* Handle endpoint uri a bit better

* use logger error for endpoint converting

* Improve requests exception handling

* Remove regexes, convert_endpoint function

* Raise exeptions for responses and connection tests

* Do not save broken endpoints, add cleaning in tests

* Align to dev branch

* Named ValidationError exceptions

* Fix conflicts

* Fix conflicts

* Add response text in error message

* Fix liniting

* Update __init__.py

Co-authored-by: Damien Carol <[email protected]>

* Bump numpy from 1.23.2 to 1.23.3 (#6830)

Bumps [numpy](https://github.com/numpy/numpy) from 1.23.2 to 1.23.3.
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](https://github.com/numpy/numpy/compare/v1.23.2...v1.23.3)

---
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-extensions from 3.2.0 to 3.2.1 (#6831)

Bumps [django-extensions](https://github.com/django-extensions/django-extensions) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/django-extensions/django-extensions/releases)
- [Changelog](https://github.com/django-extensions/django-extensions/blob/main/CHANGELOG.md)
- [Commits](https://github.com/django-extensions/django-extensions/compare/3.2.0...3.2.1)

---
updated-dependencies:
- dependency-name: django-extensions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump python from 3.8.13-slim-bullseye to 3.8.14-slim-bullseye (#6832)

Bumps python from 3.8.13-slim-bullseye to 3.8.14-slim-bullseye.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update dependency autoprefixer from 10.4.8 to v10.4.10 (docs/package.json) (#6828)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* fix npm audit JFrog Artifactory import bug (#6786)

* fix npm audit JFrog Artifactory import bug

* added unittest to ensure the npm parser error having a cwe: null will not happen again

* fixed wrong assertion

* Optimize metrics (#6798)

* Optimize metric pages

* Fix design in metrics.html page

* Fixed counting for active_per_period parameter in get_period_counts method

* Fixed unittest test_metrics_queries.py

Co-authored-by: Дмитрий Муковкин <[email protected]>

* switch to Has Capabilities (#6759)

* switch to Has Capabilities

* Address Ingress object

* Center the "No Endpoints" text to match the other objects (#6851)

* Center the "No Endpoints" text to match the other objects

* Update endpoints.html

* Fix simple search width (#6850)

* Added questionnaire functionality documentation

* Fixed bleach clean issue with display tag

* Fix simple search width

* Fixed simple search width

* Update release automation to fix helm issues, Bump versions (#6849)

* Replace documentation links (#6764)

* Replace documentation links, Remove local documentation workflows

* Fix flake8?

* Maybe this is it>

* Restore gh-pages workflow

* Fixed bleach clean not allowing links in descriptions (#6848)

* Added questionnaire functionality documentation

* Fixed bleach clean issue with display tag

* Fixed links in descriptions being cleaned by bleach

* API Cleanup: Set sane defaults for non  required fields and safely retrieve results (#6847)

* API Cleanup: Set san defaults for non  required fields and safely retrieve results

* Correct unit tests

* Added questionnaire functionality documentation (#6846)

* Update helm chart test

* Update versions in application files

* Bump google-auth-oauthlib from 0.5.2 to 0.5.3 (#6843)

Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.5.2 to 0.5.3.
- [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/compare/v0.5.2...v0.5.3)

---
updated-dependencies:
- dependency-name: google-auth-oauthlib
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update release-drafter/release-drafter action from v5.20.1 to v5.21.0 (.github/workflows/release-drafter.yml) (#6842)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency autoprefixer from 10.4.10 to v10.4.11 (docs/package.json) (#6841)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump drf-spectacular from 0.23.1 to 0.24.0 (#6838)

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.23.1 to 0.24.0.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.23.1...0.24.0)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix log_user_login_failed is username is missing (#6854)

* Parse mitigation status for Veracode SCA findings (#6855)

* Bump packageurl-python from 0.10.1 to 0.10.3 (#6856)

Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.10.1 to 0.10.3.
- [Release notes](https://github.com/package-url/packageurl-python/releases)
- [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/package-url/packageurl-python/compare/v0.10.1...v0.10.3)

---
updated-dependencies:
- dependency-name: packageurl-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(helm): fix postgresql svc name (#6816)

* Update celery-beat-deployment.yaml

updated celery-beat-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs

* Update celery-worker-deployment.yaml

updated celery-worker-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs

* Update django-deployment.yaml

updated django-deployment template to include generic secrets for rabbitmq and mysql. Furthermore, removed not necessary ifs

* Update celery-beat-deployment.yaml

fixed helm lint problems

* Update celery-worker-deployment.yaml

fixed helm lint problems

* Update django-deployment.yaml

fixed helm lint problems

* Bump pyjwt from 2.4.0 to 2.5.0 (#6860)

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.4.0...2.5.0)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bugfixes for Github Vulnerability Parser (#6870)

* Add checks for anonymous users in auth model (#6869)

* Add checks for anonymous users in auth model

* Change type of failure for queries object

* Fix Flake8

* Update versions in application files

* Update versions in application files

* added Null value check in vectorString of Github Scan (Credit @L3m0nb4tt3ry) (#6879)

* Update test-helm-chart.yml

* SonarQube API Importer: Supprt for SonarCloud and Multi Branch Scanning (#6880)

* SonarQube API Importer: Supprt for SonarCloud and Multi Branch Scanning

* Correct the removed find project capability

* Update versions in application files

* Update versions in application files

* Bump google-auth from 2.11.0 to 2.11.1 (#6863)

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.11.0 to 2.11.1.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.11.0...v2.11.1)

---
updated-dependencies:
- dependency-name: google-auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update dependency autoprefixer from 10.4.11 to v10.4.12 (docs/package.json) (#6868)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump djangosaml2 from 1.5.2 to 1.5.3 (#6877)

Bumps [djangosaml2](https://github.com/IdentityPython/djangosaml2) from 1.5.2 to 1.5.3.
- [Release notes](https://github.com/IdentityPython/djangosaml2/releases)
- [Changelog](https://github.com/IdentityPython/djangosaml2/blob/master/CHANGES)
- [Commits](https://github.com/IdentityPython/djangosaml2/compare/v1.5.2...v1.5.3)

---
updated-dependencies:
- dependency-name: djangosaml2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update redis Docker tag from 7.0.4 to v7.0.5 (docker-compose.yml) (#6887)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update celery-beat-deployment.yaml

* Update celery-worker-deployment.yaml

* Update django-deployment.yaml

* Bump drf-spectacular from 0.24.0 to 0.24.2 (#6909)

Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.24.0 to 0.24.2.
- [Release notes](https://github.com/tfranzel/drf-spectacular/releases)
- [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.24.0...0.24.2)

---
updated-dependencies:
- dependency-name: drf-spectacular
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump drf-yasg from 1.21.3 to 1.21.4 (#6908)

Bumps [drf-yasg](https://github.com/axnsan12/drf-yasg) from 1.21.3 to 1.21.4.
- [Release notes](https://github.com/axnsan12/drf-yasg/releases)
- [Changelog](https://github.com/axnsan12/drf-yasg/blob/1.21.4/docs/changelog.rst)
- [Commits](https://github.com/axnsan12/drf-yasg/compare/1.21.3...1.21.4)

---
updated-dependencies:
- dependency-name: drf-yasg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update rabbitmq Docker tag from 3.10.7 to v3.11.0 (docker-compose.yml) (#6905)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency postcss-cli from 9.1.0 to v10 (docs/package.json) (#6903)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump django-debug-toolbar from 3.6.0 to 3.7.0 (#6900)

Bumps [django-debug-toolbar](https://github.com/jazzband/django-debug-toolbar) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/jazzband/django-debug-toolbar/releases)
- [Changelog](https://github.com/jazzband/django-debug-toolbar/blob/main/docs/changes.rst)
- [Commits](https://github.com/jazzband/django-debug-toolbar/compare/3.6...3.7)

---
updated-dependencies:
- dependency-name: django-debug-toolbar
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump humanize from 4.3.0 to 4.4.0 (#6884)

Bumps [humanize](https://github.com/python-humanize/humanize) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/python-humanize/humanize/releases)
- [Commits](https://github.com/python-humanize/humanize/compare/4.3.0...4.4.0)

---
updated-dependencies:
- dependency-name: humanize
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump easymde from 2.16.1 to 2.18.0 in /components (#6872)

Bumps [easymde](https://github.com/Ionaru/easy-markdown-editor) from 2.16.1 to 2.18.0.
- [Release notes](https://github.com/Ionaru/easy-markdown-editor/releases)
- [Changelog](https://github.com/Ionaru/easy-markdown-editor/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Ionaru/easy-markdown-editor/compare/2.16.1...2.18.0)

---
updated-dependencies:
- dependency-name: easymde
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update stefanzweifel/git-auto-commit-action action from v4.14.1 to v4.15.0 (.github/workflows/release-3-master-into-dev.yml) (#6895)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update mysql:5.7.39 Docker digest from 5.7.39 to v (docker-compose.yml) (#6902)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump google-api-python-client from 2.60.0 to 2.63.0 (#6910)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.60.0 to 2.63.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.60.0...v2.63.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump djangorestframework from 3.13.1 to 3.14.0 (#6883)

Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.13.1 to 3.14.0.
- [Release notes](https://github.com/encode/django-rest-framework/releases)
- [Commits](https://github.com/encode/django-rest-framework/compare/3.13.1...3.14.0)

---
updated-dependencies:
- dependency-name: djangorestframework
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Mitigate Veracode SourceClear findings with "Fixed" status (#6876)

* Added parser for new report format of AnchoreCTL (Anchore Enterprise Engine's new CLI Tool) (#6874)

* Added parser for anchore engine reports exported with AnchoreCTL

* Added parser for policy results from anchoreCTL, renamed vuln parser

* Adjusted name of class to avoid conflicts

* Corrected wrong key

* Adjusted syntax errors

* Added unit tests, fixed unit tests

* Removed explicit platform definition in docker-compose

* Corrected dedup settings

* Removed author info

* Fixing broken report generation when more than one item is selected (#6906)

* Fix error when promoting stub finding to JIRA (#6898)

* Fix improper reactivation in reimporter, using is_mitigated (#6885)

* Fix improper reactivation in reimporter, using is_mitigated

https://github.com/DefectDojo/django-DefectDojo/pull/6452

* Update reimporter.py

* Fix accepted by name (#6867)

* Update view_risk_acceptance.html

Remove get_full_name from accepted_by as it's free text not a user

* Update view_eng.html

Remove get_full_name from accepted_by as it's free text not a user

* Fix url creation for github for file location (#6888)

* [FIX] JQuery Error on Edit Finding (#6619)

* Bug Fix (JQuery Error)

When editing a finding, a click on the "See Alerts" button at the right corner of the webpage will cause a JQuery JavaScript Error. Removing JQuery usage and using JS trim instead.

* Update package.json

* Update __init__.py

* Update pipeline.py

* Update Chart.yaml

* Update pipeline.py

* Update views.py

* Update __init__.py

* Update views.py

* Update pipeline.py

* Update pipeline.py

* tools: NeuVector: introducing NeuVector (REST) scan type (#6809)

This commit adds the support of NeuVector
(https://github.com/neuvector/neuvector) tool for importing scan
results. Scan results can be exported via REST API in JSON format (that
is why the tool is named 'NeuVector (REST)'). There is no GUI for that
at the moment.

Scan results are just a list of issues found in packages installed in
a container or an image. Very similar to Twistlock.

NeuVector also provides compliance scan results. This is not supported
by the introduced tool.

* Bump django-dbbackup from 4.0.1 to 4.0.2 (#6911)

Bumps [django-dbbackup](https://github.com/jazzband/django-dbbackup) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/jazzband/django-dbbackup/releases)
- [Changelog](https://github.com/jazzband/django-dbbackup/blob/master/docs/changelog.rst)
- [Commits](https://github.com/jazzband/django-dbbackup/commits/4.0.2)

---
updated-dependencies:
- dependency-name: django-dbbackup
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump django-split-settings from 1.1.0 to 1.2.0 (#6914)

Bumps [django-split-settings](https://github.com/sponsors/wemake-services) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/sponsors/wemake-services/releases)
- [Commits](https://github.com/sponsors/wemake-services/commits)

---
updated-dependencies:
- dependency-name: django-split-settings
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump google-auth from 2.11.1 to 2.12.0 (#6913)

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.11.1 to 2.12.0.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.11.1...v2.12.0)

---
updated-dependencies:
- dependency-name: google-auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update helm/chart-testing-action action from v2.3.0 to v2.3.1 (.github/workflows/test-helm-chart.yml) (#6915)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Estimated remediation date (#6302)

* initial commit for branch

* added bulk edit

* code complete (I hope). Committing before adding tests

* additional work to allow users to edit/add a planned remediation date

* Typo on auto_create_context (#6291)

* removed calendar icons in list view

* pep8 fixes

* pep8 fixes

* pep8 again!

* removed manually created migration file

* auto-generated migration file

* formatting fixes

* pep8 fix

* reran migrations and still getting changes for rule and child_rule

* reran migrations

* formatting changes

* Update forms.py

* updated find method for dom element

* updated adhoc Finding form for bug fix

* removing erroneous selenium config

* updated promot finding form for bug fix

* formatting fix

* PR cleanups

* rebase on latest dev

* pep8 fixes

* formatting fixes

* formatting changes

* updated adhoc Finding form for bug fix

* PR cleanups

* fixed bolded remediation date field

* removed breaks and used CSS

* pep8 fixes

* pep8 fix

* fixing bad migration

* merging latest from dev

* further merge fixes

* css fixes for date picker

* Update docker-compose.override.integration_tests.yml

Co-authored-by: Chris Fort <[email protected]>
Co-authored-by: Bastian Hodapp <[email protected]>
Co-authored-by: Cody Maffucci <[email protected]>

* Bump python-gitlab from 3.9.0 to 3.10.0 (#6912)

Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 3.9.0 to 3.10.0.
- [Release notes](https://github.com/python-gitlab/python-gitlab/releases)
- [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md)
- [Commits](https://github.com/python-gitlab/python-gitlab/compare/v3.9.0...v3.10.0)

---
updated-dependencies:
- dependency-name: python-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add support for specifying custom JIRA fields (#6740)

* Add support for specifying custom JIRA fields

* Update and rename 0169_jira_project_custom_fields.py to 0170_jira_project_custom_fields.py

Co-authored-by: Cody Maffucci <[email protected]>

* Don't create finding JIRAs on a bulk update if we are creating a finding group JIRA (#6709)

* Update dependency postcss from 8.4.16 to v8.4.17 (docs/package.json) (#6923)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Add the ability to set JIRA labels per-product or engagement (#6720)

* Add the ability to set JIRA labels per-product or engagement

* Rename 0169_auto_20220816_1333.py to 0169_jira_labels_per_product_and_engagement.py

* Delete 0170_jira_project_custom_fields.py

* Update and rename 0169_jira_labels_per_product_and_engagement.py to 0171_jira_labels_per_product_and_engagement.py

* Restore deleted migration

* Fix spacing in migration to remove change from dif

Co-authored-by: Cody Maffucci <[email protected]>

* Added filter for existance of JIRA issue in finding (#6919)

* Bump coverage from 6.4.4 to 6.5.0 (#6921)

Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.4.4 to 6.5.0.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/6.4.4...6.5.0)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* changed type to regular django type to also pick up creation events (#6918)

* changed type to regular django type to also pick up creation events from ldap and oauth

* removed unused import

* this event should be triggered for all user-types

* fixed test to include the now created group/notification relations

* Bugfixing when the Checkov report has no findings (#6097)

* Bugfixing when the Checkov report has no findings

# Current error log:
[29/Mar/2022 11:55:54] ERROR [dojo.api_v2.exception_handler:26] 'check_type'
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch
    response = handler(request, *args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/rest_framework/mixins.py", line 19, in create
    self.perform_create(serializer)
  File "/app/./dojo/api_v2/views.py", line 1957, in perform_create
    serializer.save(push_to_jira=push_to_jira)
  File "/app/./dojo/api_v2/serializers.py", line 1246, in save
    test, finding_count, closed_finding_count = importer.import_scan(scan, scan_type, engagement, lead, environment,
  File "/app/./dojo/importers/importer/importer.py", line 349, in import_scan
    parsed_findings = parser.get_findings(scan, test)
  File "/app/./dojo/tools/checkov/parser.py", line 22, in get_findings
    check_type = tree['check_type']
KeyError: 'check_type'
[29/Mar/2022 11:55:54] ERROR [django.request:224] Internal Server Error: /api/v2/import-scan/
ERROR:django.request:Internal Server Error: /api/v2/import-scan/
[pid: 1|app: 0|req: 2020/4117] 10.6.33.147 () {44 vars in 738 bytes} [Tue Mar 29 11:55:54 2022] POST /api/v2/import-scan/ => generated 59 bytes in 54 msecs (HTTP/1.1 500) 7 headers in 212 bytes (1 switches on core 1)

* Fix to make the previous fix shorter.

Co-authored-by: Daniel Velardez <[email protected]>

* added option to add labels using podLabels: {}

* Bump django from 3.2.15 to 3.2.16 (#6938)

Bumps [django](https://github.com/django/django) from 3.2.15 to 3.2.16.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/3.2.15...3.2.16)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* SonarQube API Importer: Add sonarcloud global org id, code clean up (#6928)

* SonarQube API Importer: Add sonarcloud global org id, code clean up

* Fix Flake8

* Add clause for non entered extras

* Jira Webhook: Catch missing assignee field + code cleanup (#6929)

* Add validation error when users attempt to send email without valid SMTP server (#6930)

* Add validation error when users attempt send email without valid SMTP server

* Be sure to close connection after opening it

* Update views.py

* TruffleHog: Add v3 support to original trufflehog parser (#6937)

* TruffleHog: Add v3 support to originaly trufflehog parser

* Remove extra printing

* Flake8

* Update versions in application files

* Add upgrade notes for 2.15.0

* Update versions in application files

* Make doc update action only apply when docs are updated

* Rev node version for gh-pages deploy

* Update rabbitmq:3.11.0-alpine Docker digest from 3.11.0 to 3.11.0-alpine (docker-compose.yml) (#6936)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump pytz from 2022.2.1 to 2022.4 (#6934)

Bumps [pytz](https://github.com/stub42/pytz) from 2022.2.1 to 2022.4.
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](https://github.com/stub42/pytz/commits)

---
updated-dependencies:
- dependency-name: pytz
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Make version optional for cyclonedx (#6950)

* Update tj-actions/changed-files action from v31 to v32 (.github/workflows/submodule-update.yml) (#6949)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump google-api-python-client from 2.63.0 to 2.64.0 (#6946)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.63.0 to 2.64.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.63.0...v2.64.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Parse state, cwe and createdAt in the GitHub parser (#6945)

* Update styfle/cancel-workflow-action action from 0.10.0 to v0.10.1 (.github/workflows/cancel-outdated-workflow-runs.yml) (#6927)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update redis:7.0.5-alpine Docker digest from 7.0.5 to 7.0.5-alpine (docker-compose.yml) (#6953)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Rev actions to latest ubuntu version per https://github.com/actions/runner-images/issues/6002 (#6931)

* Helm Chart: Create PVC as part of the Chart (#6271)

* Create PVC as part of the Chart

* Allow creating pvc or disabling it

* Set pvc creation to false as default

* Remove trailing spaces

* Modify storage access mode and size

* Update KUBERNETES.md to reflect storage accessMode

* Fix linting issue

* Modify pvc documentation in KUBERNETES.md

* Bump psycopg2-binary from 2.9.3 to 2.9.4 (#6958)

Bumps [psycopg2-binary](https://github.com/psycopg/psycopg2) from 2.9.3 to 2.9.4.
- [Release notes](https://github.com/psycopg/psycopg2/releases)
- [Changelog](https://github.com/psycopg/psycopg2/blob/master/NEWS)
- [Commits](https://github.com/psycopg/psycopg2/commits)

---
updated-dependencies:
- dependency-name: psycopg2-binary
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump gitpython from 3.1.27 to 3.1.28 (#6957)

Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.27 to 3.1.28.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.27...3.1.28)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [Fix] API - Tool Product Settings (#6170) (#6904)

* Made the product editable on Tool_Product_Settings

* Reverted the model change and modified the Tool_Product_Settings serializer to support specifying the product.

* dojo: tool: introduce NeuVector compliance scans import support (#6947)

This commit makes DefectDojo to support compliance scans performed by
NeuVector. Such scan results can only be fetched via REST API using
endpoints like /v1/scan/workload/{id} and /v1/host/{id}/compliance. The
latter one returns the results in a slightly different format. Both of
them are supported.

* Bump nginx from `082f8c1` to `b87c350` (#6961)

Bumps nginx from `082f8c1` to `b87c350`.

---
updated-dependencies:
- dependency-name: nginx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pdfmake from 0.2.5 to 0.2.6 in /components (#6960)

Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.2.5 to 0.2.6.
- [Release notes](https://github.com/bpampuch/pdfmake/releases)
- [Changelog](https://github.com/bpampuch/pdfmake/blob/0.2.6/CHANGELOG.md)
- [Commits](https://github.com/bpampuch/pdfmake/compare/0.2.5...0.2.6)

---
updated-dependencies:
- dependency-name: pdfmake
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* dojo: jira_link: improve error reporting when fetching Jira metadata (#6962)

get_jira_meta() function in did not check if jira.createmeta() raises an
exception. In case an exception was raised, it was not logged anyhow, the logs
contained only "invalid JIRA Project Config.." message in DEBUG stream.

This commit stores an error triggered by jira.createmeata() in logs and displays
it to a user. The commit also slightly improves quotes formatting for
debug-level error message.

* Add the ability to specify the Epic name and priority in JIRA (#6768)

* Update stefanzweifel/git-auto-commit-action action from v4.15.0 to v4.15.1 (.github/workflows/release-3-master-into-dev.yml) (#6964)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Use DEDUPE_ALGO_HASH_CODE for Acunetix360 (#6968)

* Update mysql Docker tag from 5.7.39 to v5.7.40 (docker-compose.yml) (#6969)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update versions in application files

* Fixed 500 error for GitHub finding links (#6981)

* Typo on auto_create_context (#6291)

* Fixed 500 error for GitHub finding links

Co-authored-by: Bastian Hodapp <[email protected]>

* Update versions in application files

* Add Rubocop to parser documentation (#6978)

* Update styfle/cancel-workflow-action action from 0.10.1 to v0.11.0 (.github/workflows/cancel-outdated-workflow-runs.yml) (#6977)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update dependency postcss from 8.4.17 to v8.4.18 (docs/package.json) (#6979)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump cryptography from 38.0.1 to 38.0.2 (#6976)

Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.1 to 38.0.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/38.0.1...38.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pygithub from 1.55 to 1.56 (#6986)

Bumps [pygithub](https://github.com/pygithub/pygithub) from 1.55 to 1.56.
- [Release notes](https://github.com/pygithub/pygithub/releases)
- [Changelog](https://github.com/PyGithub/PyGithub/blob/master/doc/changes.rst)
- [Commits](https://github.com/pygithub/pygithub/compare/v1.55...v1.56)

---
updated-dependencies:
- dependency-name: pygithub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update postgres:14.5-alpine Docker digest from 14.5 to 14.5-alpine (docker-compose.yml) (#6952)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Fix errors with risk acceptance filter (#6984)

* Fix issues with Bugcrowd API parser not marking not_applicable/not_reproducible as inactive (#6974)

* Update rabbitmq:3.11.0-alpine Docker digest from 3.11.0 to v (docker-compose.yml) (#6988)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update rabbitmq Docker tag from 3.11.0 to v3.11.1 (docker-compose.yml) (#6989)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump packageurl-python from 0.10.3 to 0.10.4 (#6997)

Bumps [packageurl-python](https://github.com/package-url/packageurl-python) from 0.10.3 to 0.10.4.
- [Release notes](https://github.com/package-url/packageurl-python/releases)
- [Changelog](https://github.com/package-url/packageurl-python/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/package-url/packageurl-python/compare/v0.10.3...v0.10.4)

---
updated-dependencies:
- dependency-name: packageurl-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump sqlalchemy from 1.4.41 to 1.4.42 (#6996)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.41 to 1.4.42.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

---
updated-dependencies:
- dependency-name: sqlalchemy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update rabbitmq:3.11.1-alpine Docker digest from 3.11.1 to 3.11.1-alpine (docker-compose.yml) (#6993)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update release-drafter/release-drafter action from v5.21.0 to v5.21.1 (.github/workflows/release-drafter.yml) (#7000)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Parse Veracode library_id for SCA to get the maven component name (#6995)

* Enable filtering Findings on steps_to_reproduce (#6970)

* Bump python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye (#6998)

Bumps python from 3.8.14-slim-bullseye to 3.8.15-slim-bullseye.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update asset and findings retrieval for Cobalt API parser (#7005)

Update the Cobalt API parser's `CobaltAPI` client to fetch the maximum
allowed number of findings and assets.

* Update tj-actions/changed-files action from v32 to v33 (.github/workflows/submodule-update.yml) (#7014)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update rabbitmq Docker tag from 3.11.1 to v3.11.2 (docker-compose.yml) (#7008)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* [FIX] Issues on disconnection and connection using Social Auth (#6066)

* [FIX] Issues on disconnection and connection using OAuth

Fix two issues:
    - When disconnecting using OAuth and "SHOW_LOGIN_FORM = False", as return URL is not /login and does not contains next parameter, an error 500 is trigerred.
    - When connecing using OAuth and "SHOW_LOGIN_FORM = False", message "You have logged out" is displayed after logging in.

* Fixing Flake8 issues

* Update package.json

* Update __init__.py

* Update views.py

* Update pipeline.py

* Update Chart.yaml

* Update __init__.py

* Update views.py

* Update pipeline.py

* Update pipeline.py

* Update pipeline.py

* Fix out of SLA time (#7017)

* Add a HTML link in the references back to the Bugcrowd finding (#7018)

* Bump boto3 from 1.24.55 to 1.25.0 (#7022)

Bumps [boto3](https://github.com/boto/boto3) from 1.24.55 to 1.25.0.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.24.55...1.25.0)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update tj-actions/changed-files action from v33 to v34 (.github/workflows/submodule-update.yml) (#7026)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update gcr.io/cloudsql-docker/gce-proxy Docker tag from 1.32.0 to v1.33.0 (helm/defectdojo/values.yaml) (#7025)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump uwsgi from 2.0.20 to 2.0.21 (#7023)

Bumps [uwsgi](https://github.com/unbit/uwsgi-docs) from 2.0.20 to 2.0.21.
- [Release notes](https://github.com/unbit/uwsgi-docs/releases)
- [Commits](https://github.com/unbit/uwsgi-docs/commits)

---
updated-dependencies:
- dependency-name: uwsgi
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update postgres:14.5-alpine Docker digest from 14.5 to v (docker-compose.yml) (#7024)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump google-auth-oauthlib from 0.5.3 to 0.6.0 (#7021)

Bumps [google-auth-oauthlib](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib) from 0.5.3 to 0.6.0.
- [Release notes](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python-oauthlib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/GoogleCloudPlatform/google-auth-library-python-oauthlib/compare/v0.5.3...v0.6.0)

---
updated-dependencies:
- dependency-name: google-auth-oauthlib
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update rabbitmq:3.11.2-alpine Docker digest from 3.11.2 to 3.11.2-alpine (docker-compose.yml) (#7020)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump nginx from 1.23.1-alpine to 1.23.2-alpine (#7019)

Bumps nginx from 1.23.1-alpine to 1.23.2-alpine.

---
updated-dependencies:
- dependency-name: nginx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update stefanzweifel/git-auto-commit-action action from v4.15.1 to v4.15.2 (.github/workflows/release-3-master-into-dev.yml) (#7016)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Add support for ZAP "XML with requests and responses" format (#7013)

* Support ZAP XML with requests and responses

Signed-off-by: Max Maass <[email protected]>

* Update ZAP parser with final XMLplus format

Signed-off-by: Max Maass <[email protected]>

* Update ZAP parser docs

Signed-off-by: Max Maass <[email protected]>

Signed-off-by: Max Maass <[email protected]>

* Bump pyjwt from 2.5.0 to 2.6.0 (#7010)

Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases)
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/jpadilla/pyjwt/commits)

---
updated-dependencies:
- dependency-name: pyjwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update mysql:5.7.40 Docker digest from 5.7.40 to v (docker-compose.yml) (#7007)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump pytz from 2022.4 to 2022.5 (#7003)

Bumps [pytz](https://github.com/stub42/pytz) from 2022.4 to 2022.5.
- [Release notes](https://github.com/stub42/pytz/releases)
- [Commits](https://github.com/stub42/pytz/compare/release_2022.4...release_2022.5)

---
updated-dependencies:
- dependency-name: pytz
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Don't save vulnerability Ids on a re-import if they're already defined for the finding (#7012)

* Bump gitpython from 3.1.28 to 3.1.29 (#6966)

Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.28 to 3.1.29.
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.28...3.1.29)

---
updated-dependencies:
- dependency-name: gitpython
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add the ability to only create finding groups when you have more than one finding in the group (#6916)

* Bump google-auth from 2.12.0 to 2.13.0 (#7004)

Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.12.0 to 2.13.0.
- [Release notes](https://github.com/googleapis/google-auth-library-python/releases)
- [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-auth-library-python/compare/v2.12.0...v2.13.0)

---
updated-dependencies:
- dependency-name: google-auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update postgres Docker tag from 14.5 to v15 (docker-compose.yml) (#6994)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Bump google-api-python-client from 2.64.0 to 2.65.0 (#7006)

Bumps [google-api-python-client](https://github.com/googleapis/google-api-python-client) from 2.64.0 to 2.65.0.
- [Release notes](https://github.com/googleapis/google-api-python-client/releases)
- [Changelog](https://github.com/googleapis/google-api-python-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-api-python-client/compare/v2.64.0...v2.65.0)

---
updated-dependencies:
- dependency-name: google-api-python-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Endpoint_Status: Optimize DB (remove redundancy) (#6193)

* Endpoint_Status: Optimize DB (remove redundancy)

* small changes in comments

* Fix importers, add TODOs

* Fix migrations - rebase

* Fix fixtures

* add findings to Endpoint

* consolidate models.py

* fix alternative names for endpoint_status

diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py
index 592b6bb16..83c5fc5bc 100644
--- a/dojo/api_v2/views.py
+++ b/dojo/api_v2/views.py
@@ -507,7 +507,7 @@ class FindingViewSet(prefetch.PrefetchListMixin,
                                                     'finding_group_set',
                                                     'files',
                                                     'burprawrequestresponse_set',
-                                                    'endpoint_status',
+                                                    'status_finding',
                                                     'finding_meta',
                                                     'test__test_type',
                                                     'test__engagement',
@@ -1757,7 +1757,7 @@ class TestImportViewSet(prefetch.PrefetchListMixin,
                                         'test_import_finding_action_set',
                                         'findings_affected',
                                         'findings_affected__endpoints',
-                                        'findings_affected__endpoint_status',
+                                        'findings_affected__status_finding',
                                         'findings_affected__finding_meta',
                                         'findings_affected__jira_issue',
                                         'findings_affected__burprawrequestresponse_set',
diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py
index 4bfb0805e..dd239751a 100644
--- a/dojo/endpoint/views.py
+++ b/dojo/endpoint/views.py
@@ -32,10 +32,17 @@ logger = logging.getLogger(__name__)
 def process_endpoints_view(request, host_view=False, vulnerable=False):

     if vulnerable:
-        endpoints = Endpoint.objects.filter(finding__active=True, finding__verified=True, finding__fals…

.flake8

@@ -25,6 +25,8 @@ ignore =
     E128
     # line break after binary operator
     W504
+    # Line break occurred before a binary operator (conflicting with black)
+    W503
     # undefined file name excpetion
     F821
 

.github/PULL_REQUEST_TEMPLATE/pull_request_template.md

@@ -1,7 +1,7 @@
 **Description**
 
 Describe the feature / bug fix implemented by this PR.
-If this is a new parser, [the parser guide](https://defectdojo.github.io/django-DefectDojo/contributing/how-to-write-a-parser/) may be worth (re)reading.
+If this is a new parser, [the parser guide](https://documentation.defectdojo.com/contributing/how-to-write-a-parser/) may be worth (re)reading.
 
 **Test results**
 

.github/release-drafter.yml

@@ -45,7 +45,7 @@ exclude-labels:
   - 'skip-changelog'      
 change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
 template: |
-  Please consult the [Upgrade notes in the documentation ](https://defectdojo.github.io/django-DefectDojo/getting_started/upgrading/) for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
+  Please consult the [Upgrade notes in the documentation ](https://documentation.defectdojo.com/getting_started/upgrading/) for specific instructions for this release, and general upgrade instructions. Below is an automatically generated list of all PRs merged since the previous release.
   
   ## Changes since $PREVIOUS_TAG
   $CHANGES

.github/workflows/cancel-outdated-workflow-runs.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 3
     steps:
-      - uses: styfle/cancel-workflow-action@0.10.0
+      - uses: styfle/cancel-workflow-action@0.11.0
         with:
           workflow_id: 'integration-tests.yml,k8s-testing.yml,unit-tests.yml'
           access_token: ${{ github.token }}

.github/workflows/gh-pages.yml

@@ -11,7 +11,7 @@ on:
 # Both builds have to be one worflow as otherwise one publish will overwrite the other
 jobs:
   deploy:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
       - name: Setup Hugo
         uses: peaceiris/actions-hugo@v2
@@ -22,7 +22,7 @@ jobs:
       - name: Setup Node
         uses: actions/setup-node@v3
         with:
-          node-version: '12.x'
+          node-version: '16.x'
 
       - name: Cache dependencies
         uses: actions/cache@v3

.github/workflows/k8s-testing.yml

@@ -110,7 +110,7 @@ jobs:
   setting_minikube_cluster:
     name: Kubernetes Deployment
 
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
 
     needs: build
 
@@ -146,7 +146,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Setup Minikube
-        uses: manusa/actions-setup-minikube@v2.6.1
+        uses: manusa/actions-setup-minikube@v2.7.1
         with:
           minikube version: 'v1.24.0'
           kubernetes version: ${{ matrix.k8s }}

.github/workflows/plantuml.yml

@@ -33,7 +33,7 @@ jobs:
         with:
           args: -v -tpng ${{ steps.getfile.outputs.files }}
       - name: Push Local Changes
-        uses: stefanzweifel/git-auto-commit-action@v4.14.1
+        uses: stefanzweifel/git-auto-commit-action@v4.15.3
         with:
           commit_user_name: "PlantUML_bot"
           commit_user_email: "[email protected]"

.github/workflows/release-1-create-pr.yml

@@ -54,10 +54,10 @@ jobs:
               sed -e "s/\-dev//" -i helm/defectdojo/Chart.yaml
           else
               echo "x.y.z without -dev found in Chart.yaml, probably releasing a new bug fix version"
-              CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml)
+              CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1)
               NEW_CHART_VERSION=$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')
               echo "bumping the chart version from $CURRENT_CHART_VERSION to $NEW_CHART_VERSION"
-              sed -ri "s/version: \S+/$NEW_CHART_VERSION/" helm/defectdojo/Chart.yaml
+              sed -ri "0,/version/s/version: \S+/$NEW_CHART_VERSION/" helm/defectdojo/Chart.yaml
           fi
 
       - name: Check version numbers
@@ -68,7 +68,7 @@ jobs:
           grep -H version helm/defectdojo/Chart.yaml
 
       - name: Push version changes
-        uses: stefanzweifel/git-auto-commit-action@v4.14.1
+        uses: stefanzweifel/git-auto-commit-action@v4.15.3
         with:
           commit_user_name: "${{ env.GIT_USERNAME }}"
           commit_user_email: "${{ env.GIT_EMAIL }}"

.github/workflows/release-3-master-into-dev.yml

@@ -41,15 +41,15 @@ jobs:
           sed -ri "s/__version__ = '.*'/__version__ = '${{ github.event.inputs.release_number_dev }}'/" dojo/__init__.py
           sed -ri "s/appVersion: \".*\"/appVersion: \"${{ github.event.inputs.release_number_dev }}\"/" helm/defectdojo/Chart.yaml
           sed -ri "s/\"version\": \".*\"/\"version\": \"${{ github.event.inputs.release_number_dev }}\"/" components/package.json
-          CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml)
-          sed -ri "s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml
+          CURRENT_CHART_VERSION=$(grep -oP 'version: (\K\S*)?' helm/defectdojo/Chart.yaml | head -1)
+          sed -ri "0,/version/s/version: \S+/$(echo "version: $CURRENT_CHART_VERSION" | awk -F. -v OFS=. 'NF==1{print ++$NF}; NF>1{$NF=sprintf("%0*d", length($NF), ($NF+1)); print}')-dev/" helm/defectdojo/Chart.yaml
       - name: Check numbers
         run: |
           grep version dojo/__init__.py
           grep appVersion helm/defectdojo/Chart.yaml
           grep version components/package.json
       - name: Push version changes
-        uses: stefanzweifel/git-auto-commit-action@v4.14.1
+        uses: stefanzweifel/git-auto-commit-action@v4.15.3
         with:
           commit_user_name: "${{ env.GIT_USERNAME }}"
           commit_user_email: "${{ env.GIT_EMAIL }}"

.github/workflows/release-drafter.yml

@@ -19,7 +19,7 @@ jobs:
   update_release_draft:
     runs-on: ubuntu-latest
     steps:
-      - uses: release-drafter/release-drafter@v5.20.0
+      - uses: release-drafter/release-drafter@v5.21.1
         with:
           version: ${{github.event.inputs.version}}  
         env:

.github/workflows/submodule-update.yml

@@ -24,7 +24,7 @@ jobs:
           fi
     
       - name: Checkout DefectDojo from dev 
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         if: steps.branch-target.outputs.branch == 'dev'
         with:
           ref: dev
@@ -41,7 +41,7 @@ jobs:
           owner: ${{ env.OWNER }}
 
       - name: Checkout DefectDojo from master 
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         if: steps.branch-target.outputs.branch == 'master'
         with:
           ref: master

.github/workflows/test-helm-chart.yml

@@ -35,7 +35,7 @@ jobs:
              helm dependency update ./helm/defectdojo
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.2.1
+        uses: helm/chart-testing-action@v2.3.1
 
       - name: Determine target branch
         id: ct-branch-target
@@ -57,7 +57,7 @@ jobs:
       # run all checks but version increment always when something changed
       - name: Run chart-testing (lint)
         run: ct lint --config ct.yaml --target-branch ${{ steps.ct-branch-target.outputs.ct-branch }} --check-version-increment=false
-        if: steps.list-changed.outputs.changed == 'true'
+        if: ${{ steps.list-changed.outputs.changed == 'true' && steps.ct-branch-target.outputs.ct-branch == 'dev' }}
 
       # run version check only if not dev as in dev we have a `x.y.z-dev` version
       # x.y.z gets bumped automatically when doing a release

Dockerfile.django

@@ -5,7 +5,7 @@
 # Dockerfile.nginx to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.8.13-slim-bullseye@sha256:0e07cc072353e6b10de910d8acffa020a42467112ae6610aa90d6a3c56a74911 as base
+FROM python:3.8.15-slim-bullseye@sha256:16c6f3c044b248c69bd1e20d4c0b04af6b3f16ef8a7e0fb5ff9f527f30180289 as base
 FROM base as build
 WORKDIR /app
 RUN \
@@ -20,6 +20,8 @@ RUN \
     xmlsec1 \
     git \
     uuid-runtime \
+    # libcurl4-openssl-dev is required for installing pycurl python package
+    libcurl4-openssl-dev \
     && \
   apt-get clean && \
   rm -rf /var/lib/apt/lists && \
@@ -52,13 +54,16 @@ RUN \
     uuid-runtime \
     # only required for the dbshell (used by the initializer job)
     postgresql-client \
+    # libcurl4-openssl-dev is required for installing pycurl python package
+    libcurl4-openssl-dev \
     && \
   apt-get clean && \
   rm -rf /var/lib/apt/lists && \
   true
 COPY --from=build /tmp/wheels /tmp/wheels
 COPY requirements.txt ./
-RUN pip3 install \
+RUN export PYCURL_SSL_LIBRARY=openssl && \
+    pip3 install \
 	--no-cache-dir \
 	--no-index \
   --find-links=/tmp/wheels \

Dockerfile.integration-tests

@@ -1,7 +1,7 @@
 
 # code: language=Dockerfile
 
-FROM python:3.8.13-slim-bullseye@sha256:0e07cc072353e6b10de910d8acffa020a42467112ae6610aa90d6a3c56a74911 as build
+FROM python:3.8.15-slim-bullseye@sha256:16c6f3c044b248c69bd1e20d4c0b04af6b3f16ef8a7e0fb5ff9f527f30180289 as build
 WORKDIR /app
 RUN \
   apt-get -y update && \

Dockerfile.nginx

@@ -5,7 +5,7 @@
 # Dockerfile.django to use the caching mechanism of Docker.
 
 # Ref: https://devguide.python.org/#branchstatus
-FROM python:3.8.13-slim-bullseye@sha256:0e07cc072353e6b10de910d8acffa020a42467112ae6610aa90d6a3c56a74911 as base
+FROM python:3.8.15-slim-bullseye@sha256:16c6f3c044b248c69bd1e20d4c0b04af6b3f16ef8a7e0fb5ff9f527f30180289 as base
 FROM base as build
 WORKDIR /app
 RUN \
@@ -20,6 +20,8 @@ RUN \
     xmlsec1 \
     git \
     uuid-runtime \
+    # libcurl4-openssl-dev is required for installing pycurl python package
+    libcurl4-openssl-dev \
     && \
   apt-get clean && \
   rm -rf /var/lib/apt/lists && \
@@ -72,7 +74,7 @@ COPY dojo/ ./dojo/
 
 RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true
 
-FROM nginx:1.23.1-alpine@sha256:87fb6f4040ffd52dd616f360b8520ed4482930ea75417182ad3f76c4aaadf24f
+FROM nginx:1.23.2-alpine@sha256:2452715dd322b3273419652b7721b64aa60305f606ef7a674ae28b6f12d155a3
 ARG uid=1001
 ARG appuser=defectdojo
 COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/

README.md

@@ -39,11 +39,11 @@ Navigate to <http://localhost:8080>.
 
 ## Documentation
 
-- [Official Docs](https://defectdojo.github.io/django-DefectDojo/) ([latest](https://defectdojo.github.io/django-DefectDojo/) | [dev](https://defectdojo.github.io/django-DefectDojo/dev))
-- [REST APIs](https://defectdojo.github.io/django-DefectDojo/integrations/api-v2-docs/)
-- [Client APIs and Wrappers](https://defectdojo.github.io/django-DefectDojo/integrations/api-v2-docs/#clients--api-wrappers)
+- [Official Docs](https://documentation.defectdojo.com/) ([latest](https://documentation.defectdojo.com/) | [dev](https://documentation.defectdojo.com/dev))
+- [REST APIs](https://documentation.defectdojo.com/integrations/api-v2-docs/)
+- [Client APIs and Wrappers](https://documentation.defectdojo.com/integrations/api-v2-docs/#clients--api-wrappers)
 - [Authentication Options](readme-docs/AVAILABLE-PLUGINS.md)
-- [Parsers](https://defectdojo.github.io/django-DefectDojo/integrations/parsers/)
+- [Parsers](https://documentation.defectdojo.com/integrations/parsers/)
 
 ## Supported Installation Options
 

components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "defectdojo",
-  "version": "2.13.1",
+  "version": "2.16.1",
   "license" : "BSD-3-Clause",
   "private": true,
   "dependencies": {
@@ -21,23 +21,23 @@
     "datatables.net-dt": "^1.12.1",
     "drmonty-datatables-plugins": "^1.0.0",
     "drmonty-datatables-responsive": "^1.0.0",
-    "easymde": "^2.16.1",
+    "easymde": "^2.18.0",
     "flot": "flot/flot#~0.8.3",
     "flot-axis": "markrcote/flot-axislabels#*",
     "font-awesome": "^4.0.0",
     "fullcalendar": "^3.10.2",
     "google-code-prettify": "^1.0.0",
-    "jquery": "^3.6.0",
+    "jquery": "^3.6.1",
     "jquery-highlight": "3.5.0",
     "jquery.cookie": "1.4.1",
     "jquery.flot.tooltip": "^0.9.0",
     "jquery.hotkeys": "jeresig/jquery.hotkeys#master",
-    "jszip": "^3.10.0",
+    "jszip": "^3.10.1",
     "justgage": "^1.5.1",
     "metismenu": "~3.0.7",
     "moment": "^2.29.4",
     "morris.js": "morrisjs/morris.js",
-    "pdfmake": "^0.2.5",
+    "pdfmake": "^0.2.6",
     "startbootstrap-sb-admin-2": "1.0.7"
   },
   "engines": {

components/yarn.lock

@@ -54,10 +54,10 @@
   resolved "https://registry.yarnpkg.com/@types/estree/-/estree-0.0.47.tgz#d7a51db20f0650efec24cd04994f523d93172ed4"
   integrity sha512-c5ciR06jK8u9BstrmJyO97m+klJrrhCf9u3rLu3DEAJBirxRqSCvDQoYKmxuYwQI5SZChAWu+tq9oVlGRuzPAg==
 
-"@types/marked@^4.0.1":
-  version "4.0.1"
-  resolved "https://registry.yarnpkg.com/@types/marked/-/marked-4.0.1.tgz#d588a7bbc4d6551c5e75249bc106ffda96ae33c5"
-  integrity sha512-ZigEmCWdNUU7IjZEuQ/iaimYdDHWHfTe3kg8ORfKjyGYd9RWumPoOJRQXB0bO+XLkNwzCthW3wUIQtANaEZ1ag==
+"@types/marked@^4.0.7":
+  version "4.0.7"
+  resolved "https://registry.yarnpkg.com/@types/marked/-/marked-4.0.7.tgz#400a76809fd08c2bbd9e25f3be06ea38c8e0a1d3"
+  integrity sha512-eEAhnz21CwvKVW+YvRvcTuFKNU9CV1qH+opcgVK3pIMI6YZzDm6gc8o2vHjldFk6MGKt5pueSB7IOpvpx5Qekw==
 
 "@types/tern@*":
   version "0.23.3"
@@ -381,16 +381,16 @@ duplexer2@~0.1.4:
   dependencies:
     readable-stream "^2.0.2"
 
-easymde@^2.16.1:
-  version "2.16.1"
-  resolved "https://registry.yarnpkg.com/easymde/-/easymde-2.16.1.tgz#f4c2380312615cb33826f1a1fecfaa4022ff551a"
-  integrity sha512-FihYgjRsKfhGNk89SHSqxKLC4aJ1kfybPWW6iAmtb5GnXu+tnFPSzSaGBmk1RRlCuhFSjhF0SnIMGVPjEzkr6g==
+easymde@^2.18.0:
+  version "2.18.0"
+  resolved "https://registry.yarnpkg.com/easymde/-/easymde-2.18.0.tgz#ff1397d07329b1a7b9187d2d0c20766fa16b3b1b"
+  integrity sha512-IxVVUxNWIoXLeqtBU4BLc+eS/ScYhT1Dcb6yF5Wchoj1iXAV+TIIDWx+NCaZhY7RcSHqDPKllbYq7nwGKILnoA==
   dependencies:
     "@types/codemirror" "^5.60.4"
-    "@types/marked" "^4.0.1"
+    "@types/marked" "^4.0.7"
     codemirror "^5.63.1"
     codemirror-spell-checker "1.1.2"
-    marked "^4.0.10"
+    marked "^4.1.0"
 
 es-abstract@^1.17.0-next.1, es-abstract@^1.17.5:
   version "1.17.6"
@@ -710,15 +710,15 @@ jquery.hotkeys@jeresig/jquery.hotkeys#master:
   version "0.2.0"
   resolved "https://codeload.github.com/jeresig/jquery.hotkeys/tar.gz/f24f1da275aab7881ab501055c256add6f690de4"
 
-"jquery@>= 1.0.0", jquery@>=1.7, jquery@>=1.7.0, jquery@^3.6.0:
-  version "3.6.0"
-  resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.0.tgz#c72a09f15c1bdce142f49dbf1170bdf8adac2470"
-  integrity sha512-JVzAR/AjBvVt2BmYhxRCSYysDsPcssdmTFnzyLEts9qNwmjmu4JTAMYubEfwVOSwpQ1I1sKKFcxhZCI2buerfw==
+"jquery@>= 1.0.0", jquery@>=1.7, jquery@>=1.7.0, jquery@^3.6.1:
+  version "3.6.1"
+  resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.1.tgz#fab0408f8b45fc19f956205773b62b292c147a16"
+  integrity sha512-opJeO4nCucVnsjiXOE+/PcCgYw9Gwpvs/a6B1LL/lQhwWwpbVEVYDZ1FokFr8PRc7ghYlrFPuyHuiiDNTQxmcw==
 
-jszip@^3.10.0:
-  version "3.10.0"
-  resolved "https://registry.yarnpkg.com/jszip/-/jszip-3.10.0.tgz#faf3db2b4b8515425e34effcdbb086750a346061"
-  integrity sha512-LDfVtOLtOxb9RXkYOwPyNBTQDL4eUbqahtoY6x07GiDJHwSYvn8sHHIw8wINImV3MqbMNve2gSuM1DDqEKk09Q==
+jszip@^3.10.1:
+  version "3.10.1"
+  resolved "https://registry.yarnpkg.com/jszip/-/jszip-3.10.1.tgz#34aee70eb18ea1faec2f589208a157d1feb091c2"
+  integrity sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==
   dependencies:
     lie "~3.3.0"
     pako "~1.0.2"
@@ -754,10 +754,10 @@ [email protected]:
   dependencies:
     sourcemap-codec "^1.4.1"
 
-marked@^4.0.10:
-  version "4.0.10"
-  resolved "https://registry.yarnpkg.com/marked/-/marked-4.0.10.tgz#423e295385cc0c3a70fa495e0df68b007b879423"
-  integrity sha512-+QvuFj0nGgO970fySghXGmuw+Fd0gD2x3+MqCWLIPf5oxdv1Ka6b2q+z9RP01P/IaKPMEramy+7cNy/Lw8c3hw==
+marked@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/marked/-/marked-4.1.0.tgz#3fc6e7485f21c1ca5d6ec4a39de820e146954796"
+  integrity sha512-+Z6KDjSPa6/723PQYyc1axYZpYYpDnECDaU6hkaf5gqBieBkMKYReL5hteF2QizhlMbgbo8umXl/clZ67+GlsA==
 
 [email protected]:
   version "1.0.4"
@@ -845,10 +845,10 @@ path-parse@^1.0.6:
   resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735"
   integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==
 
-pdfmake@^0.2.5:
-  version "0.2.5"
-  resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.5.tgz#48b17670d69dae3860a5d8721ff12f7988140613"
-  integrity sha512-NlayjehMtuZEdw2Lyipf/MxOCR2vATZQ7jn8cH0/dHwsNb+mqof9/6SW4jZT5p+So4qz+0mD21KG81+dDQSEhA==
+pdfmake@^0.2.6:
+  version "0.2.6"
+  resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.6.tgz#322d6ef94e2503d29353529286e452c801921966"
+  integrity sha512-gZARnKLJjTuHWKIkqF4G6dafIaPfH7NFqBz9U9wb26PV5koHQ5eeQ/0rgZmIdfJzMKqHzXB9aK25ykG2AnnzEQ==
   dependencies:
     "@foliojs-fork/linebreak" "^1.1.1"
     "@foliojs-fork/pdfkit" "^0.13.0"

dc-build.sh

@@ -1,4 +1,4 @@
-#/bin/bash
+#!/bin/bash
 
 bash ./docker/docker-compose-check.sh
 if [[ $? -eq 1 ]]; then exit 1; fi

dc-down.sh

@@ -1,4 +1,4 @@
-#/bin/bash
+#!/bin/bash
 
 bash ./docker/docker-compose-check.sh
 if [[ $? -eq 1 ]]; then exit 1; fi